PDA

View Full Version : browser redirect/possible hijack



1oldman
2014-09-12, 10:26
hello again ken, you helped me with a couple malware problems last june and one of my computers has recently come down with browser issues i'll let you take a look at the logs and wait to see what you think. thanks

ken545
2014-09-12, 15:05
Hello Again,

Sorry your still having problems, lets get to work, I prefer if you will copy and paste the logs from the tools we run into this thread in lieu of attaching them, if they all wont fit into one post then take as many posts as you need to post them all

Download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) and save it to your desktop and run it.

Checkmark following checkboxes:

Flush DNS
Reset IE Proxy Settings


Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run


==============================================================



-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



===============================================================================


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.




===============================================================================

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)


On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


===============================================================================

1oldman
2014-09-13, 04:00
hello ken, i'm having a problem with the copy and paste part of this process. when i right click the file on my desktop i get the copy part no problem however i don't get the paste option on this page when i right click it. this is probably due to some simple thing i'm overlooking in the whole copy/paste process but no matter what i try i'm not able to get the paste option. if you have any suggestions about what i'm doing wrong i could sure use some advice. until then i guess attaching the files is my only option. sorry about that but i'm not having any luck otherwise. also i should add that my malbytes scan came up clean but the premium edition trial has expired and i won't be able to afford to purchase it until mid next week. it seems the scan results would be more comprehensive with the premium edition enabled. if we can keep this thread open until i get that squared away i'll forward that scan log. sorry about having to attach the logs i have but i'm hoping to figure out what i'm doing wrong in regards to the copy paste thing. thanks again

ken545
2014-09-13, 08:09
Hi,

When a log opens in windows notepad, all you have to do is open it, then up on the top click on EDIT > Select All.............Then EDIT > Copy and then come back to this thread and place your mouses cursor in the reply and right click and select Paste

What we can do is remove Malwarebytes completely and reinstall a new copy, but lets bypass that for the moment, go ahead and run a new scan with FRST and post the logs as in your original log I saw some entries that need to be removed

1oldman
2014-09-13, 20:47
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by me again (administrator) on MEAGAIN-PC on 13-09-2014 11:38:07
Running from C:\Users\me again\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1237288 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-17] (Microsoft Corporation)
HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\Run: [Google Update] => C:\Users\me again\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-16] (Google Inc.)
HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\MountPoints2: {39c331c7-662a-11e3-98a1-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-4223715504-2003630005-1617583475-1000\...\MountPoints2: {fc31e674-679a-11e3-a808-001f16db3136} - F:\TL_Bootstrap.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=up97&ocid=up97dhp
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - {EB35F281-FFBD-4C40-AE7F-CE094CC85DBB} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.202.166

FireFox:
========
FF ProfilePath: C:\Users\me again\AppData\Roaming\Mozilla\Firefox\Profiles\z3ejlhx5.default
FF SearchEngineOrder.3: Bing
FF Homepage: about:home
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\me again\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\me again\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\me again\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\me again\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\me again\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\me again\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-09-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20140912.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140912.023\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20140912.023\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-07-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2014-07-22] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2014-07-22] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-07-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-31] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2014-07-22] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-07-22] (Symantec Corporation)
U4 eabfiltr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 18:23 - 2014-09-12 18:23 - 00001094 _____ () C:\Users\me again\Desktop\AdwCleaner[S1].txt
2014-09-12 17:23 - 2014-09-12 17:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 17:23 - 2014-09-12 17:23 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-12 17:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 17:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 17:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-12 17:19 - 2014-09-12 17:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\me again\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-09-12 16:44 - 2014-09-12 16:44 - 00000771 _____ () C:\Users\me again\Desktop\JRT.txt
2014-09-12 16:19 - 2014-09-12 16:19 - 00000536 _____ () C:\Users\me again\Documents\Result.txt
2014-09-12 16:14 - 2014-09-12 16:14 - 00000536 _____ () C:\Users\me again\Desktop\Result.txt
2014-09-12 16:02 - 2014-09-12 16:02 - 01016261 _____ (Thisisu) C:\Users\me again\Desktop\JRT(1).exe
2014-09-12 15:47 - 2014-09-12 15:47 - 01373475 _____ () C:\Users\me again\Desktop\AdwCleaner.exe
2014-09-12 15:41 - 2014-09-12 15:42 - 00401920 _____ (Farbar) C:\Users\me again\Desktop\MiniToolBox.exe
2014-09-12 12:55 - 2014-09-12 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 01:19 - 2014-09-12 01:19 - 00009986 _____ () C:\Users\me again\Desktop\FRST.zip
2014-09-12 01:13 - 2014-09-12 01:04 - 00002909 _____ () C:\Users\me again\Desktop\aswMBR.txt
2014-09-12 00:18 - 2014-09-12 00:18 - 05185536 _____ (AVAST Software) C:\Users\me again\Desktop\aswMBR(2).exe
2014-09-12 00:11 - 2014-09-12 00:11 - 00277320 _____ () C:\Windows\Minidump\091214-65380-01.dmp
2014-09-11 22:35 - 2014-09-11 22:36 - 00034261 _____ () C:\Users\me again\Desktop\Addition.txt
2014-09-11 22:33 - 2014-09-13 11:38 - 00019053 _____ () C:\Users\me again\Desktop\FRST.txt
2014-09-11 22:32 - 2014-09-13 11:38 - 00000000 ____D () C:\FRST
2014-09-11 22:27 - 2014-09-11 22:27 - 02105856 _____ (Farbar) C:\Users\me again\Desktop\FRST64.exe
2014-09-11 21:27 - 2014-09-11 21:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MEAGAIN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-11 21:25 - 2014-09-11 21:25 - 00002199 _____ () C:\Users\me again\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-11 21:25 - 2014-09-11 21:25 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-11 21:25 - 2014-09-11 21:25 - 00000000 ____D () C:\RegBackup
2014-09-11 21:23 - 2014-09-11 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-11 21:21 - 2014-09-11 21:21 - 04057608 _____ () C:\Users\me again\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-11 14:18 - 2013-12-27 03:05 - 00001383 _____ () C:\Users\me again\Desktop\Spybot-S&D Start Center.lnk
2014-09-10 23:22 - 2014-08-19 12:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:22 - 2014-08-19 11:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:22 - 2014-08-18 17:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:22 - 2014-08-18 16:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:22 - 2014-08-18 16:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:22 - 2014-08-18 16:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 23:22 - 2014-08-18 16:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:22 - 2014-08-18 16:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:22 - 2014-08-18 16:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:22 - 2014-08-18 16:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:22 - 2014-08-18 16:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:22 - 2014-08-18 16:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:22 - 2014-08-18 16:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:22 - 2014-08-18 16:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:22 - 2014-08-18 16:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:22 - 2014-08-18 16:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:22 - 2014-08-18 16:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:22 - 2014-08-18 16:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:22 - 2014-08-18 16:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:22 - 2014-08-18 15:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:22 - 2014-08-18 15:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:22 - 2014-08-18 15:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:22 - 2014-08-18 15:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 23:22 - 2014-08-18 15:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:22 - 2014-08-18 15:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:22 - 2014-08-18 15:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 23:22 - 2014-08-18 15:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 23:22 - 2014-08-18 15:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:22 - 2014-08-18 15:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:22 - 2014-08-18 15:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:22 - 2014-08-18 15:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:22 - 2014-08-18 15:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:22 - 2014-08-18 15:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:22 - 2014-08-18 15:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 23:22 - 2014-08-18 15:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 23:22 - 2014-08-18 15:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 23:22 - 2014-08-18 15:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:22 - 2014-08-18 15:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:22 - 2014-08-18 15:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:22 - 2014-08-18 15:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:22 - 2014-08-18 15:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:22 - 2014-08-18 15:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 23:22 - 2014-08-18 15:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:22 - 2014-08-18 15:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:22 - 2014-08-18 15:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:22 - 2014-08-18 15:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:22 - 2014-08-18 15:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:22 - 2014-08-18 15:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:22 - 2014-08-18 15:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:22 - 2014-08-18 15:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:22 - 2014-08-18 15:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 23:22 - 2014-08-18 14:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:22 - 2014-08-18 14:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:22 - 2014-08-18 14:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:22 - 2014-08-18 14:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:22 - 2014-08-18 14:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 23:13 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 23:13 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 08:46 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 08:46 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 08:45 - 2014-09-04 20:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 08:45 - 2014-09-04 20:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 08:45 - 2014-07-06 20:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 08:45 - 2014-07-06 20:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 08:45 - 2014-07-06 19:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 08:45 - 2014-07-06 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 08:45 - 2014-07-06 19:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 08:45 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 08:45 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-04 22:11 - 2014-09-04 22:11 - 00000000 ____D () C:\Users\me again\Documents\Wizard101
2014-09-01 19:49 - 2014-09-01 19:49 - 00001865 _____ () C:\Users\me again\Desktop\Diablo II - Lord of Destruction.lnk
2014-09-01 19:49 - 2014-09-01 19:49 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-09-01 19:25 - 2014-09-01 19:52 - 00039895 _____ () C:\Windows\DIIUnin.dat
2014-09-01 19:25 - 2014-09-01 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-09-01 19:25 - 2014-09-01 19:25 - 00094208 _____ (Blizzard Entertainment) C:\Windows\DIIUnin.exe
2014-09-01 19:25 - 2014-09-01 19:25 - 00002829 _____ () C:\Windows\DIIUnin.pif
2014-09-01 19:25 - 2014-09-01 19:25 - 00001865 _____ () C:\Users\Public\Desktop\Diablo II.lnk
2014-09-01 19:05 - 2014-09-01 19:52 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-09-01 17:53 - 2014-09-01 17:53 - 00003042 _____ () C:\Windows\System32\Tasks\{14583089-FF72-4AD6-8C26-59C6A48C7BC2}
2014-08-31 20:38 - 2014-08-31 20:38 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-08-31 20:32 - 2014-08-31 20:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-31 20:32 - 2014-08-31 20:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-31 20:32 - 2014-08-31 20:32 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-31 20:32 - 2014-08-31 20:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-31 20:31 - 2014-08-31 20:31 - 00002537 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-31 19:41 - 2014-08-31 20:37 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-08-31 19:41 - 2014-08-31 20:01 - 00001295 _____ () C:\Users\me again\Desktop\Norton Installation Files.lnk
2014-08-31 19:40 - 2014-08-31 19:40 - 01021952 _____ (Symantec Corporation) C:\Users\me again\Downloads\NortonNISDownloader.exe
2014-08-31 19:30 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 19:30 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-31 19:30 - 2014-08-22 18:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 00:14 - 2014-08-17 00:14 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-17 00:14 - 2014-08-17 00:14 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-17 00:14 - 2014-08-17 00:14 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-17 00:14 - 2014-08-17 00:14 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-17 00:13 - 2014-08-17 00:13 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 11:39 - 2014-09-11 22:33 - 00019053 _____ () C:\Users\me again\Desktop\FRST.txt
2014-09-13 11:38 - 2014-09-11 22:32 - 00000000 ____D () C:\FRST
2014-09-13 11:37 - 2009-07-13 22:51 - 09805811 _____ () C:\Windows\setupact.log
2014-09-13 11:36 - 2013-12-16 18:53 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4223715504-2003630005-1617583475-1000UA.job
2014-09-13 11:34 - 2009-04-20 18:13 - 00003668 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-09-13 11:31 - 2013-12-16 03:24 - 00000290 _____ () C:\ProgramData\hpqp.ini
2014-09-13 11:30 - 2013-12-16 09:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-13 11:12 - 2013-12-16 09:42 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-13 11:06 - 2013-12-16 02:19 - 00019664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 11:06 - 2013-12-16 02:19 - 00019664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 11:05 - 2013-12-16 03:03 - 01632383 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 11:03 - 2013-12-16 18:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-13 10:58 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 20:36 - 2013-12-16 18:53 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4223715504-2003630005-1617583475-1000Core.job
2014-09-12 18:23 - 2014-09-12 18:23 - 00001094 _____ () C:\Users\me again\Desktop\AdwCleaner[S1].txt
2014-09-12 17:24 - 2014-09-12 17:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 17:23 - 2014-09-12 17:23 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-12 17:20 - 2014-09-12 17:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\me again\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-09-12 16:44 - 2014-09-12 16:44 - 00000771 _____ () C:\Users\me again\Desktop\JRT.txt
2014-09-12 16:27 - 2013-12-16 02:48 - 00873208 _____ () C:\Windows\PFRO.log
2014-09-12 16:27 - 2013-12-15 21:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-12 16:25 - 2014-06-16 19:40 - 00000000 ____D () C:\AdwCleaner
2014-09-12 16:19 - 2014-09-12 16:19 - 00000536 _____ () C:\Users\me again\Documents\Result.txt
2014-09-12 16:14 - 2014-09-12 16:14 - 00000536 _____ () C:\Users\me again\Desktop\Result.txt
2014-09-12 16:02 - 2014-09-12 16:02 - 01016261 _____ (Thisisu) C:\Users\me again\Desktop\JRT(1).exe
2014-09-12 15:47 - 2014-09-12 15:47 - 01373475 _____ () C:\Users\me again\Desktop\AdwCleaner.exe
2014-09-12 15:42 - 2014-09-12 15:41 - 00401920 _____ (Farbar) C:\Users\me again\Desktop\MiniToolBox.exe
2014-09-12 15:36 - 2014-04-17 20:54 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Skype
2014-09-12 12:55 - 2014-09-12 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 01:19 - 2014-09-12 01:19 - 00009986 _____ () C:\Users\me again\Desktop\FRST.zip
2014-09-12 01:04 - 2014-09-12 01:13 - 00002909 _____ () C:\Users\me again\Desktop\aswMBR.txt
2014-09-12 00:18 - 2014-09-12 00:18 - 05185536 _____ (AVAST Software) C:\Users\me again\Desktop\aswMBR(2).exe
2014-09-12 00:11 - 2014-09-12 00:11 - 00277320 _____ () C:\Windows\Minidump\091214-65380-01.dmp
2014-09-12 00:11 - 2013-12-17 22:13 - 00000000 ____D () C:\Windows\Minidump
2014-09-12 00:10 - 2013-12-15 21:28 - 1085367084 _____ () C:\Windows\MEMORY.DMP
2014-09-11 22:36 - 2014-09-11 22:35 - 00034261 _____ () C:\Users\me again\Desktop\Addition.txt
2014-09-11 22:27 - 2014-09-11 22:27 - 02105856 _____ (Farbar) C:\Users\me again\Desktop\FRST64.exe
2014-09-11 21:27 - 2014-09-11 21:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MEAGAIN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-11 21:25 - 2014-09-11 21:25 - 00002199 _____ () C:\Users\me again\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-11 21:25 - 2014-09-11 21:25 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-11 21:25 - 2014-09-11 21:25 - 00000000 ____D () C:\RegBackup
2014-09-11 21:23 - 2014-09-11 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-11 21:21 - 2014-09-11 21:21 - 04057608 _____ () C:\Users\me again\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-11 14:19 - 2013-12-27 03:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-11 11:24 - 2013-12-16 09:42 - 00000000 ____D () C:\Users\me again\AppData\Local\Google
2014-09-11 11:24 - 2013-12-16 09:42 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-10 23:20 - 2013-12-21 02:45 - 00774256 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:20 - 2009-07-13 23:13 - 00774256 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 23:18 - 2013-12-15 19:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 23:14 - 2013-12-16 05:10 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 23:13 - 2014-05-06 22:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 22:04 - 2013-12-16 18:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 22:04 - 2013-12-16 18:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 22:04 - 2013-12-16 18:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 12:48 - 2013-12-17 15:39 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-04 22:11 - 2014-09-04 22:11 - 00000000 ____D () C:\Users\me again\Documents\Wizard101
2014-09-04 20:10 - 2014-09-10 08:45 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 20:05 - 2014-09-10 08:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 11:35 - 2014-02-16 20:30 - 00000000 ____D () C:\Users\me again\Desktop\rio rango
2014-09-02 18:23 - 2014-01-05 18:04 - 00000000 ____D () C:\Users\me again\AppData\Roaming\HpUpdate
2014-09-01 19:59 - 2013-12-15 16:47 - 00000000 ____D () C:\Users\me again\AppData\Local\VirtualStore
2014-09-01 19:52 - 2014-09-01 19:25 - 00039895 _____ () C:\Windows\DIIUnin.dat
2014-09-01 19:52 - 2014-09-01 19:05 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-09-01 19:50 - 2014-01-15 20:29 - 00021840 ____T () C:\Windows\SysWOW64\SIntfNT.dll
2014-09-01 19:50 - 2014-01-15 20:29 - 00017212 ____T () C:\Windows\SysWOW64\SIntf32.dll
2014-09-01 19:50 - 2014-01-15 20:29 - 00012067 ____T () C:\Windows\SysWOW64\SIntf16.dll
2014-09-01 19:49 - 2014-09-01 19:49 - 00001865 _____ () C:\Users\me again\Desktop\Diablo II - Lord of Destruction.lnk
2014-09-01 19:49 - 2014-09-01 19:49 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-09-01 19:49 - 2014-09-01 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-09-01 19:39 - 2014-05-24 14:50 - 00000000 ____D () C:\Users\me again\AppData\Local\CrashDumps
2014-09-01 19:26 - 2014-01-15 19:34 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-01 19:25 - 2014-09-01 19:25 - 00094208 _____ (Blizzard Entertainment) C:\Windows\DIIUnin.exe
2014-09-01 19:25 - 2014-09-01 19:25 - 00002829 _____ () C:\Windows\DIIUnin.pif
2014-09-01 19:25 - 2014-09-01 19:25 - 00001865 _____ () C:\Users\Public\Desktop\Diablo II.lnk
2014-09-01 17:53 - 2014-09-01 17:53 - 00003042 _____ () C:\Windows\System32\Tasks\{14583089-FF72-4AD6-8C26-59C6A48C7BC2}
2014-09-01 00:57 - 2009-07-13 22:45 - 00351024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-31 21:09 - 2013-12-16 02:24 - 00000000 ____D () C:\Users\me again
2014-08-31 21:08 - 2014-02-08 00:03 - 00000000 ____D () C:\Users\me again\AppData\Local\QuickPlay
2014-08-31 21:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-08-31 20:59 - 2006-11-02 06:34 - 00899844 ____R () C:\Windows\system32\Drivers\etc\hosts.20140911-142250.backup
2014-08-31 20:38 - 2014-08-31 20:38 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-08-31 20:37 - 2014-08-31 19:41 - 00000000 ____D () C:\Users\me again\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-08-31 20:37 - 2009-04-20 16:47 - 00000000 ____D () C:\ProgramData\Norton
2014-08-31 20:34 - 2013-12-15 19:04 - 00000000 ____D () C:\Users\me again\Documents\Symantec
2014-08-31 20:32 - 2014-08-31 20:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-31 20:32 - 2014-08-31 20:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-31 20:32 - 2014-08-31 20:32 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-31 20:32 - 2014-08-31 20:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-31 20:31 - 2014-08-31 20:31 - 00002537 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-31 20:31 - 2014-08-31 20:31 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-31 20:01 - 2014-08-31 19:41 - 00001295 _____ () C:\Users\me again\Desktop\Norton Installation Files.lnk
2014-08-31 19:41 - 2014-02-23 02:10 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-08-31 19:40 - 2014-08-31 19:40 - 01021952 _____ (Symantec Corporation) C:\Users\me again\Downloads\NortonNISDownloader.exe
2014-08-27 18:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-08-27 08:41 - 2006-11-02 06:34 - 00899844 ____R () C:\Windows\system32\Drivers\etc\hosts.20140831-205926.backup
2014-08-26 20:25 - 2009-04-20 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-22 20:07 - 2014-08-31 19:30 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:45 - 2014-08-31 19:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 18:59 - 2014-08-31 19:30 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 12:05 - 2014-09-10 23:22 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 11:39 - 2014-09-10 23:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 17:01 - 2014-09-10 23:22 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 16:29 - 2014-09-10 23:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 16:29 - 2014-09-10 23:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 16:26 - 2014-09-10 23:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 16:20 - 2014-09-10 23:22 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 16:19 - 2014-09-10 23:22 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 16:15 - 2014-09-10 23:22 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 16:15 - 2014-09-10 23:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 16:14 - 2014-09-10 23:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 16:14 - 2014-09-10 23:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 16:08 - 2014-09-10 23:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 16:08 - 2014-09-10 23:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 16:08 - 2014-09-10 23:22 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 16:05 - 2014-09-10 23:22 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 16:03 - 2014-09-10 23:22 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 16:03 - 2014-09-10 23:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 16:03 - 2014-09-10 23:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 15:57 - 2014-09-10 23:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 15:56 - 2014-09-10 23:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 15:51 - 2014-09-10 23:22 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 15:46 - 2014-09-10 23:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 15:45 - 2014-09-10 23:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 15:45 - 2014-09-10 23:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 15:44 - 2014-09-10 23:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 15:44 - 2014-09-10 23:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 15:42 - 2014-09-10 23:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 15:40 - 2014-09-10 23:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 15:39 - 2014-09-10 23:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 15:39 - 2014-09-10 23:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 15:39 - 2014-09-10 23:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 15:38 - 2014-09-10 23:22 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 15:37 - 2014-09-10 23:22 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 15:36 - 2014-09-10 23:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 15:35 - 2014-09-10 23:22 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 15:27 - 2014-09-10 23:22 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 15:25 - 2014-09-10 23:22 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 15:25 - 2014-09-10 23:22 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 15:23 - 2014-09-10 23:22 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 15:23 - 2014-09-10 23:22 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 15:22 - 2014-09-10 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 15:19 - 2014-09-10 23:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 15:17 - 2014-09-10 23:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 15:17 - 2014-09-10 23:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 15:16 - 2014-09-10 23:22 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 15:15 - 2014-09-10 23:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 15:15 - 2014-09-10 23:22 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 15:09 - 2014-09-10 23:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 15:08 - 2014-09-10 23:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 15:07 - 2014-09-10 23:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 14:55 - 2014-09-10 23:22 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 14:46 - 2014-09-10 23:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 14:38 - 2014-09-10 23:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 14:38 - 2014-09-10 23:22 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 14:36 - 2014-09-10 23:22 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 12:45 - 2013-12-16 03:24 - 00085088 _____ () C:\Users\me again\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-17 00:14 - 2014-08-17 00:14 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-08-17 00:14 - 2014-08-17 00:14 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-08-17 00:14 - 2014-08-17 00:14 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-08-17 00:14 - 2014-08-17 00:14 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-08-17 00:13 - 2014-08-17 00:13 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-08-17 00:13 - 2014-08-17 00:13 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center

Some content of TEMP:
====================
C:\Users\me again\AppData\Local\Temp\binkw32.dll
C:\Users\me again\AppData\Local\Temp\d2l_Install.exe
C:\Users\me again\AppData\Local\Temp\d2l_PlayD2.exe
C:\Users\me again\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\me again\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\me again\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\me again\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 18:23

==================== End Of Log ============================

ken545
2014-09-13, 21:09
Hey,

How are ya doing ?

You have FRST64 on your desktop, perfect, when you create this file just save it to your desktop (Important or the fix wont work ) then grab it with your mouse and drag in right next to FRST64, either above or below it but not right on top of it.

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64) either in a directory you saved frst.exe (or frst64.exe)or on your desktop if thats where you saved it



Start
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
2014-08-31 20:59 - 2006-11-02 06:34 - 00899844 ____R () C:\Windows\system32\Drivers\etc\hosts.20140911-142250.backup
Hosts:
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


==============================================================



Then what you want to do is completely remove Malwarebytes from your computer via there removal tool

Download MBAM Clean to your desktop and run it
http://www.malwarebytes.org/mbam-clean.exe


After you run it its important that you reboot your system to guarantee a complete clean

Then go ahead and redownload , install and run the threat scan

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)


On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

1oldman
2014-09-14, 05:41
hope this looks good, the malbytes reinstalled with no problems(that was cool), the scan came up clean so i won't include that log. the frst took me about 2 hours to get it to fix before i realized i had a . on the end of the file name that made a lot of difference. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by me again at 2014-09-13 19:08:13 Run:1
Running from C:\Users\me again\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
2014-08-31 20:59 - 2006-11-02 06:34 - 00899844 ____R () C:\Windows\system32\Drivers\etc\hosts.20140911-142250.backup
Hosts:
EmptyTemp:
End
*****************

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
C:\Windows\system32\Drivers\etc\hosts.20140911-142250.backup => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 291 MB temporary data.


The system needed a reboot.

==== End of Fixlog ==== wow this is cool the copy paste thing works great when you know how, thanks for the explanation

ken545
2014-09-14, 12:18
:bigthumb:

How is your system behaving now ? Anything odd going on ?

1oldman
2014-09-14, 22:59
hey ken, hows it going? it seems the crapware issue is resolved, at least by all indications i can see. the only problem i came across was on the fox browser going to nbc news it wanted to do a redirect (there are reasons for a redirect sometimes but i never allow them without a good reason). that problem was resolved by changing to the spybot proxy settings. this is a good example of an old dog learning new tricks!. at any rate things are looking pretty good again, i'm actually very pleased that the computer went as long as it did without problems.(my wife is learning a lot about safe surfing), if we could leave this thread open for a few days to watch the machines behavior it would probably be a good plan. i will be in touch soon to let you know how things are going and to make sure its time to uninstall the tools used here thanks again and i'll be in touch soon.

ken545
2014-09-14, 23:15
:bigthumb:

Sounds good, post back in a few days and let me know how its going

ken545
2014-09-19, 19:12
Everything running ok, let me know as I need to close this thread.

ken545
2014-10-01, 10:11
Sorry for closing your thread but we do that after no response for 3 days or more

This should clean you up fairly well

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.



==========================================================


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.


Windows XP Double Click DelFix.exe to run the program.
Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
Place a checkmark next to the following items


Activate UAC
Remove Disinfection Tools
Create registry backup
Reset System Settings


Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually



==========================================================




How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken