Solved Fake Google Chrome Process

Aoikoneko5683

Aoikoneko5683

Posts: 16   +0
I've read other forum post about this and this virus creates fake Google Chrome Process. When deleting the file, it auto generates the file back again. When ending the process, it reopens the process again which starts to make the computer slow and all.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/2/2014
Scan Time: 3:57:12 PM
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.02.07
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420630
Time Elapsed: 1 hr, 4 min, 43 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.67.2
Run by Chris at 17:06:14 on 2014-11-02
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.8086.3365 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\regsvr32.exe
C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\explorer.exe
C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe
C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe
C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe
C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe
C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe
C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe
C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe
C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Akamai NetSession Interface] "C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Viber] "C:\Users\Chris\AppData\Local\Viber\Viber.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Pdhgtojz] regsvr32.exe /s "C:\Users\Chris\AppData\Local\Razer\Pdhgtojz.dll"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{32B7C123-5996-4862-82F1-BD5DD07A3A9C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9B0F445B-0EB9-4A02-A990-F7E399B7E677} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9B0F445B-0EB9-4A02-A990-F7E399B7E677}\84F6D656E4564777F627B6 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{9B0F445B-0EB9-4A02-A990-F7E399B7E677}\D697177756374733730313 : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-2 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1506000.020\symds64.sys [2014-10-3 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1506000.020\symefa64.sys [2014-10-3 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [2014-10-27 1587416]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1506000.020\ccsetx64.sys [2014-10-3 162392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-4-8 283064]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20141101.001\IDSviA64.sys [2014-10-31 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1506000.020\ironx64.sys [2014-10-3 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1506000.020\symnets.sys [2014-10-3 593112]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-2 98208]
R2 AMPPALR3;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe [2014-10-3 276376]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-5-3 105448]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-2 1692480]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-2 2656280]
R3 AMPPAL;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-2-2 176096]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-2-2 212544]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-2-2 69184]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-2 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-20 129752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-2 412264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 ActionReplayDS;ActionReplayDS;C:\Windows\System32\drivers\ActionReplayDS_x64.sys [2014-2-24 51600]
S3 AMPPALP;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hxsyol;hxsyol;C:\Windows\System32\hxsy64.sys [2014-10-19 86352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-14 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-2-2 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-2 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-2 181760]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-2-2 250984]
S3 SdoKeyCrypt;SdoKeyCrypt;C:\Windows\SysWOW64\SdoKeyCrypt_x64.sys [2012-12-24 69560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-03 01:01:03 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8EABF79F-4507-430E-B693-3703267C60BB}\offreg.dll
2014-10-31 19:12:14 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8EABF79F-4507-430E-B693-3703267C60BB}\mpengine.dll
2014-10-21 06:19:57 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-21 06:19:43 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-21 06:19:43 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-21 06:19:43 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-21 06:19:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 03:29:42 -------- d-----w- C:\Program Files\CCleaner
2014-10-20 23:30:01 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-20 01:44:17 86352 ----a-w- C:\Windows\System32\hxsy64.sys
2014-10-20 01:44:17 29008 ----a-w- C:\Windows\System32\hxsken64.sys
2014-10-20 01:07:37 -------- d-----w- C:\Program Files (x86)\Aeria Games
2014-10-15 07:45:58 457400 ----a-w- C:\Windows\System32\ci.dll
2014-10-15 07:44:41 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-11 03:42:00 -------- d-----w- C:\Users\Chris\AppData\Local\Roblox
2014-10-11 03:40:55 -------- d-----w- C:\ProgramData\Roblox
2014-10-11 03:40:53 -------- d-----w- C:\Program Files (x86)\Roblox
2014-10-05 17:59:27 -------- d-----w- C:\Users\Chris\AppData\Local\ftblauncher
.
==================== Find3M ====================
.
2014-10-28 13:34:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 04:03:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 04:03:16 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-26 02:20:22 876248 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-06 19:48:16 266968 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\ironx64.sys
.
============= FINISH: 17:10:17.70 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/6/2012 2:55:42 PM
System Uptime: 11/2/2014 3:49:46 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0YH79Y
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 679 GiB total, 517.409 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP333: 10/24/2014 12:58:32 PM - Windows Update
RP334: 10/26/2014 7:00:15 PM - Windows Backup
RP335: 10/28/2014 4:45:40 AM - Windows Update
RP336: 10/31/2014 12:09:39 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Captivate Quiz Results Analyzer
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Help Manager
Adobe Reader X (10.1.12) MUI
Adobe Shockwave Player 12.1
Advanced Audio FX Engine
Aeria Ignite
Akamai NetSession Interface
Aura Kingdom
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Cisco Packet Tracer 5.3.3
Cozi
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Dora's World Adventure
DragonNest
Escape Whisper Valley (TM)
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
Free YouTube Download version 3.2.46.923
Free YouTube to MP3 Converter version 3.12.46.923
Google Toolbar for Internet Explorer
Google Update Helper
Happy Cloud Client
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Turbo Boost Technology Monitor 2.0
Intel(R) WiDi
Intel(R) Wireless Display
Java 7 Update 67
Java Auto Updater
Java SE Development Kit 7 Update 17 (64-bit)
Java(TM) 7 Update 1 (64-bit)
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
League of Legends
Luxor
Malwarebytes Anti-Malware version 2.0.3.1025
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft XNA Framework Redistributable 3.1
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Namco All-Stars PAC-MAN
Nero 10 Movie ThemePack Basic
Nero Blu-ray Player
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Nexon Game Manager
Norton Internet Security
NVIDIA PhysX
Open Broadcaster Software
osu!
Penguins!
PhotoShowExpress
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
puush
Quickset64
RaidCall
Razer Game Booster
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Recettear: An Item Shop's Tale
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samantha Swift
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Skype Click to Call
Skype? 6.21
Sonic CinePlayer Decoder Pack
swMSM
SyncUP
System Requirements Lab CYRI
Unity Web Player
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
VLC media player 2.1.3
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices (04/21/2009 2.40.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Zinio Reader 4
Zuma Deluxe
μTorrent
.
==== Event Viewer Messages From Past Week ========
.
11/2/2014 3:57:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/1/2014 10:07:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/1/2014 10:07:51 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/1/2014 10:07:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/31/2014 11:36:08 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.102. The computer with the IP address 192.168.0.107 did not allow the name to be claimed by this computer.
10/31/2014 10:59:20 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JESSICA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{32B7C123-5996-4862-82F1-BD5DD07A3A9C}. The master browser is stopping or an election is being forced.
10/30/2014 3:54:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
.
==== End Of File ===========================
 

Attachments

  • dds.txt
    27.5 KB · Views: 0
  • attach.txt
    8.6 KB · Views: 0
Welcome aboard


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chris [Administrator]
Mode : Scan -- Date : 11/02/2014 18:39:57
¤¤¤ Processes : 8 ¤¤¤
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermProc]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermProc]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermThr]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermThr]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermProc]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermThr]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermThr]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermThr]
¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Windows\CurrentVersion\Run | Viber : "C:\Users\Chris\AppData\Local\Viber\Viber.exe" -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Windows\CurrentVersion\Run | Pdhgtojz : regsvr32.exe /s "C:\Users\Chris\AppData\Local\Razer\Pdhgtojz.dll" -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Windows\CurrentVersion\Run | Viber : "C:\Users\Chris\AppData\Local\Viber\Viber.exe" -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Windows\CurrentVersion\Run | Pdhgtojz : regsvr32.exe /s "C:\Users\Chris\AppData\Local\Razer\Pdhgtojz.dll" -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] c4d441a27258bc95be2bbf548713c1b2
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 212992 | Size: 20000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 MB
User = LL1 ... OK
User = LL2 ... OK





RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chris [Administrator]
Mode : Delete -- Date : 11/02/2014 18:40:23
¤¤¤ Processes : 8 ¤¤¤
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermProc]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermProc]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermThr]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermThr]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermProc]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermThr]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermThr]
[Suspicious.Path] yrwfwdxvvyro.exe -- C:\Users\Chris\AppData\LocalLow\Sun\ikaefnwcrkv\diddgvw\yrwfwdxvvyro.exe[7] -> Killed [TermThr]
¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Windows\CurrentVersion\Run | Viber : "C:\Users\Chris\AppData\Local\Viber\Viber.exe" [x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Windows\CurrentVersion\Run | Pdhgtojz : regsvr32.exe /s "C:\Users\Chris\AppData\Local\Razer\Pdhgtojz.dll" [7][x][-] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Windows\CurrentVersion\Run | Viber : "C:\Users\Chris\AppData\Local\Viber\Viber.exe" -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Windows\CurrentVersion\Run | Pdhgtojz : regsvr32.exe /s "C:\Users\Chris\AppData\Local\Razer\Pdhgtojz.dll" -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Deleted
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] c4d441a27258bc95be2bbf548713c1b2
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 212992 | Size: 20000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_11022014_183957.log






Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.11.03.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
Chris :: SAMSCLUB-PC [administrator]
11/2/2014 6:44:08 PM
mbar-log-2014-11-02 (18-44-08).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 423811
Time elapsed: 52 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17358
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.491000 GHz
Memory total: 8478961664, free: 3376893952
Downloaded database version: v2014.11.03.02
Downloaded database version: v2014.11.01.02
=======================================
Initializing...
------------ Kernel report ------------
11/02/2014 18:43:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1506000.020\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1506000.020\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1506000.020\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20141101.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20141024.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\FLxHCIc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\FLxHCIh.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20141102.002\EX64.SYS
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20141102.002\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\user32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\msctf.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009669060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007726050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009669060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009669b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009669060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007726050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7F2837E
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 208782
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 212992 Numsec = 40960000
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 41172992 Numsec = 1423974128
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-212992-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


The fake google chrome processes are still creating when I end process them. Other than that, that's really it. The first two are from RogueKiller and the other two are from MalywareByte Anti-Rootkit
 
You were also infected with Poweliks malware.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Here is the report:

ComboFix 14-10-29.01 - Chris 2/2014 Sun 19:58:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.8086.4412 [GMT -8:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Mega Browse_iels
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Recent\akari_chen5 on Justin.tv.website
c:\users\Chris\AppData\Roaming\technic-launcher.jar
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-10-03 to 2014-11-03 )))))))))))))))))))))))))))))))
.
.
2014-11-03 04:16 . 2014-11-03 04:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-03 04:16 . 2014-11-03 04:16 -------- d-----w- c:\users\Sams Club\AppData\Local\temp
2014-11-03 04:16 . 2014-11-03 04:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-11-03 04:04 . 2014-11-03 04:04 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EABF79F-4507-430E-B693-3703267C60BB}\offreg.dll
2014-11-03 02:43 . 2014-11-03 03:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-03 02:31 . 2014-11-03 02:31 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-03 02:31 . 2014-11-03 02:31 -------- d-----w- c:\programdata\RogueKiller
2014-10-31 19:12 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EABF79F-4507-430E-B693-3703267C60BB}\mpengine.dll
2014-10-21 06:19 . 2014-11-03 02:43 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-21 06:19 . 2014-11-03 02:43 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-21 06:19 . 2014-10-01 18:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-21 06:19 . 2014-10-01 18:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-21 06:19 . 2014-10-21 06:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-21 03:29 . 2014-10-21 03:48 -------- d-----w- c:\program files\CCleaner
2014-10-20 23:30 . 2014-11-03 02:11 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-20 01:44 . 2014-10-20 01:44 86352 ----a-w- c:\windows\system32\hxsy64.sys
2014-10-20 01:44 . 2014-10-20 01:44 29008 ----a-w- c:\windows\system32\hxsken64.sys
2014-10-20 01:07 . 2014-10-20 01:07 -------- d-----w- c:\program files (x86)\Aeria Games
2014-10-15 07:45 . 2014-07-07 01:40 406016 ----a-w- c:\windows\SysWow64\drmmgrtn.dll
2014-10-15 07:44 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-11 03:42 . 2014-10-11 03:51 -------- d-----w- c:\users\Chris\AppData\Local\Roblox
2014-10-11 03:40 . 2014-10-11 03:40 -------- d-----w- c:\programdata\Roblox
2014-10-11 03:40 . 2014-10-11 03:40 -------- d-----w- c:\program files (x86)\Roblox
2014-10-05 17:59 . 2014-10-29 22:02 -------- d-----w- c:\users\Chris\AppData\Local\ftblauncher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 13:34 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-15 09:53 . 2012-12-03 03:45 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-10-01 07:51 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 07:51 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 04:03 . 2012-12-03 01:57 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 04:03 . 2012-02-02 20:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 22:11 . 2014-09-24 18:40 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 18:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-26 02:20 . 2014-10-03 19:02 876248 ----a-w- c:\windows\system32\drivers\NISx64\1506000.020\srtsp64.sys
2014-08-26 02:20 . 2014-10-03 19:02 37592 ----a-w- c:\windows\system32\drivers\NISx64\1506000.020\srtspx64.sys
2014-08-23 02:07 . 2014-08-28 17:20 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 17:20 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-14 18:31 . 2010-06-24 17:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-06 19:48 . 2014-10-03 19:02 266968 ----a-w- c:\windows\system32\drivers\NISx64\1506000.020\ironx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Chris\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-09-04 40336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
.
c:\users\Sams Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys;c:\windows\SYSNATIVE\Drivers\ActionReplayDS_x64.sys [x]
R3 AMPPALP;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hxsyol;hxsyol;c:\windows\system32\hxsy64.sys;c:\windows\SYSNATIVE\hxsy64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SDGame;SDGame;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 SdoKeyCrypt;SdoKeyCrypt;c:\windows\SysWOW64\SdoKeyCrypt_x64.sys;c:\windows\SysWOW64\SdoKeyCrypt_x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x]
R3 X6va022;X6va022;c:\windows\SysWOW64\Drivers\X6va022;c:\windows\SysWOW64\Drivers\X6va022 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20141024.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20141101.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20141101.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1506000.020\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-03 04:03]
.
2014-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03 22:28]
.
2014-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03 22:28]
.
2014-11-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2014-10-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-14 6629480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - (no file)
Toolbar-Locked - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
AddRemove-UnityWebPlayer - c:\users\Chris\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32;c:\program files (x86)\Norton Internet Security\Engine64\21.6.0.32"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va021]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va022]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va022"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3391884449-3990888759-632931750-1002_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-02 20:33:13
ComboFix-quarantined-files.txt 2014-11-03 04:33
.
Pre-Run: 558,053,150,720 bytes free
Post-Run: 560,508,194,816 bytes free
.
- - End Of File - - B20330E9E35F664F5AEEE354160ED793


Everything is the same, fake google chrome still here.
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
# AdwCleaner v3.311 - Report created 02/11/2014 at 20:53:50
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chris - SAMSCLUB-PC
# Running from : C:\Users\Chris\Desktop\adwcleaner_3.311.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\Mega Browse
***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Softonic
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344

*************************
AdwCleaner[R0].txt - [2435 octets] - [02/11/2014 20:46:42]
AdwCleaner[R1].txt - [2495 octets] - [02/11/2014 20:53:08]
AdwCleaner[S0].txt - [2416 octets] - [02/11/2014 20:53:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2476 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Home Premium x64
Ran by Chris on 11/02/2014 Sun at 21:00:06.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/02/2014 Sun at 21:02:54.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Chris (administrator) on SAMSCLUB-PC on 02-11-2014 21:03:17
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Akamai Technologies, Inc.) C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Akamai Technologies, Inc.) C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-14] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3391884449-3990888759-632931750-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3391884449-3990888759-632931750-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
Startup: C:\Users\Sams Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3391884449-3990888759-632931750-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6599DB8C-F6FF-4289-BCAA-9BB1C9D7357B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
SearchScopes: HKCU - {258B635C-1F58-46C5-BE10-F555056D34A0} URL =
SearchScopes: HKCU - {6599DB8C-F6FF-4289-BCAA-9BB1C9D7357B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Chris\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-11-02]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-08] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69184 2011-09-05] (Fresco Logic)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2014-10-19] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20141101.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20141102.002\ENG64.SYS [129752 2014-10-17] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20141102.002\EX64.SYS [2137304 2014-10-17] (Symantec Corporation)
S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SdoKeyCrypt; C:\Windows\SysWOW64\SdoKeyCrypt_x64.sys [69560 2012-07-25] (盛大网络)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-03-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-02] ()
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [54200 2012-09-26] (Thesycon GmbH, Germany)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-02 21:03 - 2014-11-02 21:03 - 00020622 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-11-02 21:03 - 2014-11-02 21:03 - 00000000 ____D () C:\FRST
2014-11-02 21:02 - 2014-11-02 21:02 - 00001295 _____ () C:\Users\Chris\Desktop\JRT.txt
2014-11-02 21:00 - 2014-11-02 21:00 - 00000000 ____D () C:\Windows\ERUNT
2014-11-02 20:56 - 2014-11-02 20:56 - 00002560 _____ () C:\Users\Chris\Desktop\AdwCleaner[S0].txt
2014-11-02 20:46 - 2014-11-02 20:53 - 00000000 ____D () C:\AdwCleaner
2014-11-02 20:45 - 2014-11-02 20:45 - 02114560 _____ (Farbar) C:\Users\Chris\Desktop\frst64.exe
2014-11-02 20:43 - 2014-11-02 20:43 - 01706359 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe
2014-11-02 20:43 - 2014-11-02 20:43 - 01375089 _____ () C:\Users\Chris\Desktop\adwcleaner_3.311.exe
2014-11-02 20:33 - 2014-11-02 20:33 - 00025735 _____ () C:\ComboFix.txt
2014-11-02 19:56 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-02 19:56 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-02 19:56 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-02 19:56 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-02 19:56 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-02 19:56 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-02 19:56 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-02 19:56 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-02 19:55 - 2014-11-02 20:34 - 00000000 ____D () C:\Qoobox
2014-11-02 19:54 - 2014-11-02 20:29 - 00000000 ____D () C:\Windows\erdnt
2014-11-02 19:51 - 2014-11-02 19:54 - 05591672 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe
2014-11-02 18:43 - 2014-11-02 19:40 - 00000000 ____D () C:\Users\Chris\Desktop\mbar
2014-11-02 18:43 - 2014-11-02 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-02 18:41 - 2014-11-02 18:41 - 00004380 _____ () C:\Users\Chris\Desktop\RKreport_DEL_11022014_184023.log
2014-11-02 18:36 - 2014-11-02 18:36 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Chris\Desktop\mbar-1.07.0.1012.exe
2014-11-02 18:31 - 2014-11-02 18:31 - 14670424 _____ () C:\Users\Chris\Desktop\RogueKiller.exe
2014-11-02 18:31 - 2014-11-02 18:31 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-02 18:31 - 2014-11-02 18:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-02 17:25 - 2014-11-02 17:28 - 00000000 ____D () C:\Users\Chris\Desktop\folder of junk
2014-11-02 17:10 - 2014-11-02 17:10 - 00028133 _____ () C:\Users\Chris\Desktop\dds.txt
2014-11-02 17:10 - 2014-11-02 17:10 - 00008817 _____ () C:\Users\Chris\Desktop\attach.txt
2014-10-30 22:41 - 2014-10-30 22:41 - 00000438 _____ () C:\Users\Chris\Desktop\2P.com Is Recruiting Writers! - news - 2P.com.website
2014-10-20 22:19 - 2014-11-02 18:43 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 22:19 - 2014-11-02 18:43 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 22:19 - 2014-10-20 22:19 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-20 22:19 - 2014-10-20 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-20 22:19 - 2014-10-20 22:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 22:19 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 22:19 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-20 19:29 - 2014-10-20 19:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-20 15:30 - 2014-11-02 21:02 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-19 17:44 - 2014-10-19 17:44 - 00086352 _____ () C:\Windows\system32\hxsy64.sys
2014-10-19 17:44 - 2014-10-19 17:44 - 00029008 _____ () C:\Windows\system32\hxsken64.sys
2014-10-19 17:07 - 2014-10-19 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-10-19 17:07 - 2014-10-19 17:07 - 00000000 ____D () C:\Program Files (x86)\Aeria Games
2014-10-18 15:57 - 2014-10-25 20:14 - 00000084 _____ () C:\Users\Chris\.atl.properties
2014-10-16 20:06 - 2014-10-16 20:35 - 00000000 ____D () C:\Users\Chris\Desktop\Dragon Nest
2014-10-14 23:46 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 23:46 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 23:46 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 23:46 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 23:46 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 23:46 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 23:46 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 23:46 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 23:46 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 23:46 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 23:46 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 23:46 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 23:46 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 23:46 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 23:46 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 23:46 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 23:46 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 23:46 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 23:46 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 23:45 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 23:45 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 23:45 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 23:45 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 23:45 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 23:45 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 23:45 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 23:45 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 23:45 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 23:45 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 23:45 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 23:45 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 23:45 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 23:45 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 23:45 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 23:45 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 23:45 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 23:45 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 23:45 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 23:45 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 23:45 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 23:45 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 23:45 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 23:45 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 23:45 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 23:45 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 23:45 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 23:45 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 23:45 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 23:45 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 23:45 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 23:45 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 23:45 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 23:45 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 23:45 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 23:45 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 23:45 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 23:45 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 23:45 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 23:45 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 23:45 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 23:45 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 23:45 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 23:45 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 23:45 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 23:45 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 23:45 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 23:45 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 23:45 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 23:45 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 23:45 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 23:45 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 23:45 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 23:45 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 23:45 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 23:45 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 23:45 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 23:45 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 23:45 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 23:45 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 23:45 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 23:45 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 23:45 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 23:45 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 23:45 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 23:45 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 23:45 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 23:45 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 23:45 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 23:45 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 23:45 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 23:45 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 23:45 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 23:45 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 23:45 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 23:45 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 23:45 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 23:45 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 23:45 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 23:45 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 23:45 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 23:45 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 23:45 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 23:45 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 23:45 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 23:45 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 23:45 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 23:45 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 23:45 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 23:45 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 23:45 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 23:45 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 23:45 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 23:45 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 23:44 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 23:44 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 23:44 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 23:44 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 23:44 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 23:44 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 23:44 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 23:44 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 23:44 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 23:44 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 23:44 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 23:44 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 23:44 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 23:44 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 23:44 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 23:44 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 23:44 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 23:44 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 23:44 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 23:44 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 23:44 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 23:44 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-10 19:47 - 2014-10-10 19:47 - 00000000 ____D () C:\Users\Chris\Documents\ROBLOX
2014-10-10 19:42 - 2014-10-10 19:51 - 00000000 ____D () C:\Users\Chris\AppData\Local\Roblox
2014-10-10 19:40 - 2014-10-10 19:40 - 00000000 ____D () C:\ProgramData\Roblox
2014-10-10 19:40 - 2014-10-10 19:40 - 00000000 ____D () C:\Program Files (x86)\Roblox
2014-10-05 09:59 - 2014-10-29 14:02 - 00000000 ____D () C:\Users\Chris\AppData\Local\ftblauncher
2014-10-04 09:24 - 2014-10-04 09:24 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
 
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-02 21:03 - 2012-12-02 17:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 21:02 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 21:02 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 20:59 - 2012-02-02 14:26 - 01341544 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 20:55 - 2014-03-26 19:07 - 00093138 _____ () C:\Windows\setupact.log
2014-11-02 20:55 - 2012-12-02 17:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 20:55 - 2012-02-02 13:20 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-02 20:55 - 2012-02-02 13:20 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-02 20:55 - 2012-02-02 13:16 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-02 20:55 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 20:54 - 2010-11-20 19:47 - 08040128 _____ () C:\Windows\PFRO.log
2014-11-02 20:33 - 2014-04-22 14:03 - 00000000 ____D () C:\Users\dub_cm_auto
2014-11-02 20:33 - 2012-12-02 17:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 20:33 - 2009-07-13 19:20 - 00000000 ____D () C:\Users\Default
2014-11-02 20:17 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-02 18:00 - 2012-07-06 13:58 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-11-02 17:34 - 2013-01-19 22:00 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype
2014-11-02 17:31 - 2012-12-02 18:53 - 00000000 ____D () C:\Users\Chris\AppData\Local\Nero
2014-11-02 17:29 - 2014-06-10 19:43 - 00000000 ____D () C:\Users\Chris\Desktop\labs for cisco
2014-11-02 17:28 - 2013-10-11 21:29 - 00000000 ____D () C:\Users\Chris\Desktop\homework
2014-11-02 17:27 - 2014-10-01 11:52 - 00000000 ____D () C:\Users\Chris\Desktop\college homeworks stuff adf
2014-11-02 16:00 - 2012-02-02 13:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-11-02 15:56 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 15:48 - 2012-12-02 18:03 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-11-02 15:48 - 2012-12-02 17:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-02 15:16 - 2014-01-08 13:05 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-11-02 15:13 - 2013-07-15 18:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\Razer
2014-11-02 15:12 - 2013-10-09 11:42 - 00000000 ____D () C:\Users\Chris\AppData\Local\LogMeIn
2014-11-02 15:12 - 2013-09-27 18:42 - 00000000 ____D () C:\Users\Chris\AppData\Local\Deployment
2014-11-02 12:54 - 2013-08-29 15:02 - 00000000 ____D () C:\Program Files (x86)\puush
2014-10-30 14:54 - 2012-02-02 13:44 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-28 05:34 - 2010-11-20 19:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 08:20 - 2012-07-06 13:58 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-10-23 06:08 - 2013-02-02 12:26 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2014-10-21 15:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\IME
2014-10-20 23:21 - 2013-07-06 17:56 - 00000725 _____ () C:\Users\Chris\Desktop\❝ Chasing Dreams MEPs ❞ - YouTube.website
2014-10-20 22:13 - 2014-03-26 17:29 - 00000000 ____D () C:\Users\Chris\AppData\Local\NPE
2014-10-19 17:21 - 2013-12-23 12:30 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-10-19 17:21 - 2013-01-05 23:19 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-19 17:08 - 2013-12-21 17:08 - 00000000 ____D () C:\AeriaGames
2014-10-19 09:23 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-18 15:57 - 2012-12-02 18:00 - 00000000 ____D () C:\Users\Chris
2014-10-18 14:28 - 2012-12-02 17:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 14:28 - 2012-12-02 17:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 20:35 - 2012-12-02 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-10-16 20:30 - 2012-12-02 19:18 - 00000000 ____D () C:\Nexon
2014-10-16 06:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 10:19 - 2009-07-13 20:45 - 05080904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 10:17 - 2014-08-02 14:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 10:17 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 10:17 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:17 - 2013-07-18 02:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 01:53 - 2012-12-02 19:45 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 05:40 - 2012-02-02 13:18 - 00000000 ____D () C:\ProgramData\Skype
2014-10-06 20:28 - 2014-05-17 11:20 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\vlc
2014-10-06 18:01 - 2009-07-13 21:08 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-05 22:00 - 2013-12-30 00:10 - 00000751 _____ () C:\Users\Chris\Desktop\▶ 卒業メモリーズ~サヨナラ、あなた~~~沢井美空 - YouTube.website
2014-10-05 16:04 - 2013-04-13 11:01 - 00000000 ____D () C:\Users\Chris\AppData\Local\Akamai
2014-10-05 10:01 - 2013-04-07 12:20 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\ftblauncher
2014-10-04 09:18 - 2014-05-17 17:43 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-04 09:18 - 2014-03-26 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-10-04 09:18 - 2013-12-27 10:21 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Chris\jagex_cl_oldschool_LIVE.dat
C:\Users\Chris\jagex_cl_runescape_LIVE.dat
C:\Users\Chris\random.dat
Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 06:26
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Chris at 2014-11-02 21:04:08
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Captivate Quiz Results Analyzer (HKLM-x32\...\QuizResultsAnalyzer.C0CA58D26EB27EF0DDD094CE3C4337F3360F5EE2.1) (Version: 6.0 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version: - )
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{6DA891AB-4D45-4BA6-B656-F02391204661}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version: - Cisco Systems, Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DragonNest (HKLM-x32\...\DragonNest) (Version: - )
Escape Whisper Valley (TM) (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube Download version 3.2.46.923 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.6-1.0.8500.17 - raidcall.com)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6353 - Realtek Semiconductor Corp.)
Recettear: An Item Shop's Tale (HKLM-x32\...\Recettear: An Item Shop's Tale_is1) (Version: - )
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Datel Design & Development (usbio) USBIOControlledDevices (04/21/2009 2.40.0.0) (HKLM\...\30853F7174C6EB267FDAABE50A369169D18DA611) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3391884449-3990888759-632931750-1002_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\shdocvw.dll (Microsoft Corporation)
==================== Restore Points =========================
27-10-2014 02:00:15 Windows Backup
28-10-2014 11:45:40 Windows Update
31-10-2014 19:09:39 Windows Update
03-11-2014 02:35:43 Before Everything
03-11-2014 03:00:35 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2014-11-02 20:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {176E4CB8-806B-4E9D-B1E1-47E28A1D3F78} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {20BA5BA9-6EFF-4C16-8B84-871971EF7254} - System32\Tasks\{2848C1E4-C295-44BD-BFC4-AE2076E8E357} => C:\Users\Chris\Desktop\aurakingdom_us_downloader.exe
Task: {2AB8EBE8-C641-42A0-8B89-6B3AC4D3F3A6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3791CDAD-3E7F-453A-8E5B-255717B929C6} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {4F8E0EEB-F7B7-4889-9AF6-80D04174C833} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {7DDBCD87-0DDB-4358-9E58-5268E00E8A4E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {81277CD1-05C0-4211-8420-82389CCAFB00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {A9AF0992-96B7-48B0-8659-A195FADFEF09} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {AE068BDA-E080-45A3-8462-1018D4FDBCB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {B6952E07-5B6A-47AC-A7AF-4A44038826D0} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {EBF0264F-61D2-44AB-B92C-160EDD106F07} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-20] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe
==================== Loaded Modules (whitelisted) =============
2011-11-01 10:58 - 2011-11-01 10:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-02-02 13:46 - 2011-07-20 05:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-01 10:58 - 2011-11-01 10:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-02-02 13:16 - 2011-09-22 08:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-08-21 13:20 - 2012-08-21 13:20 - 00067496 _____ () C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon-1013867100
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon-226476256
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon-226764382
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon-48845580
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon1299554784
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon1435249661
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon1817617921
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon2045553160
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon836895724
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon954441508
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:TASKICON_0favicon-1051331563
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:TASKICON_1favicon818190576
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:TASKICON_2favicon856924206
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:TASKICON_3favicon-778822629
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================
Administrator (S-1-5-21-3391884449-3990888759-632931750-500 - Administrator - Disabled)
Bob (S-1-5-21-3391884449-3990888759-632931750-1004 - Limited - Enabled)
Chris (S-1-5-21-3391884449-3990888759-632931750-1002 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3391884449-3990888759-632931750-501 - Limited - Disabled) => C:\Users\Guest
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-11-02 20:12:36.397
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-02 20:12:36.366
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8086.17 MB
Available physical RAM: 5861.87 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 13809.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:679 GB) (Free:521.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)
==================== End Of Log ============================
The fake google chrome processes are now gone~
 
Cool :)

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3 KB · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Chris at 2014-11-02 21:43:15 Run:1
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3391884449-3990888759-632931750-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {258B635C-1F58-46C5-BE10-F555056D34A0} URL =
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
C:\ProgramData\hash.dat
C:\Users\Chris\jagex_cl_oldschool_LIVE.dat
C:\Users\Chris\jagex_cl_runescape_LIVE.dat
C:\Users\Chris\random.dat
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon-1013867100
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon-226476256
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon-226764382
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon-48845580
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon1299554784
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon1435249661
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon1817617921
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon2045553160
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon836895724
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:DESTICON_favicon954441508
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:TASKICON_0favicon-1051331563
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:TASKICON_1favicon818190576
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:TASKICON_2favicon856924206
AlternateDataStreams: C:\Users\Chris\Desktop\Where the information for DragonNest lies.website:TASKICON_3favicon-778822629
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3391884449-3990888759-632931750-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{258B635C-1F58-46C5-BE10-F555056D34A0}" => Key deleted successfully.
"HKCR\CLSID\{258B635C-1F58-46C5-BE10-F555056D34A0}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => Key deleted successfully.
"HKCR\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => Key not found.
"HKCR\PROTOCOLS\Handler\cozi" => Key deleted successfully.
"HKCR\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F}" => Key not found.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
catchme => Service deleted successfully.
EagleX64 => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
X6va021 => Service deleted successfully.
X6va022 => Service deleted successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Chris\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Chris\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Chris\random.dat => Moved successfully.
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":DESTICON_favicon-1013867100" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":DESTICON_favicon-226476256" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":DESTICON_favicon-226764382" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":DESTICON_favicon-48845580" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":DESTICON_favicon1299554784" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":DESTICON_favicon1435249661" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":DESTICON_favicon1817617921" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":DESTICON_favicon2045553160" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":DESTICON_favicon836895724" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":DESTICON_favicon954441508" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":TASKICON_0favicon-1051331563" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":TASKICON_1favicon818190576" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":TASKICON_2favicon856924206" ADS removed successfully.
C:\Users\Chris\Desktop\Where the information for DragonNest lies.website => ":TASKICON_3favicon-778822629" ADS removed successfully.
==== End of Fixlog ====
 
How is computer doing?

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Internet Explorer users - Click on this link to open ESET OnlineScan.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
      [/LIST]
      [*]Check [I]"YES, I accept the Terms of Use."[/I]
      [*]Click the [b]Start[/b] button.
      [*]Accept any security warnings from your browser.
      [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
      [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark [I]"Use custom proxy settings"[/I]
      [*]Click the [b]Start[/b] button.
      [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      [*]When the scan completes, click [b]List Threats[/b]
      [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      [*]Click the [b]Back[/b] button.
      [*]Click the [b]Finish[/b] button.
      [/LIST]
 
Computer is doing great! It feels so much faster now, currently doing the ESET Online Scanner, once that is done, I'll be posting everything.
 
Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Adobe Flash Player 15.0.0.152
Adobe Reader 10.1.12 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````




Farbar Service Scanner Version: 21-07-2014
Ran by Chris (administrator) on 02-11-2014 at 22:00:17
Running from "C:\Users\Chris\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****
C:\Users\All Users\RogueKiller\Quarantine\92EBA264DFDD83E2.reg Win32/Poweliks.C trojan
C:\Users\All Users\RogueKiller\Quarantine\BF1854BD596E28FE.reg Win32/Poweliks.C trojan
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\ProgramData\RogueKiller\Quarantine\92EBA264DFDD83E2.reg Win32/Poweliks.C trojan cleaned by deleting - quarantined
C:\ProgramData\RogueKiller\Quarantine\BF1854BD596E28FE.reg Win32/Poweliks.C trojan cleaned by deleting - quarantined
C:\Users\Chris\AppData\Local\Deployment\Pdhgtojz.dll a variant of Win32/Kryptik.CPCI trojan cleaned by deleting - quarantined
C:\Users\Chris\AppData\Local\LogMeIn\Pdhgtojz.dll a variant of Win32/Kryptik.CPCI trojan cleaned by deleting - quarantined
C:\Users\Chris\AppData\Local\Razer\Pdhgtojz.dll a variant of Win32/Kryptik.CPCI trojan cleaned by deleting - quarantined
C:\Users\Chris\AppData\LocalLow\wmaddjv.dll a variant of Win32/Kryptik.CPCI trojan cleaned by deleting - quarantined

~
 
redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

=========================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thanks! I've already changed all my password/info's. Currently doing the last scan using Malwarebytes. My computer feels so much faster and safer now. Thanks for everything!
 
You must log in or register to reply here.

Similar threads

A
Google promotes new security requirements for HTTPS encryption providers
Replies
0
Views
83
Alfonso Maruccia
A
A
Chrome Manifest V3 blamed for security risks as EditThisCookie extension becomes a victim
Replies
6
Views
365
LimyG
LimyG
midian182
YouTube demonetizes fake movie trailer channels after investigation
Replies
12
Views
229
pmshop60
pmshop60

Latest posts

Back