Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Search Assistant Virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 samson1nite

samson1nite

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 28 October 2013 - 01:14 PM

Hi, I think I have this virus.  Certain words are double underlined and highlighted in blue.  Also, during a google search, sometimes I am redirected to a different site.  Thanks in advance for your help.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by Chad at 14:00:40 on 2013-10-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.3923 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\system32\igfxext.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\servicing\TrustedInstaller.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130521,19855,0,25,0
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uURLSearchHooks: <No Name>: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
BHO: Toolbar BHO: {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Search Assistant BHO: {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: FromDocToPDF: {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: FromDocToPDF: {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FromDocToPDF Search Scope Monitor] "C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h
mRun: [FromDocToPDF_65 Browser Plugin Loader] C:\PROGRA~2\FROMDO~2\bar\1.bin\65brmon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\windows\System32\Sendori.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0C8EC7E2-BB69-4943-91B5-9C31AAA215CC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0C8EC7E2-BB69-4943-91B5-9C31AAA215CC}\037324430353738373037383 : DHCPNameServer = 192.168.200.1
TCP: Interfaces\{0C8EC7E2-BB69-4943-91B5-9C31AAA215CC}\4756272756C6C6F54353433313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0C8EC7E2-BB69-4943-91B5-9C31AAA215CC}\B40266F62702C4966656 : DHCPNameServer = 204.110.18.151 204.110.18.152
TCP: Interfaces\{0C8EC7E2-BB69-4943-91B5-9C31AAA215CC}\C696E6B6379737 : NameServer = 192.168.1.254
TCP: Interfaces\{0C8EC7E2-BB69-4943-91B5-9C31AAA215CC}\C696E6B6379737 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0C8EC7E2-BB69-4943-91B5-9C31AAA215CC}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{75652D85-253D-4F50-BFAB-C2544473798B} : DHCPNameServer = 208.201.224.11 208.201.224.33
TCP: Interfaces\{86D0FE99-184E-49FC-9204-D28E8F366C2F} : NameServer = 0.0.0.0
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [FromDocToPDF Home Page Guard 64 bit] "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-23 36992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-2-24 482384]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-10-26 46368]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 FromDocToPDF_65Service;FromDocToPDFService;C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe [2013-9-7 42504]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-10-26 109352]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-21 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-26 132056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-24 126392]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UDisk Monitor;UDisk Monitor;C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [2013-9-20 517960]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-24 2656280]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-26 1734680]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2012-2-24 20592]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-1-31 174168]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-8-21 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-24 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;C:\windows\System32\drivers\CT_U_USBSER.sys [2013-9-20 128328]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-1 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-9-3 19456]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-24 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-9-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-9-3 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-10-26 20:17:22 -------- d-----w- C:\Users\Chad\AppData\Local\AVG SafeGuard toolbar
2013-10-26 20:17:08 46368 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-10-26 20:17:02 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-10-26 20:17:01 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-10-26 20:17:00 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-26 20:15:47 -------- d--h--w- C:\ProgramData\Common Files
2013-10-26 19:36:31 12872 ----a-w- C:\windows\System32\bootdelete.exe
2013-10-26 19:29:22 -------- d-----w- C:\Program Files\HitmanPro
2013-10-26 19:23:40 -------- d-----w- C:\Users\Chad\AppData\Roaming\LavasoftStatistics
2013-10-26 19:03:20 -------- d-----w- C:\ProgramData\HitmanPro
2013-10-26 17:56:46 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{630D55FD-4F6B-4482-AE8C-668C366CE90C}\mpengine.dll
2013-10-25 15:18:44 388096 ----a-r- C:\Users\Chad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-25 15:18:43 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-10-25 14:53:42 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-24 15:21:14 68688 ----a-w- C:\Program Files (x86)\Microsoft Games\Gears of War\Binaries\PhysXLocal\PhysXLoader.dll
2013-10-24 14:41:00 -------- d-----w- C:\Users\Chad\AppData\Roaming\Microsoft Games
2013-10-24 13:47:00 1892184 ----a-w- C:\windows\SysWow64\D3DX9_42.dll
2013-10-24 13:46:32 -------- d-----w- C:\windows\SysWow64\xlive
2013-10-24 13:46:23 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-10-24 05:35:38 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games
2013-10-24 04:51:59 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2013-10-21 19:33:01 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-10-21 19:33:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-10-21 18:10:55 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{390B3FF9-3BE1-4D77-8558-1578F7FD1AB8}\gapaengine.dll
2013-10-10 18:27:22 633856 ----a-w- C:\windows\System32\comctl32.dll
2013-10-10 18:27:21 530432 ----a-w- C:\windows\SysWow64\comctl32.dll
2013-10-10 18:21:05 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2013-10-10 18:18:53 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 18:18:53 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:48:59 17813896 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2013-10-13 17:14:04 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-13 17:14:04 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 14:01:52.37 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:12:17 PM

Posted 28 October 2013 - 05:59 PM

Hello samson1nite,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 29 October 2013 - 05:53 PM

Here are the contents of the reports,  thanks

 

# AdwCleaner v3.010 - Report created 29/10/2013 at 18:40:41
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chad - CHAD-PC
# Running from : C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6YCHCB7\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : FromDocToPDF_65Service
Service Found : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

File Found : C:\windows\System32\roboot64.exe
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\FromDocToPDF_65
Folder Found C:\Program Files (x86)\Movdap
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\Users\Chad\AppData\Local\FromDocToPDF_65
Folder Found C:\Users\Chad\AppData\Local\Temp\AirInstaller
Folder Found C:\Users\Chad\AppData\Local\Temp\boost_interprocess
Folder Found C:\Users\Chad\AppData\LocalLow\FromDocToPDF_65
Folder Found C:\Users\Chad\AppData\LocalLow\iac
Folder Found C:\Users\Chad\AppData\Roaming\DriverCure
Folder Found C:\Users\Chad\AppData\Roaming\Movdap
Folder Found C:\Users\Chad\AppData\Roaming\ParetoLogic
Folder Found C:\Users\Chad\AppData\Roaming\pccustubinstaller
Folder Found C:\Users\Chad\AppData\Roaming\Systweak

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Key Found : HKCU\Software\FromDocToPDF_65
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\FromDocToPDF_65
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\FromDocToPDF_65
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pixresizer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pixresizer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28725C03-CBA1-4CF7-ACBE-586DC13286A0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A7C43421-AB2B-4373-AADD-F4B7AE15FDBE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D9581658-20F7-405B-B487-5CC26902E218}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F81A9A20-F851-46A7-AD69-C2780DBC377C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope Monitor]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF_65 Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

*************************

AdwCleaner[R0].txt - [16895 octets] - [29/10/2013 18:40:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16956 octets] ##########

 

 

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chad [Admin rights]
Mode : Scan -- Date : 10/29/2013 18:47:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] adwcleaner.exe -- C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6YCHCB7\adwcleaner.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{86D0FE99-184E-49FC-9204-D28E8F366C2F} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{86D0FE99-184E-49FC-9204-D28E8F366C2F} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{86D0FE99-184E-49FC-9204-D28E8F366C2F} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4549 : wscript.exe - C:\Users\Chad\AppData\Local\Temp\launchie.vbs //B -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] f0da113790e51dd9a258cf63222dfc77
[BSP] b0c3f2bbbc0fd86d58e9605adc11f0ba : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 698443 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1433485312 | Size: 15460 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10292013_184742.txt >>

 

 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:12:17 PM

Posted 30 October 2013 - 03:24 PM

1.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
2.
  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Delete
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
AdwCleaner log
Roguekiller log
How is your machine running now?

Edited by fireman4it, 30 October 2013 - 03:27 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 30 October 2013 - 11:58 PM

Here are the reports -  still showing some double underlining on websites and when I scroll over them, the search assist info box appears 

 

# AdwCleaner v3.010 - Report created 31/10/2013 at 00:33:37
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chad - CHAD-PC
# Running from : C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files

\Content.IE5\ZWCSUDU8\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : FromDocToPDF_65Service
Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\FromDocToPDF_65
Folder Deleted : C:\Program Files (x86)\Movdap
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Chad\AppData\Local\FromDocToPDF_65
Folder Deleted : C:\Users\Chad\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Chad\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Chad\AppData\LocalLow\FromDocToPDF_65
Folder Deleted : C:\Users\Chad\AppData\LocalLow\iac
Folder Deleted : C:\Users\Chad\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Chad\AppData\Roaming\Movdap
Folder Deleted : C:\Users\Chad\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Chad\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Chad\AppData\Roaming\Systweak
File Deleted : C:\windows\System32\roboot64.exe

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety

plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pixresizer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pixresizer_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope

Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF_65 Browser

Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-

7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-

73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-

F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-

9A1B865783ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-

C6192F42CF74}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-

0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-

9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-

B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-

8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-

8F57-C6192F42CF74}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-

892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-

4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6

-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-

4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3

-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3

-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-

47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30

-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2

-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-

40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-

4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-

AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-

1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-

C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-

BB30-46DA-A56B-68784B0B762B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-

F679-444E-9D94-6D292FA53140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-

4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-

0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-

55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-

4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-

73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-

FB72AE79A1E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-

FB72AE79A1E8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-

73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-

C6192F42CF74}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-

0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C66A678D-5E6C-

4AF9-8F57-C6192F42CF74}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28725C03-CBA1-4CF7-ACBE-586DC13286A0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A7C43421-AB2B-4373-AADD-F4B7AE15FDBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9581658-20F7-405B-B487-5CC26902E218}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F81A9A20-F851-46A7-AD69-C2780DBC377C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\FromDocToPDF_65
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\FromDocToPDF_65
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar

Uninstall Internet Explorer
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

*************************

AdwCleaner[R0].txt - [17141 octets] - [29/10/2013 18:40:41]
AdwCleaner[R1].txt - [17202 octets] - [31/10/2013 00:33:09]
AdwCleaner[S0].txt - [17063 octets] - [31/10/2013 00:33:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17124 octets] ##########

 

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chad [Admin rights]
Mode : Remove -- Date : 10/31/2013 00:48:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4549 : wscript.exe - C:\Users\Chad\AppData\Local\Temp\launchie.vbs //B -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] f0da113790e51dd9a258cf63222dfc77
[BSP] b0c3f2bbbc0fd86d58e9605adc11f0ba : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 698443 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1433485312 | Size: 15460 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10312013_004836.txt >>
RKreport[0]_S_10292013_184742.txt;RKreport[0]_S_10312013_004817.txt



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:12:17 PM

Posted 31 October 2013 - 11:06 AM

  •    1. Please download OTL from one of the following mirrors:
             
  • This is THE Mirror
       2. Save it to your desktop.
       3. Double click on the otlDesktopIcon.png  icon on your desktop.
       4. Under the Custom Scan box paste this in
         

    c:\windows\*. /SL
    c:\windows\*. /RP
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
       5. Push the Quick Scan button.
       6. Two reports will open, copy and paste them in a reply here:
             
  • OTL.txt <-- Will be opened
             
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 31 October 2013 - 12:16 PM

Thanks, here are the OTL scan reports

 

OTL logfile created on: 10/31/2013 1:03:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chad\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 3.90 Gb Available Physical Memory | 66.03% Memory free
11.82 Gb Paging File | 9.45 Gb Available in Paging File | 79.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.07 Gb Total Space | 611.29 Gb Free Space | 89.62% Space Free | Partition Type: NTFS
 
Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/10/31 13:01:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
PRC - [2013/10/31 01:00:08 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
PRC - [2013/10/10 14:29:32 | 000,310,352 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/01 15:28:16 | 000,196,896 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
PRC - [2013/07/01 15:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
PRC - [2013/07/01 15:28:16 | 000,083,232 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
PRC - [2013/07/01 15:28:14 | 000,022,304 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
PRC - [2013/07/01 15:28:12 | 003,623,200 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/15 17:49:18 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2012/04/20 14:13:50 | 000,517,960 | ---- | M] () -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/25 20:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/31 01:00:08 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/10/31 00:40:32 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/01 15:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/10 01:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/01 16:38:30 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/06/01 16:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/06/01 16:19:58 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/24 13:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/20 19:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/10/31 01:00:04 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs)
SRV - [2013/10/13 13:14:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 09:10:04 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/01 15:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/07/01 15:28:14 | 000,022,304 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/07/01 15:28:12 | 003,623,200 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/15 17:49:18 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/04/20 14:13:50 | 000,517,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/10/26 16:16:51 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/25 14:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/20 14:11:28 | 000,128,328 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2012/04/18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 08:13:43 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/06/27 13:55:50 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/21 19:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/21 19:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 23:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/05/01 18:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/03/23 21:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/31 20:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/22 14:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {66ECA77E-1EE6-4CE6-92DD-C6455B9DE9EF}
IE:64bit: - HKLM\..\SearchScopes\{66ECA77E-1EE6-4CE6-92DD-C6455B9DE9EF}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{66ECA77E-1EE6-4CE6-92DD-C6455B9DE9EF}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130521,19855,0,25,0
IE - HKCU\..\URLSearchHook: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{66ECA77E-1EE6-4CE6-92DD-C6455B9DE9EF}: "URL" = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{97E1D901-1733-4EFB-96EE-7080E7361AE9}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS489
IE - HKCU\..\SearchScopes\{DC12B91F-A8FD-47F4-B1DF-96F9C64B9BCA}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130521,19853,0,25,0
IE - HKCU\..\SearchScopes\60CA4A69466E4A269F0F1E48FA278F32: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013/05/21 16:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions
 
O1 HOSTS File: ([2013/10/31 01:00:16 | 000,038,201 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.icksor.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
O1 - Hosts: 634 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Toolbar BHO) - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\PROGRA~2\FROMDO~2\bar\1.bin\65bar.dll File not found
O2 - BHO: (Search Assistant BHO) - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [FromDocToPDF Home Page Guard 64 bit] "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\windows\SysWow64\Sendori.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C8EC7E2-BB69-4943-91B5-9C31AAA215CC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75652D85-253D-4F50-BFAB-C2544473798B}: DhcpNameServer = 208.201.224.11 208.201.224.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86D0FE99-184E-49FC-9204-D28E8F366C2F}: NameServer = 0.0.0.0
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{86c0cb79-2079-11e3-87f2-dc0ea1463fbe}\Shell - "" = AutoRun
O33 - MountPoints2\{86c0cb79-2079-11e3-87f2-dc0ea1463fbe}\Shell\AutoRun\command - "" = E:\N8000_ZTE.exe
O33 - MountPoints2\{d3bc7c6d-0a90-11e3-a345-dc0ea1463fbe}\Shell - "" = AutoRun
O33 - MountPoints2\{d3bc7c6d-0a90-11e3-a345-dc0ea1463fbe}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{F871DB00-5C93-4B4D-9F0B-A4FAEC8D6BD6} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
 CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/31 13:01:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
[2013/10/31 00:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/10/29 18:44:22 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\RK_Quarantine
[2013/10/29 18:40:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/28 13:57:35 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chad\Desktop\dds.com
[2013/10/26 16:17:22 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\AVG SafeGuard toolbar
[2013/10/26 16:17:08 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/10/26 16:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/10/26 16:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/10/26 16:15:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/10/26 15:36:31 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2013/10/26 15:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/10/26 15:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/10/26 15:24:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/26 15:23:40 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\LavasoftStatistics
[2013/10/26 15:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/10/26 15:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/10/25 11:18:44 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/10/25 11:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/10/25 11:15:14 | 000,037,888 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\Chad\Desktop\ADSSpy.exe
[2013/10/24 12:15:41 | 000,000,000 | ---D | C] -- C:\Users\Chad\Documents\Games for Windows - LIVE Demos
[2013/10/24 10:45:19 | 000,000,000 | ---D | C] -- C:\Users\Chad\Documents\My Games
[2013/10/24 10:41:00 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft Games
[2013/10/24 09:46:32 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\xlive
[2013/10/24 09:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013/10/24 09:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013/10/24 01:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2013/10/24 00:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2013/10/21 15:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/31 13:01:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
[2013/10/31 12:50:39 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/31 12:50:39 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/31 12:50:39 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2013/10/31 12:50:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/31 11:33:32 | 001,340,332 | ---- | M] () -- C:\Users\Chad\Desktop\CAM00033.jpg
[2013/10/31 01:00:16 | 000,038,201 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/10/31 01:00:09 | 000,001,196 | ---- | M] () -- C:\Users\Chad\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/10/31 00:43:47 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 00:43:47 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 00:36:11 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/31 00:36:11 | 000,000,400 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2013/10/31 00:35:13 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/29 18:44:20 | 003,538,944 | ---- | M] () -- C:\Users\Chad\Desktop\RogueKiller.exe
[2013/10/28 13:57:35 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chad\Desktop\dds.com
[2013/10/26 16:16:51 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/10/26 15:36:31 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2013/10/26 15:29:22 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/10/25 11:18:44 | 000,002,971 | ---- | M] () -- C:\Users\Chad\Desktop\HiJackThis.lnk
[2013/10/25 11:17:26 | 001,402,880 | ---- | M] () -- C:\Users\Chad\Desktop\HiJackThis.msi
[2013/10/25 11:15:14 | 000,037,888 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Users\Chad\Desktop\ADSSpy.exe
[2013/10/25 11:13:32 | 001,724,552 | ---- | M] () -- C:\Users\Chad\Desktop\Adaware_Installer.exe
[2013/10/23 11:37:34 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/23 11:37:34 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/10/23 11:37:34 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/10/21 16:05:53 | 000,418,584 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/10/21 15:17:20 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/10/31 11:33:32 | 001,340,332 | ---- | C] () -- C:\Users\Chad\Desktop\CAM00033.jpg
[2013/10/31 01:00:09 | 000,001,196 | ---- | C] () -- C:\Users\Chad\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/10/29 18:43:57 | 003,538,944 | ---- | C] () -- C:\Users\Chad\Desktop\RogueKiller.exe
[2013/10/26 15:29:22 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/10/25 11:18:44 | 000,002,971 | ---- | C] () -- C:\Users\Chad\Desktop\HiJackThis.lnk
[2013/10/25 11:17:26 | 001,402,880 | ---- | C] () -- C:\Users\Chad\Desktop\HiJackThis.msi
[2013/10/25 11:13:30 | 001,724,552 | ---- | C] () -- C:\Users\Chad\Desktop\Adaware_Installer.exe
[2012/06/18 20:00:51 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/08/11 01:05:12 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\1O1L1I1PtF1F1C1N
[2012/06/22 11:00:49 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Garmin
[2012/06/19 16:04:35 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Tific
[2012/07/04 23:13:08 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Toshiba
[2012/12/10 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Visan
[2012/06/18 21:26:18 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WildTangent
[2012/06/18 18:44:41 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< c:\windows\*. /SL >
[2009/07/14 01:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 01:08:49 | 000,032,554 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/02/24 08:29:54 | 000,000,908 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/02/24 08:29:54 | 000,000,912 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 20:53:53 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012/12/10 16:26:49 | 000,000,336 | ---- | C] () -- C:\windows\Tasks\HP Photo Creations Communicator.job
[2013/05/21 16:44:38 | 000,000,400 | ---- | C] () -- C:\windows\Tasks\FreeFileViewerUpdateChecker.job
 
<  c:\windows\*. /RP >
 
<  %ALLUSERSPROFILE%\Application Data\*. >
 
<  %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
<  %APPDATA%\*. >
[2013/08/11 01:05:12 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\1O1L1I1PtF1F1C1N
[2012/06/20 13:09:44 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Adobe
[2012/06/22 11:00:49 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Garmin
[2012/06/18 19:02:11 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Google
[2012/06/23 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\HpUpdate
[2012/06/18 18:46:04 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Identities
[2012/06/18 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Intel
[2013/10/26 15:23:40 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\LavasoftStatistics
[2011/07/27 03:11:46 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Macromedia
[2013/08/21 11:20:43 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Malwarebytes
[2010/11/21 03:16:41 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Media Center Programs
[2013/10/25 11:18:44 | 000,000,000 | --SD | M] -- C:\Users\Chad\AppData\Roaming\Microsoft
[2013/10/24 11:40:55 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Microsoft Games
[2013/05/21 16:42:24 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Mozilla
[2013/08/13 00:12:32 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Skype
[2012/06/19 16:04:35 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Tific
[2012/07/04 23:13:08 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Toshiba
[2012/12/10 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Visan
[2012/06/18 21:26:18 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WildTangent
[2012/06/18 18:44:41 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\WinBatch
[2013/05/21 16:42:32 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Yahoo!
 
<  %APPDATA%\*.exe /s >
[2013/01/30 14:45:44 | 001,114,624 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\1O1L1I1PtF1F1C1N\Skype Free Download Packages\uninstaller.exe
[2011/07/27 03:11:43 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Chad\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2013/10/25 11:18:44 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Chad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2013/03/02 18:33:20 | 001,007,576 | ---- | M] (WildTangent) -- C:\Users\Chad\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
[2013/03/02 18:31:44 | 000,000,179 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata
[2012/05/21 21:34:34 | 000,571,040 | ---- | M] (WildTangent, Inc.) -- C:\Users\Chad\AppData\Roaming\WildTangent\WildTangent Games\App\Update\Updater.exe
 
<  %SYSTEMDRIVE%\*.exe >
 
<  %systemroot%\*. /mp /s >
 
<  %systemroot%\system32\*.dll /lockedfiles >
 
<  %systemroot%\Tasks\*.job /lockedfiles >
 
<  %systemroot%\system32\drivers\*.sys /lockedfiles >
 
<  %systemroot%\System32\config\*.sav >
 
<  %systemroot%\system32\drivers\*.sys /90 >

< End of report >

 

OTL Extras logfile created on: 10/31/2013 1:03:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chad\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 3.90 Gb Available Physical Memory | 66.03% Memory free
11.82 Gb Paging File | 9.45 Gb Available in Paging File | 79.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.07 Gb Total Space | 611.29 Gb Free Space | 89.62% Space Free | Partition Type: NTFS
 
Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15D146EC-4758-4691-B0DD-61DFEB7155E7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{25C141B5-0353-4504-AD25-B9AC47417D53}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{45F33807-8181-4386-9257-0DCBA2282A7B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49A00786-FF16-4CB7-8B4D-A0C79A40C408}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5559DA48-769F-4138-BD73-ACA33A8CB041}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58B6974F-6C72-4356-AFC1-CB79CC3935D0}" = rport=138 | protocol=17 | dir=out | app=system |
"{66CD7D56-E073-43D5-8473-54A05A4CC26F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{683535F1-CDC9-49B9-BA21-E23EB963F6E7}" = rport=139 | protocol=6 | dir=out | app=system |
"{7997ADF7-A966-4473-9713-91705109B26D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8B062E51-5579-44E5-9404-D7913204E465}" = rport=137 | protocol=17 | dir=out | app=system |
"{8BD200B2-8F50-4FC7-9C8C-BE90B4211B0F}" = lport=138 | protocol=17 | dir=in | app=system |
"{9043424B-30AD-40B7-B4FB-A0A6CFCDB624}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90D8084F-FADC-4611-8B2D-A997D5010637}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D961A56-5D7D-4462-B15F-240B948F5063}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A3F31046-D3F5-475D-B315-CC1DA22C9D5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF53C81A-52EC-4842-B012-5F86C9F9BA4E}" = rport=445 | protocol=6 | dir=out | app=system |
"{B884C54D-D335-4212-84F6-FFECA056F811}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4C76FC8-606C-4FAC-9800-3EFB6800168D}" = lport=139 | protocol=6 | dir=in | app=system |
"{D0508745-6314-4C7A-9CEA-D604EB67CFF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8980E74-A838-47FD-8672-87FB55FC0510}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDA44724-EF3A-4047-A949-E766752F257E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE875970-57CD-4355-9265-E4E3972547BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DF52E638-C1E2-46AF-8614-687E9FA660FE}" = lport=137 | protocol=17 | dir=in | app=system |
"{EBADCB08-BB1D-4ACF-9F8B-25145F3B4FF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F54F304D-1E1C-4057-A109-77A997D47D5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7C7538F-7221-406C-933D-5016C30CF90C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1009BE31-D56B-4EF4-995B-3ADEB58C35BD}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{21C5F4B4-4D22-49ED-9EBF-3C9C32DCA45F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{21C9C948-4AC4-43D0-A753-5C66CF44F3BD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"{21D49521-3871-4639-83D1-D58C5B0A80D2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2771FEF0-848D-4DD9-B6C8-FAA2A898D91C}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{29C64C94-2C17-45A6-BB3F-637D7448283E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{2DA70035-874B-4A29-B913-7E6CFD2242CA}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe |
"{3332AC26-E78A-4D0F-9D58-B9B8199D8737}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{49527B0A-1706-41CD-BE15-9E3C3C707EA6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"{4E3C89DD-FDE8-4D52-97A3-2EC6EA9851D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D0B9608-2399-4A6E-A43C-01414DBFF0FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D675F65-FC8A-4C0A-9384-6C94C21C8DF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64839A41-EAAD-4C4D-A0B4-1955AC2779B9}" = protocol=6 | dir=out | app=system |
"{6687B926-A443-4379-928A-A8ED95255FC4}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{67248581-0B9F-4D61-912E-E6841DD23B7D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{786A6EA3-2998-46E1-9C17-754BACE2B919}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7C238445-0E26-4D39-BB3D-1E5701DF1ADD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{843EA5F3-7D6B-4C71-858E-1B5868C5E8A8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{877BA8D0-36EE-46E2-8CBD-CDF6437CC5DB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{91037C13-06C5-4660-A0DF-7281241C0D80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2E5F894-818C-45AD-A4DF-6366A16835A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A8BB5CCD-5A51-4C3C-A7FE-EBF4156F9EC4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C20BA1E1-8DF4-4B03-AB1B-26EA0D562364}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C441A533-14C8-4F22-AECB-0ADC08FC1386}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CAB5C5CE-78B1-4F72-B55A-F7C8421634FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CDD33533-0A81-4670-8C8D-C17EEEACE528}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D14743D6-F0D1-44AD-88DB-CD4295491E10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D39F64F0-FE20-4C3D-ACEE-42684AB527DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D509B377-B889-456D-8791-F3FDB6F20110}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D7C3AC38-B596-4975-8E7E-0C4961917427}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DAB74191-A3DA-47DC-80C8-6C53FA08EC39}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DEC6BEE8-E8B7-4899-A1F5-B3C3816AB31D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4B8B239-F557-4879-9E29-828BBD535E75}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA1301FB-8A59-4A1B-9441-B860A2913838}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{EF29A099-7B15-4D31-9E9C-E2C517276186}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{C33C0EA6-5F98-48A5-BC0A-DF501517A7BE}C:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"TCP Query User{F5A6BCFE-5B6C-4090-84F8-E43A70D6B9A4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{5D924BAD-24E3-46AB-AA4B-8CAE8D729EB8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{97F3D7C7-E7FE-4AE1-827F-5FA0342C2A9B}C:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1A570BFA-D775-47EE-8071-06E9559C14F5}" = HP Deskjet 1000 J110 series Product Improvement Study
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}" = HP Deskjet 1000 J110 series Basic Device Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}" = Microsoft Games for Windows Marketplace
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel® WiDi
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{AE1EC58E-B2AC-4959-A4C2-C38202A25239}" = Garmin WebUpdater
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android USB Driver_is1" = Android USB Driver
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Files Opened" = Files Opened
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PIXresizer_is1" = PIXresizer
"ProInst" = Intel PROSet Wireless
"Sendori" = Sendori
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-241c3fae-684e-4135-96ec-daee1e93ced5" = Chuzzle Deluxe
"WTA-249f83ef-d553-400c-9ae7-253c719ba37d" = Plants vs. Zombies - Game of the Year
"WTA-25d2ff53-2bc3-4219-a1a7-b0f1e1ad1cb2" = Fishdom ™ 2
"WTA-334d1d79-1825-4ca2-b9df-1dd0629f5fa0" = FATE - The Traitor Soul
"WTA-8448b84f-8e3d-4f68-9b3d-c881ea4902d5" = Penguins!
"WTA-b6aab225-1003-42b3-a3ba-85577f5153f7" = Tom Clancy's Splinter Cell
"WTA-d884c11c-b76b-477d-96f0-5e227993a853" = Bejeweled 3
"WTA-e164418d-77f1-4f58-b946-c6489fb90e8c" = Virtual Villagers 5 - New Believers
"WTA-fef5f861-14b5-427c-b65b-3b600171ce3a" = Zuma's Revenge
"WTA-ff46936b-82fb-49b0-9c43-37bec9a43847" = Polar Bowler
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Skype Free Download Packages" = Skype Free Download Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/27/2013 10:26:59 AM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: MSHTML.dll, version: 10.0.9200.16660,
 time stamp: 0x51f1d37a  Exception code: 0xc0000005  Fault offset: 0x000b1d73  Faulting
 process id: 0x19e4  Faulting application start time: 0x01cea3317bbac6a1  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\system32\MSHTML.dll  Report Id: bb0580f1-0f24-11e3-a345-dc0ea1463fbe
 
Error - 8/27/2013 10:26:59 AM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: MSHTML.dll, version: 10.0.9200.16660,
 time stamp: 0x51f1d37a  Exception code: 0xc0000005  Fault offset: 0x000b1d73  Faulting
 process id: 0x2418  Faulting application start time: 0x01cea3317bb86541  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\system32\MSHTML.dll  Report Id: bb188bf4-0f24-11e3-a345-dc0ea1463fbe
 
Error - 8/27/2013 10:27:06 AM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: MSHTML.dll, version: 10.0.9200.16660,
 time stamp: 0x51f1d37a  Exception code: 0xc0000005  Fault offset: 0x000b1d73  Faulting
 process id: 0x1af4  Faulting application start time: 0x01cea331086b837e  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\system32\MSHTML.dll  Report Id: bf55ff71-0f24-11e3-a345-dc0ea1463fbe
 
Error - 8/27/2013 10:27:06 AM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: MSHTML.dll, version: 10.0.9200.16660,
 time stamp: 0x51f1d37a  Exception code: 0xc0000005  Fault offset: 0x000b1d73  Faulting
 process id: 0x25a8  Faulting application start time: 0x01cea3317bbd2802  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\system32\MSHTML.dll  Report Id: bf6447b2-0f24-11e3-a345-dc0ea1463fbe
 
Error - 8/27/2013 10:27:10 AM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: MSHTML.dll, version: 10.0.9200.16660,
 time stamp: 0x51f1d37a  Exception code: 0xc0000005  Fault offset: 0x000b1d73  Faulting
 process id: 0x2180  Faulting application start time: 0x01cea32de1133950  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\system32\MSHTML.dll  Report Id: c1cccc19-0f24-11e3-a345-dc0ea1463fbe
 
Error - 8/27/2013 10:27:10 AM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: MSHTML.dll, version: 10.0.9200.16660,
 time stamp: 0x51f1d37a  Exception code: 0xc0000005  Fault offset: 0x000b1d73  Faulting
 process id: 0x15ac  Faulting application start time: 0x01cea33183ee4453  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\system32\MSHTML.dll  Report Id: c1d6519a-0f24-11e3-a345-dc0ea1463fbe
 
Error - 8/27/2013 10:27:10 AM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: MSHTML.dll, version: 10.0.9200.16660,
 time stamp: 0x51f1d37a  Exception code: 0xc0000005  Fault offset: 0x000b1d73  Faulting
 process id: 0xb98  Faulting application start time: 0x01cea33183f7c9d4  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\system32\MSHTML.dll  Report Id: c1f080bd-0f24-11e3-a345-dc0ea1463fbe
 
Error - 8/27/2013 10:27:10 AM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: MSHTML.dll, version: 10.0.9200.16660,
 time stamp: 0x51f1d37a  Exception code: 0xc0000005  Fault offset: 0x000b1d73  Faulting
 process id: 0xb48  Faulting application start time: 0x01cea33183f7c9d4  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\system32\MSHTML.dll  Report Id: c2084e80-0f24-11e3-a345-dc0ea1463fbe
 
Error - 8/27/2013 10:27:21 AM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: MSHTML.dll, version: 10.0.9200.16660,
 time stamp: 0x51f1d37a  Exception code: 0xc0000005  Fault offset: 0x000b1d73  Faulting
 process id: 0x159c  Faulting application start time: 0x01cea33183f0a5b3  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\system32\MSHTML.dll  Report Id: c85095ff-0f24-11e3-a345-dc0ea1463fbe
 
Error - 8/27/2013 1:02:01 PM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: skypeieplugin.dll, version: 6.11.0.13348,
 time stamp: 0x520b6593  Exception code: 0xc0000005  Fault offset: 0x00012f17  Faulting
 process id: 0x3494  Faulting application start time: 0x01cea33ffb48487c  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll  Report
 Id: 63870e56-0f3a-11e3-a345-dc0ea1463fbe
 
[ SendoriLogs Events ]
Error - 8/2/2013 10:33:17 PM | Computer Name = Chad-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/2/2013 10:38:17 PM | Computer Name = Chad-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/2/2013 10:43:17 PM | Computer Name = Chad-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/2/2013 10:48:17 PM | Computer Name = Chad-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 8/26/2013 10:04:04 AM | Computer Name = Chad-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/14/2013 10:04:54 PM | Computer Name = Chad-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/14/2013 10:09:54 PM | Computer Name = Chad-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/14/2013 10:14:54 PM | Computer Name = Chad-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/17/2013 11:33:36 AM | Computer Name = Chad-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
Error - 10/22/2013 5:17:32 PM | Computer Name = Chad-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.
 
[ System Events ]
Error - 10/28/2013 1:44:57 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Service Sendori service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 10/28/2013 8:32:43 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Service Sendori service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 10/29/2013 11:02:57 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Application Sendori service.
 
Error - 10/29/2013 5:28:26 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Service Sendori service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 10/30/2013 1:18:09 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Service Sendori service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 10/30/2013 7:27:53 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Service Sendori service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 10/30/2013 10:45:02 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Service Sendori service, but
 this action failed with the following error:   %%1056
 
Error - 10/30/2013 5:14:41 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Service Sendori service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 10/31/2013 1:00:08 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7030
Description = The HOSTS Anti-PUPs service is marked as an interactive service. 
However, the system is configured to not allow interactive services.  This service
 may not function properly.
 
Error - 10/31/2013 7:04:20 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Service Sendori service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
 
< End of report >
 



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:12:17 PM

Posted 31 October 2013 - 07:54 PM

We need to run an OTL Fix

  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox.

    :otl
    MOD - [2013/10/31 01:00:08 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
    PRC - [2013/10/31 01:00:08 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
    O2 - BHO: (Toolbar BHO) - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\PROGRA~2\FROMDO~2\bar\1.bin\65bar.dll File not found
    O2 - BHO: (Search Assistant BHO) - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [FromDocToPDF Home Page Guard 64 bit] "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe" File not found
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O33 - MountPoints2\{86c0cb79-2079-11e3-87f2-dc0ea1463fbe}\Shell - "" = AutoRun
    O33 - MountPoints2\{86c0cb79-2079-11e3-87f2-dc0ea1463fbe}\Shell\AutoRun\command - "" = E:\N8000_ZTE.exe
    O33 - MountPoints2\{d3bc7c6d-0a90-11e3-a345-dc0ea1463fbe}\Shell - "" = AutoRun
    O33 - MountPoints2\{d3bc7c6d-0a90-11e3-a345-dc0ea1463fbe}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
    [2013/10/26 16:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    [2013/10/26 16:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
    [2013/10/26 16:17:22 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\AVG SafeGuard toolbar
    [2013/10/31 01:00:09 | 000,001,196 | ---- | M] () -- C:\Users\Chad\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
    [2013/08/11 01:05:12 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\1O1L1I1PtF1F1C1N
    
    
    :Commands
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 01 November 2013 - 12:08 AM

Here is the OTL report after the fix

All processes killed
========== OTL ==========
No active process named HOSTS_Anti-Adware_main.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FromDocToPDF Home Page Guard 64 bit deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HOSTS Anti-Adware_PUPs deleted successfully.
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86c0cb79-2079-11e3-87f2-dc0ea1463fbe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86c0cb79-2079-11e3-87f2-dc0ea1463fbe}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86c0cb79-2079-11e3-87f2-dc0ea1463fbe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86c0cb79-2079-11e3-87f2-dc0ea1463fbe}\ not found.
File E:\N8000_ZTE.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3bc7c6d-0a90-11e3-a345-dc0ea1463fbe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3bc7c6d-0a90-11e3-a345-dc0ea1463fbe}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3bc7c6d-0a90-11e3-a345-dc0ea1463fbe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3bc7c6d-0a90-11e3-a345-dc0ea1463fbe}\ not found.
File E:\LGAutoRun.exe not found.
C:\ProgramData\AVG SafeGuard toolbar\Logger folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\skin folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\th folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\sv folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\ro folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\nb folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\it folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\id folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\hi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\fi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\en folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\el folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\de folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\da folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale\af folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\modules folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\locale\en-US folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\components folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12\chrome folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12 folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\skin folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\th folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\sv folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\ro folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\nb folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\it folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\id folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\hi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\fi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\en folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\el folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\de folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\da folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale\af folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\modules folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\locale\en-US folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\components folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12\chrome folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12 folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.1.12 folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.0.12 folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar folder moved successfully.
Folder C:\Program Files (x86)\AVG SafeGuard toolbar\ not found.
C:\Users\Chad\AppData\Local\AVG SafeGuard toolbar\SiteSafety folder moved successfully.
C:\Users\Chad\AppData\Local\AVG SafeGuard toolbar\DNT folder moved successfully.
C:\Users\Chad\AppData\Local\AVG SafeGuard toolbar\Chrome\Default folder moved successfully.
C:\Users\Chad\AppData\Local\AVG SafeGuard toolbar\Chrome folder moved successfully.
C:\Users\Chad\AppData\Local\AVG SafeGuard toolbar folder moved successfully.
C:\Users\Chad\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk moved successfully.
C:\Users\Chad\AppData\Roaming\1O1L1I1PtF1F1C1N\Skype Free Download Packages folder moved successfully.
C:\Users\Chad\AppData\Roaming\1O1L1I1PtF1F1C1N folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Chad
->Temp folder emptied: 585226714 bytes
->Temporary Internet Files folder emptied: 742514404 bytes
->Java cache emptied: 191860 bytes
->Flash cache emptied: 90704 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 827487397 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 39850 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287446 bytes
RecycleBin emptied: 59201857 bytes

Total Files Cleaned = 2,153.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11012013_005710

Files\Folders moved on Reboot...
C:\Users\Chad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UF7QQDJO\like[5].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KL0JTD3R\infected-with-search-assistant-virus[1].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KL0JTD3R\xd_arbiter[1].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IZCBZ0IU\postmessageRelay[1].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E2G1XN7W\xd_arbiter[1].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3S0ZRK0H\fastbutton[3].htm moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Chad\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\sndappv2.log scheduled to be moved on reboot.
C:\windows\temp\~DFE3C7684A446DB5B3.TMP moved successfully.
File move failed. C:\windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:12:17 PM

Posted 02 November 2013 - 01:10 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 02 November 2013 - 05:19 PM

The Search Assist Links are still there - Thanks

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:12:17 PM

Posted 04 November 2013 - 07:13 PM

Is this occurring in all your browswers?  Firefox? Chrome? Internet Explorer?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 05 November 2013 - 10:40 PM

Im not sure - I think I only use internet explorer

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,252 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:12:17 PM

Posted 06 November 2013 - 12:19 PM

Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop

Link 1
Link 2

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 06 November 2013 - 09:27 PM

Thanks fireman - machine seems to be free of virus - here is the log:

 

ComboFix 13-11-04.01 - Chad 11/06/2013  21:00:29.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.4622 [GMT -5:00]
Running from: c:\users\Chad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-07 to 2013-11-07  )))))))))))))))))))))))))))))))
.
.
2013-11-07 02:06 . 2013-11-07 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-06 03:11 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AC4C799-E944-4E6D-A54F-B3133E9511B5}\mpengine.dll
2013-11-04 17:41 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-01 04:57 . 2013-11-01 04:57 -------- d-----w- C:\_OTL
2013-10-31 04:59 . 2013-11-01 04:57 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-29 22:40 . 2013-10-31 04:33 -------- d-----w- C:\AdwCleaner
2013-10-26 20:17 . 2013-10-26 20:16 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-10-26 20:17 . 2013-10-27 22:49 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-10-26 20:15 . 2013-10-26 20:15 -------- d--h--w- c:\programdata\Common Files
2013-10-26 19:36 . 2013-10-26 19:36 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-10-26 19:29 . 2013-10-26 19:29 -------- d-----w- c:\program files\HitmanPro
2013-10-26 19:23 . 2013-10-26 19:23 -------- d-----w- c:\users\Chad\AppData\Roaming\LavasoftStatistics
2013-10-26 19:15 . 2013-10-26 19:15 -------- d-----w- c:\programdata\Lavasoft
2013-10-26 19:03 . 2013-10-26 19:36 -------- d-----w- c:\programdata\HitmanPro
2013-10-25 15:18 . 2013-10-25 15:18 388096 ----a-r- c:\users\Chad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-25 15:18 . 2013-10-25 15:18 -------- d-----w- c:\program files (x86)\Trend Micro
2013-10-24 14:41 . 2013-10-24 15:40 -------- d-----w- c:\users\Chad\AppData\Roaming\Microsoft Games
2013-10-24 13:47 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2013-10-24 13:46 . 2013-10-24 13:46 -------- d-----w- c:\windows\SysWow64\xlive
2013-10-24 13:46 . 2013-10-24 13:46 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-10-24 05:35 . 2013-10-24 05:35 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
2013-10-24 04:51 . 2013-10-24 14:56 -------- d-----w- c:\program files (x86)\Microsoft Games
2013-10-21 19:33 . 2013-09-21 03:38 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-21 19:33 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-10-21 18:10 . 2013-10-21 18:09 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390B3FF9-3BE1-4D77-8558-1578F7FD1AB8}\gapaengine.dll
2013-10-10 18:27 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 18:27 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-10 18:21 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 18:18 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 18:18 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:48 . 2013-10-13 17:13 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-21 19:22 . 2012-06-20 12:52 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-13 17:14 . 2012-06-27 00:53 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-13 17:14 . 2011-07-27 07:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-06 17:22 . 2012-07-04 01:27 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-29 01:48 . 2013-10-10 18:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_U_USBSER.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe;c:\program files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-21 17:51 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 17:14]
.
2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 12:29]
.
2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 12:29]
.
2013-11-07 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-12-10 20:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130521,19855,0,25,0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0C8EC7E2-BB69-4943-91B5-9C31AAA215CC}\C696E6B6379737: NameServer = 192.168.1.254
TCP: Interfaces\{86D0FE99-184E-49FC-9204-D28E8F366C2F}: NameServer = 0.0.0.0
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Skype Free Download Packages - c:\users\Chad\AppData\Roaming\1O1L1I1PtF1F1C1N\Skype Free Download Packages\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Sendori\SendoriUp.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-11-06  21:17:42 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-07 02:17
.
Pre-Run: 659,182,546,944 bytes free
Post-Run: 658,672,394,240 bytes free
.
- - End Of File - - EA3D1280A4EF9211932726D5BC70FA2C
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users