Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: browser redirect/possible hijack

  1. 2014-09-12, 09:26 #1
    1oldman
    1oldman is offline
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default browser redirect/possible hijack

    hello again ken, you helped me with a couple malware problems last june and one of my computers has recently come down with browser issues i'll let you take a look at the logs and wait to see what you think. thanks
    Attached Files Attached Files
  2. 2014-09-12, 14:05 #2
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello Again,

    Sorry your still having problems, lets get to work, I prefer if you will copy and paste the logs from the tools we run into this thread in lieu of attaching them, if they all wont fit into one post then take as many posts as you need to post them all

    Download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Reset IE Proxy Settings


    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run


    ==============================================================



    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    ===============================================================================


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.




    ===============================================================================

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes


    ===============================================================================
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2014-09-13, 03:00 #3
    1oldman
    1oldman is offline
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default scan logs

    hello ken, i'm having a problem with the copy and paste part of this process. when i right click the file on my desktop i get the copy part no problem however i don't get the paste option on this page when i right click it. this is probably due to some simple thing i'm overlooking in the whole copy/paste process but no matter what i try i'm not able to get the paste option. if you have any suggestions about what i'm doing wrong i could sure use some advice. until then i guess attaching the files is my only option. sorry about that but i'm not having any luck otherwise. also i should add that my malbytes scan came up clean but the premium edition trial has expired and i won't be able to afford to purchase it until mid next week. it seems the scan results would be more comprehensive with the premium edition enabled. if we can keep this thread open until i get that squared away i'll forward that scan log. sorry about having to attach the logs i have but i'm hoping to figure out what i'm doing wrong in regards to the copy paste thing. thanks again
    Attached Files Attached Files
  4. 2014-09-13, 07:09 #4
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    When a log opens in windows notepad, all you have to do is open it, then up on the top click on EDIT > Select All.............Then EDIT > Copy and then come back to this thread and place your mouses cursor in the reply and right click and select Paste

    What we can do is remove Malwarebytes completely and reinstall a new copy, but lets bypass that for the moment, go ahead and run a new scan with FRST and post the logs as in your original log I saw some entries that need to be removed
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2014-09-13, 19:47 #5
    1oldman
    1oldman is offline
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Thumbs up FRST rescan

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
    Ran by me again (administrator) on MEAGAIN-PC on 13-09-2014 11:38:07
    Running from C:\Users\me again\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
    () C:\Program Files (x86)\SMINST\BLService.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    (CyberLink Corp.) C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1237288 2008-04-17] (Synaptics, Inc.)
    HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.)
    HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePDIRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-17] (Microsoft Corporation)
    HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
    HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
    HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\Run: [Google Update] => C:\Users\me again\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-16] (Google Inc.)
    HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\MountPoints2: {39c331c7-662a-11e3-98a1-806e6f6e6963} - E:\SETUP.EXE
    HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\MountPoints2: {fc31e674-679a-11e3-a808-001f16db3136} - F:\TL_Bootstrap.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=up97&ocid=up97dhp
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    SearchScopes: HKLM - {EB35F281-FFBD-4C40-AE7F-CE094CC85DBB} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.202.166

    FireFox:
    ========
    FF ProfilePath: C:\Users\me again\AppData\Roaming\Mozilla\Firefox\Profiles\z3ejlhx5.default
    FF SearchEngineOrder.3: Bing
    FF Homepage: about:home
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\me again\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\me again\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\me again\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\me again\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\me again\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\me again\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-12]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-15]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-09-13]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
    R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20140912.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140912.023\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140912.023\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
    S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
    R3 SRTSP; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-07-22] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2014-07-22] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2014-07-22] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-07-22] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-31] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2014-07-22] (Symantec Corporation)
    R1 SymNetS; C:\Windows\system32\drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-07-22] (Symantec Corporation)
    U4 eabfiltr; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-12 18:23 - 2014-09-12 18:23 - 00001094 _____ () C:\Users\me again\Desktop\AdwCleaner[S1].txt
    2014-09-12 17:23 - 2014-09-12 17:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-12 17:23 - 2014-09-12 17:23 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-09-12 17:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-09-12 17:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-09-12 17:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-09-12 17:19 - 2014-09-12 17:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\me again\Desktop\mbam-setup-2.0.2.1012(1).exe
    2014-09-12 16:44 - 2014-09-12 16:44 - 00000771 _____ () C:\Users\me again\Desktop\JRT.txt
    2014-09-12 16:19 - 2014-09-12 16:19 - 00000536 _____ () C:\Users\me again\Documents\Result.txt
    2014-09-12 16:14 - 2014-09-12 16:14 - 00000536 _____ () C:\Users\me again\Desktop\Result.txt
    2014-09-12 16:02 - 2014-09-12 16:02 - 01016261 _____ (Thisisu) C:\Users\me again\Desktop\JRT(1).exe
    2014-09-12 15:47 - 2014-09-12 15:47 - 01373475 _____ () C:\Users\me again\Desktop\AdwCleaner.exe
    2014-09-12 15:41 - 2014-09-12 15:42 - 00401920 _____ (Farbar) C:\Users\me again\Desktop\MiniToolBox.exe
    2014-09-12 12:55 - 2014-09-12 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-09-12 01:19 - 2014-09-12 01:19 - 00009986 _____ () C:\Users\me again\Desktop\FRST.zip
    2014-09-12 01:13 - 2014-09-12 01:04 - 00002909 _____ () C:\Users\me again\Desktop\aswMBR.txt
    2014-09-12 00:18 - 2014-09-12 00:18 - 05185536 _____ (AVAST Software) C:\Users\me again\Desktop\aswMBR(2).exe
    2014-09-12 00:11 - 2014-09-12 00:11 - 00277320 _____ () C:\Windows\Minidump\091214-65380-01.dmp
    2014-09-11 22:35 - 2014-09-11 22:36 - 00034261 _____ () C:\Users\me again\Desktop\Addition.txt
    2014-09-11 22:33 - 2014-09-13 11:38 - 00019053 _____ () C:\Users\me again\Desktop\FRST.txt
    2014-09-11 22:32 - 2014-09-13 11:38 - 00000000 ____D () C:\FRST
    2014-09-11 22:27 - 2014-09-11 22:27 - 02105856 _____ (Farbar) C:\Users\me again\Desktop\FRST64.exe
    2014-09-11 21:27 - 2014-09-11 21:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MEAGAIN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-09-11 21:25 - 2014-09-11 21:25 - 00002199 _____ () C:\Users\me again\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-11 21:25 - 2014-09-11 21:25 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-11 21:25 - 2014-09-11 21:25 - 00000000 ____D () C:\RegBackup
    2014-09-11 21:23 - 2014-09-11 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-09-11 21:21 - 2014-09-11 21:21 - 04057608 _____ () C:\Users\me again\Desktop\tweaking.com_registry_backup_setup.exe
    2014-09-11 14:18 - 2013-12-27 03:05 - 00001383 _____ () C:\Users\me again\Desktop\Spybot-S&D Start Center.lnk
    2014-09-10 23:22 - 2014-08-19 12:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-09-10 23:22 - 2014-08-19 11:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-09-10 23:22 - 2014-08-18 17:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-09-10 23:22 - 2014-08-18 16:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-09-10 23:22 - 2014-08-18 16:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-09-10 23:22 - 2014-08-18 16:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-09-10 23:22 - 2014-08-18 16:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-09-10 23:22 - 2014-08-18 16:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-09-10 23:22 - 2014-08-18 16:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-09-10 23:22 - 2014-08-18 16:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-09-10 23:22 - 2014-08-18 16:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-09-10 23:22 - 2014-08-18 16:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-09-10 23:22 - 2014-08-18 16:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-09-10 23:22 - 2014-08-18 16:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-09-10 23:22 - 2014-08-18 16:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-09-10 23:22 - 2014-08-18 16:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-09-10 23:22 - 2014-08-18 16:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-09-10 23:22 - 2014-08-18 16:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-09-10 23:22 - 2014-08-18 16:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-09-10 23:22 - 2014-08-18 15:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-09-10 23:22 - 2014-08-18 15:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-09-10 23:22 - 2014-08-18 15:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-09-10 23:22 - 2014-08-18 15:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-09-10 23:22 - 2014-08-18 15:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-09-10 23:22 - 2014-08-18 15:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-09-10 23:22 - 2014-08-18 15:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-09-10 23:22 - 2014-08-18 15:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-09-10 23:22 - 2014-08-18 15:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-09-10 23:22 - 2014-08-18 15:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-09-10 23:22 - 2014-08-18 15:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-09-10 23:22 - 2014-08-18 15:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-09-10 23:22 - 2014-08-18 15:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-09-10 23:22 - 2014-08-18 15:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-09-10 23:22 - 2014-08-18 15:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-09-10 23:22 - 2014-08-18 15:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-09-10 23:22 - 2014-08-18 15:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-09-10 23:22 - 2014-08-18 15:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-09-10 23:22 - 2014-08-18 15:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-09-10 23:22 - 2014-08-18 15:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-09-10 23:22 - 2014-08-18 15:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-09-10 23:22 - 2014-08-18 15:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-09-10 23:22 - 2014-08-18 15:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-09-10 23:22 - 2014-08-18 15:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-09-10 23:22 - 2014-08-18 15:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-09-10 23:22 - 2014-08-18 15:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-09-10 23:22 - 2014-08-18 15:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-09-10 23:22 - 2014-08-18 15:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-09-10 23:22 - 2014-08-18 15:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-09-10 23:22 - 2014-08-18 15:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-09-10 23:22 - 2014-08-18 15:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-09-10 23:22 - 2014-08-18 15:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-09-10 23:22 - 2014-08-18 14:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-09-10 23:22 - 2014-08-18 14:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-09-10 23:22 - 2014-08-18 14:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-09-10 23:22 - 2014-08-18 14:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-09-10 23:22 - 2014-08-18 14:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-09-10 23:13 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-09-10 23:13 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2014-09-10 08:46 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-09-10 08:46 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-09-10 08:45 - 2014-09-04 20:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-10 08:45 - 2014-09-04 20:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-10 08:45 - 2014-07-06 20:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-09-10 08:45 - 2014-07-06 20:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-09-10 08:45 - 2014-07-06 19:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-09-10 08:45 - 2014-07-06 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-09-10 08:45 - 2014-07-06 19:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-09-10 08:45 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-09-10 08:45 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2014-09-04 22:11 - 2014-09-04 22:11 - 00000000 ____D () C:\Users\me again\Documents\Wizard101
    2014-09-01 19:49 - 2014-09-01 19:49 - 00001865 _____ () C:\Users\me again\Desktop\Diablo II - Lord of Destruction.lnk
    2014-09-01 19:49 - 2014-09-01 19:49 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
    2014-09-01 19:25 - 2014-09-01 19:52 - 00039895 _____ () C:\Windows\DIIUnin.dat
    2014-09-01 19:25 - 2014-09-01 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
    2014-09-01 19:25 - 2014-09-01 19:25 - 00094208 _____ (Blizzard Entertainment) C:\Windows\DIIUnin.exe
    2014-09-01 19:25 - 2014-09-01 19:25 - 00002829 _____ () C:\Windows\DIIUnin.pif
    2014-09-01 19:25 - 2014-09-01 19:25 - 00001865 _____ () C:\Users\Public\Desktop\Diablo II.lnk
    2014-09-01 19:05 - 2014-09-01 19:52 - 00000000 ____D () C:\Program Files (x86)\Diablo II
    2014-09-01 17:53 - 2014-09-01 17:53 - 00003042 _____ () C:\Windows\System32\Tasks\{14583089-FF72-4AD6-8C26-59C6A48C7BC2}
    2014-08-31 20:38 - 2014-08-31 20:38 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
    2014-08-31 20:32 - 2014-08-31 20:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2014-08-31 20:32 - 2014-08-31 20:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2014-08-31 20:32 - 2014-08-31 20:32 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
    2014-08-31 20:32 - 2014-08-31 20:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-08-31 20:31 - 2014-08-31 20:31 - 00002537 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
    2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
    2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
    2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
    2014-08-31 19:41 - 2014-08-31 20:37 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    2014-08-31 19:41 - 2014-08-31 20:01 - 00001295 _____ () C:\Users\me again\Desktop\Norton Installation Files.lnk
    2014-08-31 19:40 - 2014-08-31 19:40 - 01021952 _____ (Symantec Corporation) C:\Users\me again\Downloads\NortonNISDownloader.exe
    2014-08-31 19:30 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-31 19:30 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-31 19:30 - 2014-08-22 18:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-17 00:14 - 2014-08-17 00:14 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
    2014-08-17 00:14 - 2014-08-17 00:14 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
    2014-08-17 00:14 - 2014-08-17 00:14 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
    2014-08-17 00:14 - 2014-08-17 00:14 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
    2014-08-17 00:13 - 2014-08-17 00:13 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
    2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
    2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-13 11:39 - 2014-09-11 22:33 - 00019053 _____ () C:\Users\me again\Desktop\FRST.txt
    2014-09-13 11:38 - 2014-09-11 22:32 - 00000000 ____D () C:\FRST
    2014-09-13 11:37 - 2009-07-13 22:51 - 09805811 _____ () C:\Windows\setupact.log
    2014-09-13 11:36 - 2013-12-16 18:53 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4223715504-2003630005-1617583475-1000UA.job
    2014-09-13 11:34 - 2009-04-20 18:13 - 00003668 _____ () C:\Windows\System32\Tasks\HP Health Check
    2014-09-13 11:31 - 2013-12-16 03:24 - 00000290 _____ () C:\ProgramData\hpqp.ini
    2014-09-13 11:30 - 2013-12-16 09:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-13 11:12 - 2013-12-16 09:42 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-13 11:06 - 2013-12-16 02:19 - 00019664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-13 11:06 - 2013-12-16 02:19 - 00019664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-13 11:05 - 2013-12-16 03:03 - 01632383 _____ () C:\Windows\WindowsUpdate.log
    2014-09-13 11:03 - 2013-12-16 18:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-09-13 10:58 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-12 20:36 - 2013-12-16 18:53 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4223715504-2003630005-1617583475-1000Core.job
    2014-09-12 18:23 - 2014-09-12 18:23 - 00001094 _____ () C:\Users\me again\Desktop\AdwCleaner[S1].txt
    2014-09-12 17:24 - 2014-09-12 17:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-12 17:23 - 2014-09-12 17:23 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-09-12 17:20 - 2014-09-12 17:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\me again\Desktop\mbam-setup-2.0.2.1012(1).exe
    2014-09-12 16:44 - 2014-09-12 16:44 - 00000771 _____ () C:\Users\me again\Desktop\JRT.txt
    2014-09-12 16:27 - 2013-12-16 02:48 - 00873208 _____ () C:\Windows\PFRO.log
    2014-09-12 16:27 - 2013-12-15 21:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-09-12 16:25 - 2014-06-16 19:40 - 00000000 ____D () C:\AdwCleaner
    2014-09-12 16:19 - 2014-09-12 16:19 - 00000536 _____ () C:\Users\me again\Documents\Result.txt
    2014-09-12 16:14 - 2014-09-12 16:14 - 00000536 _____ () C:\Users\me again\Desktop\Result.txt
    2014-09-12 16:02 - 2014-09-12 16:02 - 01016261 _____ (Thisisu) C:\Users\me again\Desktop\JRT(1).exe
    2014-09-12 15:47 - 2014-09-12 15:47 - 01373475 _____ () C:\Users\me again\Desktop\AdwCleaner.exe
    2014-09-12 15:42 - 2014-09-12 15:41 - 00401920 _____ (Farbar) C:\Users\me again\Desktop\MiniToolBox.exe
    2014-09-12 15:36 - 2014-04-17 20:54 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Skype
    2014-09-12 12:55 - 2014-09-12 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-09-12 01:19 - 2014-09-12 01:19 - 00009986 _____ () C:\Users\me again\Desktop\FRST.zip
    2014-09-12 01:04 - 2014-09-12 01:13 - 00002909 _____ () C:\Users\me again\Desktop\aswMBR.txt
    2014-09-12 00:18 - 2014-09-12 00:18 - 05185536 _____ (AVAST Software) C:\Users\me again\Desktop\aswMBR(2).exe
    2014-09-12 00:11 - 2014-09-12 00:11 - 00277320 _____ () C:\Windows\Minidump\091214-65380-01.dmp
    2014-09-12 00:11 - 2013-12-17 22:13 - 00000000 ____D () C:\Windows\Minidump
    2014-09-12 00:10 - 2013-12-15 21:28 - 1085367084 _____ () C:\Windows\MEMORY.DMP
    2014-09-11 22:36 - 2014-09-11 22:35 - 00034261 _____ () C:\Users\me again\Desktop\Addition.txt
    2014-09-11 22:27 - 2014-09-11 22:27 - 02105856 _____ (Farbar) C:\Users\me again\Desktop\FRST64.exe
    2014-09-11 21:27 - 2014-09-11 21:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MEAGAIN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-09-11 21:25 - 2014-09-11 21:25 - 00002199 _____ () C:\Users\me again\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-11 21:25 - 2014-09-11 21:25 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-11 21:25 - 2014-09-11 21:25 - 00000000 ____D () C:\RegBackup
    2014-09-11 21:23 - 2014-09-11 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-09-11 21:21 - 2014-09-11 21:21 - 04057608 _____ () C:\Users\me again\Desktop\tweaking.com_registry_backup_setup.exe
    2014-09-11 14:19 - 2013-12-27 03:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-09-11 11:24 - 2013-12-16 09:42 - 00000000 ____D () C:\Users\me again\AppData\Local\Google
    2014-09-11 11:24 - 2013-12-16 09:42 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-09-10 23:20 - 2013-12-21 02:45 - 00774256 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-09-10 23:20 - 2009-07-13 23:13 - 00774256 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-10 23:18 - 2013-12-15 19:51 - 00000000 ____D () C:\Windows\system32\MRT
    2014-09-10 23:14 - 2013-12-16 05:10 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-09-10 23:13 - 2014-05-06 22:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-09-09 22:04 - 2013-12-16 18:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-09 22:04 - 2013-12-16 18:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-09 22:04 - 2013-12-16 18:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-09 12:48 - 2013-12-17 15:39 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-09-04 22:11 - 2014-09-04 22:11 - 00000000 ____D () C:\Users\me again\Documents\Wizard101
    2014-09-04 20:10 - 2014-09-10 08:45 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-04 20:05 - 2014-09-10 08:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-03 11:35 - 2014-02-16 20:30 - 00000000 ____D () C:\Users\me again\Desktop\rio rango
    2014-09-02 18:23 - 2014-01-05 18:04 - 00000000 ____D () C:\Users\me again\AppData\Roaming\HpUpdate
    2014-09-01 19:59 - 2013-12-15 16:47 - 00000000 ____D () C:\Users\me again\AppData\Local\VirtualStore
    2014-09-01 19:52 - 2014-09-01 19:25 - 00039895 _____ () C:\Windows\DIIUnin.dat
    2014-09-01 19:52 - 2014-09-01 19:05 - 00000000 ____D () C:\Program Files (x86)\Diablo II
    2014-09-01 19:50 - 2014-01-15 20:29 - 00021840 ____T () C:\Windows\SysWOW64\SIntfNT.dll
    2014-09-01 19:50 - 2014-01-15 20:29 - 00017212 ____T () C:\Windows\SysWOW64\SIntf32.dll
    2014-09-01 19:50 - 2014-01-15 20:29 - 00012067 ____T () C:\Windows\SysWOW64\SIntf16.dll
    2014-09-01 19:49 - 2014-09-01 19:49 - 00001865 _____ () C:\Users\me again\Desktop\Diablo II - Lord of Destruction.lnk
    2014-09-01 19:49 - 2014-09-01 19:49 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
    2014-09-01 19:49 - 2014-09-01 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
    2014-09-01 19:39 - 2014-05-24 14:50 - 00000000 ____D () C:\Users\me again\AppData\Local\CrashDumps
    2014-09-01 19:26 - 2014-01-15 19:34 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2014-09-01 19:25 - 2014-09-01 19:25 - 00094208 _____ (Blizzard Entertainment) C:\Windows\DIIUnin.exe
    2014-09-01 19:25 - 2014-09-01 19:25 - 00002829 _____ () C:\Windows\DIIUnin.pif
    2014-09-01 19:25 - 2014-09-01 19:25 - 00001865 _____ () C:\Users\Public\Desktop\Diablo II.lnk
    2014-09-01 17:53 - 2014-09-01 17:53 - 00003042 _____ () C:\Windows\System32\Tasks\{14583089-FF72-4AD6-8C26-59C6A48C7BC2}
    2014-09-01 00:57 - 2009-07-13 22:45 - 00351024 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-31 21:09 - 2013-12-16 02:24 - 00000000 ____D () C:\Users\me again
    2014-08-31 21:08 - 2014-02-08 00:03 - 00000000 ____D () C:\Users\me again\AppData\Local\QuickPlay
    2014-08-31 21:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
    2014-08-31 20:59 - 2006-11-02 06:34 - 00899844 ____R () C:\Windows\system32\Drivers\etc\hosts.20140911-142250.backup
    2014-08-31 20:38 - 2014-08-31 20:38 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
    2014-08-31 20:37 - 2014-08-31 19:41 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    2014-08-31 20:37 - 2009-04-20 16:47 - 00000000 ____D () C:\ProgramData\Norton
    2014-08-31 20:34 - 2013-12-15 19:04 - 00000000 ____D () C:\Users\me again\Documents\Symantec
    2014-08-31 20:32 - 2014-08-31 20:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2014-08-31 20:32 - 2014-08-31 20:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2014-08-31 20:32 - 2014-08-31 20:32 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
    2014-08-31 20:32 - 2014-08-31 20:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-08-31 20:31 - 2014-08-31 20:31 - 00002537 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
    2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
    2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
    2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
    2014-08-31 20:01 - 2014-08-31 19:41 - 00001295 _____ () C:\Users\me again\Desktop\Norton Installation Files.lnk
    2014-08-31 19:41 - 2014-02-23 02:10 - 00000000 ____D () C:\Users\Public\Downloads\Norton
    2014-08-31 19:40 - 2014-08-31 19:40 - 01021952 _____ (Symantec Corporation) C:\Users\me again\Downloads\NortonNISDownloader.exe
    2014-08-27 18:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
    2014-08-27 08:41 - 2006-11-02 06:34 - 00899844 ____R () C:\Windows\system32\Drivers\etc\hosts.20140831-205926.backup
    2014-08-26 20:25 - 2009-04-20 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2014-08-22 20:07 - 2014-08-31 19:30 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-22 19:45 - 2014-08-31 19:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-22 18:59 - 2014-08-31 19:30 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-19 12:05 - 2014-09-10 23:22 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-19 11:39 - 2014-09-10 23:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-08-18 17:01 - 2014-09-10 23:22 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-18 16:29 - 2014-09-10 23:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-18 16:29 - 2014-09-10 23:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-18 16:26 - 2014-09-10 23:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-08-18 16:20 - 2014-09-10 23:22 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-18 16:19 - 2014-09-10 23:22 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-18 16:15 - 2014-09-10 23:22 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-18 16:15 - 2014-09-10 23:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-18 16:14 - 2014-09-10 23:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-18 16:14 - 2014-09-10 23:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-18 16:08 - 2014-09-10 23:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-08-18 16:08 - 2014-09-10 23:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-18 16:08 - 2014-09-10 23:22 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-18 16:05 - 2014-09-10 23:22 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-18 16:03 - 2014-09-10 23:22 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-18 16:03 - 2014-09-10 23:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-18 16:03 - 2014-09-10 23:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-18 15:57 - 2014-09-10 23:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-08-18 15:56 - 2014-09-10 23:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-18 15:51 - 2014-09-10 23:22 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-18 15:46 - 2014-09-10 23:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-08-18 15:45 - 2014-09-10 23:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-18 15:45 - 2014-09-10 23:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-08-18 15:44 - 2014-09-10 23:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-08-18 15:44 - 2014-09-10 23:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-08-18 15:42 - 2014-09-10 23:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-08-18 15:40 - 2014-09-10 23:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-18 15:39 - 2014-09-10 23:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-18 15:39 - 2014-09-10 23:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-08-18 15:39 - 2014-09-10 23:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-08-18 15:38 - 2014-09-10 23:22 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-18 15:37 - 2014-09-10 23:22 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-08-18 15:36 - 2014-09-10 23:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-08-18 15:35 - 2014-09-10 23:22 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-08-18 15:27 - 2014-09-10 23:22 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-08-18 15:25 - 2014-09-10 23:22 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-18 15:25 - 2014-09-10 23:22 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-18 15:23 - 2014-09-10 23:22 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-18 15:23 - 2014-09-10 23:22 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-18 15:22 - 2014-09-10 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-18 15:19 - 2014-09-10 23:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-08-18 15:17 - 2014-09-10 23:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-08-18 15:17 - 2014-09-10 23:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-08-18 15:16 - 2014-09-10 23:22 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-18 15:15 - 2014-09-10 23:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-08-18 15:15 - 2014-09-10 23:22 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-18 15:09 - 2014-09-10 23:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-08-18 15:08 - 2014-09-10 23:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-08-18 15:07 - 2014-09-10 23:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-08-18 14:55 - 2014-09-10 23:22 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-18 14:46 - 2014-09-10 23:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-08-18 14:38 - 2014-09-10 23:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-08-18 14:38 - 2014-09-10 23:22 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-08-18 14:36 - 2014-09-10 23:22 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-08-17 12:45 - 2013-12-16 03:24 - 00085088 _____ () C:\Users\me again\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-08-17 00:14 - 2014-08-17 00:14 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
    2014-08-17 00:14 - 2014-08-17 00:14 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
    2014-08-17 00:14 - 2014-08-17 00:14 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
    2014-08-17 00:14 - 2014-08-17 00:14 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
    2014-08-17 00:13 - 2014-08-17 00:13 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
    2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
    2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center

    Some content of TEMP:
    ====================
    C:\Users\me again\AppData\Local\Temp\binkw32.dll
    C:\Users\me again\AppData\Local\Temp\d2l_Install.exe
    C:\Users\me again\AppData\Local\Temp\d2l_PlayD2.exe
    C:\Users\me again\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
    C:\Users\me again\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\me again\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\me again\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-27 18:23

    ==================== End Of Log ============================
  6. 2014-09-13, 20:09 #6
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hey,

    How are ya doing ?

    You have FRST64 on your desktop, perfect, when you create this file just save it to your desktop (Important or the fix wont work ) then grab it with your mouse and drag in right next to FRST64, either above or below it but not right on top of it.

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64) either in a directory you saved frst.exe (or frst64.exe)or on your desktop if thats where you saved it

    Code:
    Start
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
2014-08-31 20:59 - 2006-11-02 06:34 - 00899844 ____R () C:\Windows\system32\Drivers\etc\hosts.20140911-142250.backup
Hosts:
EmptyTemp:
End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Then open FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    ==============================================================



    Then what you want to do is completely remove Malwarebytes from your computer via there removal tool

    Download MBAM Clean to your desktop and run it
    http://www.malwarebytes.org/mbam-clean.exe


    After you run it its important that you reboot your system to guarantee a complete clean

    Then go ahead and redownload , install and run the threat scan

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2014-09-14, 04:41 #7
    1oldman
    1oldman is offline
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Cool fix log

    hope this looks good, the malbytes reinstalled with no problems(that was cool), the scan came up clean so i won't include that log. the frst took me about 2 hours to get it to fix before i realized i had a . on the end of the file name that made a lot of difference. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
    Ran by me again at 2014-09-13 19:08:13 Run:1
    Running from C:\Users\me again\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    2014-08-31 20:59 - 2006-11-02 06:34 - 00899844 ____R () C:\Windows\system32\Drivers\etc\hosts.20140911-142250.backup
    Hosts:
    EmptyTemp:
    End
    *****************

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
    "HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
    C:\Windows\system32\Drivers\etc\hosts.20140911-142250.backup => Moved successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 291 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ==== wow this is cool the copy paste thing works great when you know how, thanks for the explanation
  8. 2014-09-14, 11:18 #8
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    How is your system behaving now ? Anything odd going on ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  9. 2014-09-14, 21:59 #9
    1oldman
    1oldman is offline
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Thumbs up huge improvement

    hey ken, hows it going? it seems the crapware issue is resolved, at least by all indications i can see. the only problem i came across was on the fox browser going to nbc news it wanted to do a redirect (there are reasons for a redirect sometimes but i never allow them without a good reason). that problem was resolved by changing to the spybot proxy settings. this is a good example of an old dog learning new tricks!. at any rate things are looking pretty good again, i'm actually very pleased that the computer went as long as it did without problems.(my wife is learning a lot about safe surfing), if we could leave this thread open for a few days to watch the machines behavior it would probably be a good plan. i will be in touch soon to let you know how things are going and to make sure its time to uninstall the tools used here thanks again and i'll be in touch soon.
  10. 2014-09-14, 22:15 #10
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Sounds good, post back in a few days and let me know how its going
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules