Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijackers: search.conduit.com / mixidj


  • This topic is locked This topic is locked
23 replies to this topic

#1 lingle873333

lingle873333

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 20 May 2013 - 09:57 AM

I have come up with two browser hijackers:  conduit and mixidj.  They are active on all my browsers--Chrome, Firefox and IE.  I've seen threads dealing with these but don't want to apply any fixes without specific instructions.  Can you help?

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by jfitch at 13:07:30 on 2013-05-20
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12270.6774 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Akamai\netsession_win.exe
C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\spoolsv.exe
C:\Users\JFITCH~1.THE\AppData\Local\Temp\{E7A2E684-B6A4-43CD-9B74-3A79F783A84E}\ISBEW64.exe
C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe
C:\Users\JFITCH~1.THE\AppData\Local\Temp\{2DBCB4D3-D063-4AD5-B399-8021BED715A5}\ISBEW64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoConverterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN33995228789792812&UM=2&ctid=CT3298566
uProxyOverride = 127.0.0.1:9421;<local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
uRun: [Akamai NetSession Interface] "C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
uRunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\SearchProtect"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f
dRunOnce: [Application Restart #0] C:\Windows\System32\Magnify.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} - hxxps://prolog.kbr.com/pw/mpsPwLc7.CAB
TCP: NameServer = 192.168.1.29
TCP: Interfaces\{B974A606-EE12-41BA-8CDC-82BCC5938B28} : DHCPNameServer = 192.168.1.29
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN22215000871802311&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN22215000871802311&UM=2&UP=SPF8E78F77-13D6-43AE-B68E-1A6597683BB3
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN22215000871802311&UM=2&q=
FF - prefs.js: network.proxy.http - 91.193.223.152
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\plugins\np-mswmp.dll
FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll
FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-28 08:44; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
FF - ExtSQL: 2013-05-20 10:09; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pvl
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pvl
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=pvl&q=
FF - user.js: extensions.funmoods_i.id - fa4621ad000000000000e069954ca591
FF - user.js: extensions.funmoods_i.instlDay - 15418
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.210:52:03
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - pvl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-28 39768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-14 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-14 237056]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-14 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-10-15 72216]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-28 2358656]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-14 2655768]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-3-29 968880]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-4-14 116240]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-29 412776]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-9-30 30192]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-13 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-4 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: dwgviewr.exe: open="C:\Program Files\Autodesk\DWG TrueView 2012\dwgviewr.exe"
.
=============== Created Last 30 ================
.
2013-05-20 14:30:00    --------    d-----w-    C:\MATS
2013-05-20 14:10:05    --------    d-----w-    C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Conduit
2013-05-20 14:09:52    --------    d-----w-    C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\CRE
2013-05-20 14:07:50    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C06597D9-76A6-46F0-8723-F13ED54601E0}\offreg.dll
2013-05-20 12:08:29    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C06597D9-76A6-46F0-8723-F13ED54601E0}\mpengine.dll
2013-05-19 12:08:20    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 07:02:27    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-15 07:02:27    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-15 06:25:06    9195912    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-05-15 03:08:16    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 03:08:16    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 03:08:16    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-15 03:08:06    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-15 03:08:06    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-15 03:08:05    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-15 03:08:05    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-15 03:07:53    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-05-15 03:07:53    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-05-15 03:07:52    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-07 14:40:10    --------    d-----w-    C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Thunderbird
2013-05-07 14:18:52    --------    d-----w-    C:\Program Files (x86)\Common Files\CDTPL
2013-05-07 14:18:51    --------    d-----w-    C:\Program Files (x86)\SysTools EMLViewer
2013-05-02 16:59:15    --------    d-----w-    C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\MusicBee
2013-05-02 16:58:56    --------    d-----w-    C:\Program Files (x86)\MusicBee
2013-04-29 23:06:25    --------    d-----w-    C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\ASCOMP Software
2013-04-29 23:06:18    --------    d-----w-    C:\Program Files (x86)\ASCOMP Software
2013-04-25 07:28:23    905296    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EA4B7D0-E540-4E45-9552-3C996B6B91D0}\gapaengine.dll
2013-04-24 02:40:45    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-23 12:37:04    --------    d-----w-    C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Citrix
2013-04-23 11:56:03    --------    d-----w-    C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Winamp Toolbar
.
==================== Find3M  ====================
.
2013-05-15 22:18:16    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 22:18:16    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-19 14:02:56    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-19 14:02:48    866720    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-04-19 14:02:47    788896    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-05 01:08:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 00:59:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-03-29 14:05:47    39768    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-03-29 06:53:48    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-21 07:08:24    240952    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
.
============= FINISH: 13:08:10.00 ===============
 


Edited by lingle873333, 20 May 2013 - 12:23 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 20 May 2013 - 01:43 PM


Hello lingle873333

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 21 May 2013 - 07:43 AM

First of all, thanks so much for your help Gringo.  Here are the two log files:

 

# AdwCleaner v2.301 - Logfile created 05/21/2013 at 08:33:25
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : jfitch - QUERCUS
# Boot Mode : Normal
# Running from : C:\Users\jfitch.THEFITCHSTUDIO\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
Deleted on reboot : C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
Deleted on reboot : C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
File Deleted : C:\END
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\Winamp Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKU\S-1-5-21-1496275744-3112690079-4265171915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKU\S-1-5-21-1496275744-3112690079-4265171915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKU\S-1-5-21-1496275744-3112690079-4265171915-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKU\S-1-5-21-1496275744-3112690079-4265171915-1002\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN33995228789792812&UM=2&ctid=CT3298566 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

-\\ Google Chrome v26.0.1410.64

*************************

AdwCleaner[S1].txt - [13055 octets] - [21/05/2013 08:33:25]

########## EOF - C:\AdwCleaner[S1].txt - [13116 octets] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by jfitch on Tue 05/21/2013 at  8:39:21.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FVDToolbar.CTBShow
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FVDToolbar.CTBShow.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FVDToolbar.CToolbarShower
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FVDToolbar.CToolbarShower.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1C8152D5-F889-4B64-865C-7832C512393B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2F12C52B-FACC-49C2-8152-BFA43B6381FC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\jfitch.THEFITCHSTUDIO\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\jfitch.THEFITCHSTUDIO\appdata\local\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\jfitch.THEFITCHSTUDIO\appdata\locallow\conduit"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\mozilla\firefox\profiles\5net8w9n.default\user.js
Successfully deleted: [File] C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\mozilla\firefox\profiles\5net8w9n.default\invalidprefs.js
Successfully deleted: [File] C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\mozilla\firefox\profiles\5net8w9n.default\searchplugins\bing-zugo.xml
Successfully deleted: [File] C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\mozilla\firefox\profiles\5net8w9n.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\mozilla\firefox\profiles\5net8w9n.default\smartbar
Successfully deleted: [Folder] C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\mozilla\firefox\profiles\5net8w9n.default\extensions\LogMeInClient@logmein.com
Successfully deleted the following from C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\mozilla\firefox\profiles\5net8w9n.default\prefs.js

user_pref("CT3298566.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN22215000871802311&UM=2&q=");
user_pref("CT3298566.embeddedsData", "[{\"appId\":\"130110228003246321\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3298566.installType", "conduitnsisintegration");
user_pref("CT3298566.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=15&CUI=UN222150008718023
user_pref("CT3298566.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3298566.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmll
user_pref("CT3298566.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298566%26octid%3DCT3298566%26SearchSource%3D61%26CUI%3DUN
user_pref("CT3298566.search.searchAppId", "130110228003246321");
user_pref("CT3298566.search.searchCount", "0");
user_pref("CT3298566.smartbar.CTID", "CT3298566");
user_pref("CT3298566.smartbar.Uninstall", "0");
user_pref("CT3298566.smartbar.homepage", "true");
user_pref("CT3298566.smartbar.toolbarName", "MixiDJ V30 ");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN22215000871802311&UM=2&UP=SPF8E78F77-13D6-43AE-B68E
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3298566");
user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN22215000871802311&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN22215000871802311&UM=2&UP=SPF8E78F77-13D6-43AE-B68E-1A65
user_pref("extensions.funmoods.admin", false);
user_pref("extensions.funmoods.aflt", "pvl");
user_pref("extensions.funmoods.cntry", "US");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "C8DF8F3CA4E50EBF4FD7E339E001E520");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.id", "fa4621ad000000000000e069954ca591");
user_pref("extensions.funmoods.instlDay", "15418");
user_pref("extensions.funmoods.instlRef", "");
user_pref("extensions.funmoods.isDcmntCmplt", true);
user_pref("extensions.funmoods.lastVrsnTs", "1.5.12.210:52:03");
user_pref("extensions.funmoods.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=pvl");
user_pref("extensions.funmoods.noFFXTlbr", false);
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplGrp", "none");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=pvl&q=");
user_pref("extensions.funmoods.vrsn", "1.5.12.2");
user_pref("extensions.funmoods.vrsnTs", "1.5.12.210:52:03");
user_pref("extensions.funmoods.vrsni", "1.5.12.2");
user_pref("extensions.funmoods_i.aflt", "pvl");
user_pref("extensions.funmoods_i.dfltLng", "");
user_pref("extensions.funmoods_i.dfltSrch", true);
user_pref("extensions.funmoods_i.dnsErr", true);
user_pref("extensions.funmoods_i.excTlbr", false);
user_pref("extensions.funmoods_i.hmpg", true);
user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=pvl");
user_pref("extensions.funmoods_i.id", "fa4621ad000000000000e069954ca591");
user_pref("extensions.funmoods_i.instlDay", "15418");
user_pref("extensions.funmoods_i.instlRef", "");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=pvl");
user_pref("extensions.funmoods_i.prdct", "funmoods");
user_pref("extensions.funmoods_i.prtnrId", "funmoods");
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.srchPrvdr", "Search");
user_pref("extensions.funmoods_i.tlbrId", "base");
user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=pvl&q=");
user_pref("extensions.funmoods_i.vrsn", "1.5.12.2");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.12.210:52:03");
user_pref("extensions.funmoods_i.vrsni", "1.5.12.2");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN22215000871802311&UM=2&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN22215000871802311&UM=2&UP=SPF8E78F77-13D6-43AE-B68E-
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN22215000871802311&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
user_pref("smartbar.machineId", "RQKV7JUSXVYCQGSXM/UV1DJWWG/I3IKL+6RQG9AO25GSEWZA5QMTJ28SIEOUBXJRAZMFYQGE4R5OG19RDNBA6A");
Emptied folder: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\mozilla\firefox\profiles\5net8w9n.default\minidumps [74 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/21/2013 at  8:42:10.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 21 May 2013 - 01:03 PM


Hello lingle873333

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 21 May 2013 - 01:52 PM

I have downloaded and attempted to run ComboFix.  As you instructed, I closed all applications and disabled Microsoft Security Essentials.  ComboFix ran but then a box popped up telling me that MSSE was active and to disable it before continuing.  It IS disabled, I swear.  I restarted the machine and tried again, verifying that MSSE was disabled.  Same result.  Any ideas?



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 21 May 2013 - 04:55 PM

go ahead and continue


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 22 May 2013 - 09:08 AM

I've now run ComboFix.  The log is below.  The malware is still active, BTW.

 

ComboFix 13-05-22.01 - jfitch 05/22/2013   9:51.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12270.9937 [GMT -4:00]
Running from: c:\users\jfitch.THEFITCHSTUDIO\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ras_0oed.pad
c:\programdata\zak_lo0i7g.pad
C:\Thumbs.db
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\08L8L8ST\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\08L8L8ST\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\1IEZDFHJ\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\1IEZDFHJ\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\1PR88YEN\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\1PR88YEN\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\1QWIZ9XN\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\1QWIZ9XN\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\1Y50H6NV\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\1Y50H6NV\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\29Z6NNCY\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\29Z6NNCY\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\2MS2IFCQ\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\2MS2IFCQ\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\3ONQTXJ0\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\3ONQTXJ0\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\41LFTLET\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\41LFTLET\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\4CQ3LW90\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\4CQ3LW90\FsdStatement.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\575PH5C3\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\575PH5C3\StatementModel.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\6ICIAKEF\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\6ICIAKEF\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\7472JODY\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\7472JODY\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\7G4L9EU1\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\7G4L9EU1\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\7I7NWXWD\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\7I7NWXWD\FsdStatement.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\7N60BHRO\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\7N60BHRO\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\82ISHQXE\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\82ISHQXE\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\8LJGSPCQ\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\8LJGSPCQ\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\97TOL8UQ\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\97TOL8UQ\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\A03J6TMO\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\A03J6TMO\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\A03OGGZR\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\A03OGGZR\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\B0B13SBG\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\B0B13SBG\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\C63MKB8M\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\C63MKB8M\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\COPP9VAZ\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\COPP9VAZ\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\CP4JXX3J\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\CP4JXX3J\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\CXM1Q40Y\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\CXM1Q40Y\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\D5A1XC53\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\D5A1XC53\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\DCKC2HRM\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\DCKC2HRM\FsdStatement.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\DSJKTP5B\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\DSJKTP5B\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\DUX0SNYF\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\DUX0SNYF\StatementModel.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\EMPLKMM8\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\EMPLKMM8\StatementModel.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\GNZZ862Y\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\GNZZ862Y\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\HE3AJXR6\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\HE3AJXR6\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\HI25URRM\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\HI25URRM\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\I1KFAS18\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\I1KFAS18\FsdStatement.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\I52HJYFI\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\I52HJYFI\FsdStatement.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\J5921DN8\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\J5921DN8\StatementModel.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\KISH3NYN\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\KISH3NYN\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\LDM2XSIM\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\LDM2XSIM\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\LRPULASE\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\LRPULASE\FsdStatement.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\LW4DLDDR\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\LW4DLDDR\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\ME0KB5CO\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\ME0KB5CO\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\MIN8OWKA\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\MIN8OWKA\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\MOT0R7Y0\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\MOT0R7Y0\StatementModel.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\MPJHVH8F\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\MPJHVH8F\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\MWO8FIV5\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\MWO8FIV5\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\MWPWRFHR\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\MWPWRFHR\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\NC101FVQ\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\NC101FVQ\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\NIPEQYXI\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\NIPEQYXI\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\O2BMMJDC\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\O2BMMJDC\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\OJUX0FWS\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\OJUX0FWS\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\OQWHPXGI\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\OQWHPXGI\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\PLD11OIV\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\PLD11OIV\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\QEYM50U5\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\QEYM50U5\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\QFGWFS9E\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\QFGWFS9E\StatementModel.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\QFR8VWUQ\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\QFR8VWUQ\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\R90MME52\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\R90MME52\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\RURPM4U0\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\RURPM4U0\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\SKW1JZS6\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\SKW1JZS6\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\ST1JVG1D\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\ST1JVG1D\FsdCommon.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\T2VPK1CD\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\T2VPK1CD\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\TEU0W3RY\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\TEU0W3RY\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\TP7KWLH5\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\TP7KWLH5\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\UISD1FXU\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\UISD1FXU\FsdDocHelper.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\UZVDURCY\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\UZVDURCY\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\VEUJNDD2\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\VEUJNDD2\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\WOFMJ2FO\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\WOFMJ2FO\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\X9J7PO9I\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\X9J7PO9I\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\YZOD4QDB\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\YZOD4QDB\FsdUI.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\Z7N2VLBN\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\Z7N2VLBN\FsdDoc2003.DLL
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\ZGMHHHZ4\__AssemblyInfo__.ini
c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\assembly\tmp\ZGMHHHZ4\FsdCommon.DLL
c:\users\jfitch.THEFITCHSTUDIO\g2mdlhlpx.exe
c:\users\Jfitch\AppData\Local\assembly\tmp
J:\Autorun.inf
J:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-22 to 2013-05-22  )))))))))))))))))))))))))))))))
.
.
2013-05-22 13:56 . 2013-05-22 13:56    --------    d-----w-    c:\users\JFITCH~1~THE\AppData\Local\temp
2013-05-22 13:56 . 2013-05-22 13:56    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-22 13:56 . 2013-05-22 13:56    --------    d-----w-    c:\users\labadmin\AppData\Local\temp
2013-05-22 13:56 . 2013-05-22 13:56    --------    d-----w-    c:\users\Jfitch\AppData\Local\temp
2013-05-21 12:39 . 2013-05-21 12:39    --------    d-----w-    c:\windows\ERUNT
2013-05-21 12:39 . 2013-05-21 12:39    --------    d-----w-    C:\JRT
2013-05-21 12:08 . 2013-05-21 12:08    964552    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDBA6E7B-2B18-4886-BD93-163525FB89FC}\gapaengine.dll
2013-05-21 12:08 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEFC14DB-DAFE-4C11-B757-7E0A08F7EC19}\mpengine.dll
2013-05-20 20:36 . 2013-05-20 20:36    --------    d-----w-    c:\users\jfitch.THEFITCHSTUDIO\.swt
2013-05-20 20:35 . 2013-05-20 20:38    --------    d-----w-    c:\users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Azureus
2013-05-20 20:35 . 2013-05-20 20:39    --------    d-----w-    c:\program files\Vuze
2013-05-20 14:30 . 2013-05-20 14:30    --------    d-----w-    C:\MATS
2013-05-20 14:09 . 2013-05-20 14:09    --------    d-----w-    c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\CRE
2013-05-20 12:08 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 07:02 . 2013-05-05 21:36    17818624    ----a-w-    c:\windows\system32\mshtml.dll
2013-05-15 07:02 . 2013-05-05 21:16    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-15 07:02 . 2013-05-05 19:12    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-05-15 06:25 . 2013-05-15 06:25    9195912    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-15 03:08 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 03:08 . 2013-04-10 06:01    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 03:08 . 2011-02-03 11:25    144384    ----a-w-    c:\windows\system32\cdd.dll
2013-05-15 03:08 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-15 03:08 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-15 03:08 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-15 03:08 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 03:08 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-15 03:08 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-15 03:07 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-15 03:07 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-15 03:07 . 2013-04-10 03:30    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-05-07 14:40 . 2013-05-07 14:40    --------    d-----w-    c:\users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Thunderbird
2013-05-07 14:40 . 2013-05-07 14:40    --------    d-----w-    c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\Thunderbird
2013-05-07 14:39 . 2013-05-07 14:39    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2013-05-07 14:18 . 2013-05-07 14:18    --------    d-----w-    c:\program files (x86)\Common Files\CDTPL
2013-05-07 14:18 . 2013-05-07 14:31    --------    d-----w-    c:\program files (x86)\SysTools EMLViewer
2013-05-02 16:59 . 2013-05-08 03:15    --------    d-----w-    c:\users\jfitch.THEFITCHSTUDIO\AppData\Roaming\MusicBee
2013-05-02 16:58 . 2013-05-02 16:59    --------    d-----w-    c:\program files (x86)\MusicBee
2013-04-29 23:06 . 2013-04-29 23:06    --------    d-----w-    c:\users\jfitch.THEFITCHSTUDIO\AppData\Roaming\ASCOMP Software
2013-04-29 23:06 . 2013-04-29 23:06    --------    d-----w-    c:\program files (x86)\ASCOMP Software
2013-04-24 02:40 . 2013-04-12 14:45    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-23 12:37 . 2013-04-23 12:37    --------    d-----w-    c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\Citrix
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-20 18:58 . 2013-03-28 12:44    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-05-15 22:18 . 2012-04-19 15:09    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 22:18 . 2011-10-11 02:38    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 07:09 . 2011-10-05 21:24    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-10 01:30 . 2010-06-24 18:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2012-04-14 14:55    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-25 07:28 . 2012-06-12 17:01    905296    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-19 14:02 . 2013-04-19 14:03    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-19 14:02 . 2012-05-17 14:55    866720    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-04-19 14:02 . 2011-12-19 17:56    788896    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-15 03:08    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 03:08    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 03:08    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 03:08    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 03:08    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 03:08    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-03-29 06:53 . 2013-03-29 06:53    246072    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-21 07:08 . 2013-03-21 07:08    240952    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2013-03-19 06:04 . 2013-04-10 19:30    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 19:30    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 19:30    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 19:30    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 19:30    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 19:30    112640    ----a-w-    c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Spotify Web Helper"="c:\users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-29 1193176]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-30 30192]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-14 1527128]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart 0"="c:\windows\System32\Magnify.exe" [2009-07-14 629760]
.
c:\users\Jfitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-6-30 5904216]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2011-7-6 1178984]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-05-14 4937264]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-09-30 30192]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-30 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-20 45856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-10-27 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-26 237056]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-07 375728]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-20 1015984]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-22 07:15    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.93\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 22:18]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 19:30]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 19:30]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2165834337-2456557783-159523925-1119UA.job
- c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 13:35]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2472173757-1120821206-786247379-1131Core1cd06215d6ee2.job
- c:\users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 13:35]
.
2013-05-17 c:\windows\Tasks\HPCeeScheduleForjfitch.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-05-01 c:\windows\Tasks\HPCeeScheduleForQUERCUS$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-08-15 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-25 1425408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.29
DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} - hxxps://prolog.kbr.com/pw/mpsPwLc7.CAB
FF - ProfilePath - c:\users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.http - 91.193.223.152
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-20 10:09; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-eMusic Promotion - c:\users\JFITCH~1.THE\AppData\Local\Temp\nsd5E93.tmp\eMusic\Uninst-eMusic-promotion.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-22  09:58:35
ComboFix-quarantined-files.txt  2013-05-22 13:58
.
Pre-Run: 676,016,087,040 bytes free
Post-Run: 676,693,504,000 bytes free
.
- - End Of File - - 1707279E719535C039F7BD5611885CB3
 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 22 May 2013 - 01:51 PM


Hello lingle873333



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 25 May 2013 - 12:57 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 May 2013 - 07:47 AM

Dear Gringo,

Sorry to have been out of touch.  I was away for the long weekend.  Here are the two FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
Ran by jfitch (administrator) on 28-05-2013 08:44:20
Running from C:\Users\jfitch.THEFITCHSTUDIO\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Akamai Technologies, Inc.) C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Akamai\netsession_win.exe
() C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Akamai\netsession_win.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\jfitch.THEFITCHSTUDIO\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe [37888 2010-08-14] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-09-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-29] ()
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-06-12] (Google Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-09-30] (Google)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup [1527128 2011-06-14] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Jfitch\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-12-19] (SUPERAntiSpyware.com)
HKU\jfitch.THEFITCHSTUDIO.000\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Jfitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Open FVD Suite Toolbar - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - FVD Suite Toolbar - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
PDF: HKLM-x32 {2FE68711-8830-417D-95E0-EAB307DB0447} https://prolog.kbr.com/pw/mpsPwLc7.CAB
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: msdaipp - No CLSID Value -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [65024] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.30

FireFox:
========
FF ProfilePath: C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default
FF Homepage: google.com
FF NetworkProxy: "http", "91.193.223.152"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ant Video Downloader - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\Extensions\anttoolbar@ant.com
FF Extension: No Name - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\Extensions\netvideohunter@netvideohunter.com
FF Extension: MixiDJ V30  - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF Extension: Flash and Video Download - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: artur.dubovoy - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: webmail-ext - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\Extensions\webmail-ext@yousendit.com.xpi
FF Extension: No Name - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Mozilla\Firefox\Profiles\5net8w9n.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

Chrome:
=======
CHR HomePage: hxxp://igoogle.com/
CHR RestoreOnStartup: "hxxp://igoogle.com/", "hxxp://search.conduit.com/?ctid=CT2998365&SearchSource=48&CUI=UN12586475619900137&UM=2", "hxxp://search.conduit.com/?ctid=CT3298566&SearchSource=48&CUI=UN19886878432779888&UM=2"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (IE Tab Multi) - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.0.1_0\plugin/npietab.dll No File
CHR Plugin: (IE Tab Multi (SPA)) - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.0.1_0\plugin/npietabspa.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Java™ Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Extension: (YouTube) - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Video Downloader professional) - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.27_0
CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.1.9_0
CHR Extension: (FVD Video Downloader) - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.1.4_0
CHR Extension: (Gmail) - C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-26] (SUPERAntiSpyware.com)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-09-30] (Google)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375728 2012-11-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147888 2012-11-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-20] (AVG Technologies)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CpqDfw; system32\drivers\CpqDfw.sys [x]
S3 cqcpu; system32\drivers\cqcpu.sys [x]
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-28 08:44 - 2013-05-28 08:44 - 00000000 ____D C:\FRST
2013-05-28 08:42 - 2013-05-28 08:42 - 01915616 ____A (Farbar) C:\Users\jfitch.THEFITCHSTUDIO\Downloads\FRST64.exe
2013-05-27 08:46 - 2013-05-27 09:28 - 209715200 ____A C:\Users\jfitch.THEFITCHSTUDIO\Downloads\Kri An - Wh tys Dri en (2010).part3.rar
2013-05-27 08:37 - 2013-05-27 08:37 - 00001149 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-27 08:36 - 2013-05-27 08:36 - 21289608 ____A (Mozilla) C:\Users\jfitch.THEFITCHSTUDIO\Downloads\Firefox Setup 21.0.exe
2013-05-27 08:33 - 2013-05-27 08:33 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\Downloads\Used Switch photos
2013-05-26 16:44 - 2013-05-26 16:44 - 00603301 ____A C:\Users\jfitch.THEFITCHSTUDIO\Downloads\labservermigrationupdate.zip
2013-05-26 16:41 - 2013-05-26 16:41 - 00002028 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-05-25 13:29 - 2013-05-25 13:29 - 00000080 ____A C:\Windows\System32\ricdb.ini
2013-05-25 13:28 - 2013-05-25 13:28 - 00063488 ____A C:\Users\jfitch.THEFITCHSTUDIO\Desktop\PW_JF.xls
2013-05-24 11:44 - 2012-03-22 13:03 - 375651476 ____A C:\Users\jfitch.THEFITCHSTUDIO\Downloads\FM - Mar 21, 2012 - Remy LaCroix (18567).wmv
2013-05-23 12:48 - 2013-05-23 12:54 - 00067072 ____A C:\Users\jfitch.THEFITCHSTUDIO\Downloads\PW_JF (1).xls
2013-05-23 08:47 - 2013-05-23 08:47 - 00000000 ____D C:\Program Files (x86)\gs
2013-05-22 09:58 - 2013-05-22 09:58 - 00038673 ____A C:\ComboFix.txt
2013-05-21 14:37 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-21 14:37 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-21 14:37 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-21 14:37 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-21 14:37 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-21 14:37 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-21 14:37 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-21 14:37 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-21 14:34 - 2013-05-22 09:58 - 00000000 ___AD C:\Qoobox
2013-05-21 14:34 - 2013-05-22 09:57 - 00000000 ____D C:\Windows\erdnt
2013-05-21 08:39 - 2013-05-21 08:39 - 00000000 ____D C:\Windows\ERUNT
2013-05-21 08:39 - 2013-05-21 08:39 - 00000000 ____D C:\JRT
2013-05-20 16:36 - 2013-05-20 16:36 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\.swt
2013-05-20 16:35 - 2013-05-20 16:39 - 00000000 ____D C:\Program Files\Vuze
2013-05-20 16:35 - 2013-05-20 16:38 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Azureus
2013-05-20 13:22 - 2013-05-21 14:53 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\Desktop\BleepingComputer-13_0520
2013-05-20 10:30 - 2013-05-20 10:30 - 00000000 ____D C:\MATS
2013-05-20 10:09 - 2013-05-20 10:09 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\CRE
2013-05-20 09:50 - 2011-04-19 20:52 - 00000159 ____A C:\Users\jfitch.THEFITCHSTUDIO\Downloads\More free  movies.url
2013-05-17 11:19 - 2013-05-17 11:19 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\Downloads\redocumentsfromjonfitch
2013-05-17 08:49 - 2013-05-17 08:49 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\Downloads\Hands_siterip_screenshots
2013-05-15 03:02 - 2013-05-05 17:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 03:02 - 2013-05-05 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 03:02 - 2013-05-05 15:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 03:02 - 2013-05-05 15:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 03:01 - 2013-04-04 21:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 03:01 - 2013-04-04 21:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 03:01 - 2013-04-04 21:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 03:01 - 2013-04-04 21:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 03:01 - 2013-04-04 20:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 03:01 - 2013-04-04 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 03:01 - 2013-04-04 20:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 03:01 - 2013-04-04 20:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 03:01 - 2013-04-04 20:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 03:01 - 2013-04-04 20:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 03:01 - 2013-04-04 20:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 03:01 - 2013-04-04 20:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 03:01 - 2013-04-04 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 03:01 - 2013-04-04 20:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 03:01 - 2013-04-04 18:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 03:01 - 2013-04-04 18:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 03:01 - 2013-04-04 18:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 03:01 - 2013-04-04 18:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 03:01 - 2013-04-04 18:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 03:01 - 2013-04-04 18:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-15 03:01 - 2013-04-04 17:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 03:01 - 2013-04-04 17:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 03:01 - 2013-04-04 17:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 03:01 - 2013-04-04 17:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-15 03:01 - 2013-04-04 17:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 03:01 - 2013-04-04 17:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 03:01 - 2013-04-04 17:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 03:01 - 2013-04-04 17:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 02:25 - 2013-05-15 02:25 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-14 23:08 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 23:08 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 23:08 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 23:08 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 23:08 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 23:08 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 23:08 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 23:08 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 23:08 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 23:08 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 23:08 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 23:07 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 23:07 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 23:07 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-13 22:18 - 2013-05-13 22:18 - 02603141 ____A C:\Users\jfitch.THEFITCHSTUDIO\Downloads\redocumentsfromjonfitch.zip
2013-05-10 03:57 - 2013-05-10 03:57 - 00055872 ____A (Adobe Systems Inc) C:\Windows\System32\AdobePDF.dll
2013-05-10 03:57 - 2013-05-10 03:57 - 00027208 ____A (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
2013-05-07 10:40 - 2013-05-22 13:02 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Thunderbird
2013-05-07 10:40 - 2013-05-07 10:40 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Thunderbird
2013-05-07 10:39 - 2013-05-22 13:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-07 10:18 - 2013-05-07 10:31 - 00000000 ____D C:\Program Files (x86)\SysTools EMLViewer
2013-05-02 12:59 - 2013-05-07 23:15 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\MusicBee
2013-05-02 12:58 - 2013-05-02 12:59 - 00001009 ____A C:\Users\labadmin\Desktop\MusicBee.lnk
2013-05-02 12:58 - 2013-05-02 12:59 - 00001009 ____A C:\Users\Jfitch\Desktop\MusicBee.lnk
2013-05-02 12:58 - 2013-05-02 12:59 - 00000000 ____D C:\Program Files (x86)\MusicBee
2013-05-01 18:09 - 2013-05-01 18:09 - 00085377 ____A C:\Users\jfitch.THEFITCHSTUDIO\Documents\bookmarks_5_1_13.html
2013-04-29 19:06 - 2013-04-29 19:06 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\ASCOMP Software
2013-04-29 19:06 - 2013-04-29 19:06 - 00000000 ____D C:\Program Files (x86)\ASCOMP Software

==================== One Month Modified Files and Folders =======

2013-05-28 08:44 - 2013-05-28 08:44 - 00000000 ____D C:\FRST
2013-05-28 08:43 - 2013-02-04 16:48 - 00000000 ____D C:\ProgramData\MFAData
2013-05-28 08:42 - 2013-05-28 08:42 - 01915616 ____A (Farbar) C:\Users\jfitch.THEFITCHSTUDIO\Downloads\FRST64.exe
2013-05-28 08:41 - 2011-10-07 08:50 - 00107008 ____A C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-28 08:35 - 2011-09-30 11:18 - 00000000 ____D C:\ProgramData\Zoom Player
2013-05-28 08:31 - 2012-04-19 11:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-28 08:30 - 2012-07-16 18:32 - 00000942 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2165834337-2456557783-159523925-1119UA.job
2013-05-28 08:30 - 2012-03-19 18:38 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2472173757-1120821206-786247379-1131Core1cd06215d6ee2.job
2013-05-28 08:30 - 2011-10-15 08:04 - 00000000 ____D C:\ProgramData\LogMeIn
2013-05-28 08:30 - 2011-10-03 17:40 - 00000152 ____A C:\Windows\System32\config\netlogon.ftl
2013-05-28 08:30 - 2011-09-29 15:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-28 08:30 - 2011-09-29 15:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-27 11:27 - 2011-04-14 10:22 - 01063600 ____A C:\Windows\WindowsUpdate.log
2013-05-27 09:28 - 2013-05-27 08:46 - 209715200 ____A C:\Users\jfitch.THEFITCHSTUDIO\Downloads\Kri An - Wh tys Dri en (2010).part3.rar
2013-05-27 09:22 - 2011-10-10 21:51 - 00000000 ___AD C:\Users\jfitch.THEFITCHSTUDIO\Documents\BOB_FITCH
2013-05-27 08:37 - 2013-05-27 08:37 - 00001149 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-27 08:37 - 2013-04-12 10:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-27 08:37 - 2012-05-18 10:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-27 08:36 - 2013-05-27 08:36 - 21289608 ____A (Mozilla) C:\Users\jfitch.THEFITCHSTUDIO\Downloads\Firefox Setup 21.0.exe
2013-05-27 08:33 - 2013-05-27 08:33 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\Downloads\Used Switch photos
2013-05-26 16:44 - 2013-05-26 16:44 - 00603301 ____A C:\Users\jfitch.THEFITCHSTUDIO\Downloads\labservermigrationupdate.zip
2013-05-26 16:41 - 2013-05-26 16:41 - 00002028 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-05-25 13:29 - 2013-05-25 13:29 - 00000080 ____A C:\Windows\System32\ricdb.ini
2013-05-25 13:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\spool
2013-05-25 13:28 - 2013-05-25 13:28 - 00063488 ____A C:\Users\jfitch.THEFITCHSTUDIO\Desktop\PW_JF.xls
2013-05-25 11:06 - 2011-10-11 13:14 - 00063488 ____A C:\Users\jfitch.THEFITCHSTUDIO\Documents\PW_JF.xls
2013-05-24 11:32 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-24 11:32 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-23 13:50 - 2011-10-11 14:40 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\CutePDF Writer
2013-05-23 13:18 - 2011-09-30 03:43 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForjfitch.job
2013-05-23 13:18 - 2011-09-29 15:34 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-05-23 13:17 - 2011-10-27 20:48 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-05-23 13:16 - 2011-10-06 20:59 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\HP Support Assistant
2013-05-23 13:16 - 2011-10-06 20:58 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\HpUpdate
2013-05-23 12:54 - 2013-05-23 12:48 - 00067072 ____A C:\Users\jfitch.THEFITCHSTUDIO\Downloads\PW_JF (1).xls
2013-05-23 08:53 - 2012-05-30 09:11 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\TuneUpMedia
2013-05-23 08:50 - 2013-02-04 14:28 - 00007762 ____A C:\Windows\PFRO.log
2013-05-23 08:50 - 2013-02-03 02:00 - 00001176 ____A C:\Windows\setupact.log
2013-05-23 08:50 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-23 08:47 - 2013-05-23 08:47 - 00000000 ____D C:\Program Files (x86)\gs
2013-05-22 16:41 - 2011-09-30 10:41 - 00000000 ____D C:\Program Files (x86)\Acro Software
2013-05-22 13:02 - 2013-05-07 10:40 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Thunderbird
2013-05-22 13:02 - 2013-05-07 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-05-22 09:58 - 2013-05-22 09:58 - 00038673 ____A C:\ComboFix.txt
2013-05-22 09:58 - 2013-05-21 14:34 - 00000000 ___AD C:\Qoobox
2013-05-22 09:58 - 2009-07-13 23:20 - 00000000 __RHD C:\users\Default
2013-05-22 09:57 - 2013-05-21 14:34 - 00000000 ____D C:\Windows\erdnt
2013-05-22 09:57 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-05-22 09:56 - 2011-10-04 17:10 - 00000000 ____D C:\users\jfitch.THEFITCHSTUDIO
2013-05-21 14:53 - 2013-05-20 13:22 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\Desktop\BleepingComputer-13_0520
2013-05-21 08:39 - 2013-05-21 08:39 - 00000000 ____D C:\Windows\ERUNT
2013-05-21 08:39 - 2013-05-21 08:39 - 00000000 ____D C:\JRT
2013-05-21 08:21 - 2011-09-30 10:43 - 00000000 ___RD C:\Users\Jfitch\Dropbox
2013-05-20 16:39 - 2013-05-20 16:35 - 00000000 ____D C:\Program Files\Vuze
2013-05-20 16:38 - 2013-05-20 16:35 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Azureus
2013-05-20 16:36 - 2013-05-20 16:36 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\.swt
2013-05-20 14:59 - 2013-03-28 08:44 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-05-20 14:58 - 2013-03-28 08:44 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-20 10:30 - 2013-05-20 10:30 - 00000000 ____D C:\MATS
2013-05-20 10:21 - 2011-10-18 09:41 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\CrashDumps
2013-05-20 10:09 - 2013-05-20 10:09 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\CRE
2013-05-17 11:19 - 2013-05-17 11:19 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\Downloads\redocumentsfromjonfitch
2013-05-17 08:49 - 2013-05-17 08:49 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\Downloads\Hands_siterip_screenshots
2013-05-16 10:15 - 2012-09-27 09:40 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-05-16 10:10 - 2012-09-27 09:40 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\AVS4YOU
2013-05-15 18:45 - 2011-09-28 18:39 - 00000000 ____D C:\ProgramData\Adobe
2013-05-15 18:18 - 2012-04-19 11:09 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 18:18 - 2011-10-10 22:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 05:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-05-15 03:34 - 2009-07-14 00:45 - 04994480 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 03:13 - 2009-07-13 22:34 - 00000499 ____A C:\Windows\win.ini
2013-05-15 03:09 - 2011-10-05 17:24 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 03:06 - 2009-07-14 01:13 - 00796800 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-15 02:25 - 2013-05-15 02:25 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-13 22:18 - 2013-05-13 22:18 - 02603141 ____A C:\Users\jfitch.THEFITCHSTUDIO\Downloads\redocumentsfromjonfitch.zip
2013-05-13 11:40 - 2012-06-26 16:10 - 00000123 ____A C:\Windows\ccolwiz.ini
2013-05-13 09:08 - 2011-10-10 21:51 - 00000000 _ASHD C:\Users\jfitch.THEFITCHSTUDIO\Documents\MONTROSE
2013-05-10 12:11 - 2011-10-05 17:20 - 00000000 ___RD C:\Users\jfitch.THEFITCHSTUDIO\Desktop\APPLICATIONS SHORTCUTS
2013-05-10 03:57 - 2013-05-10 03:57 - 00055872 ____A (Adobe Systems Inc) C:\Windows\System32\AdobePDF.dll
2013-05-10 03:57 - 2013-05-10 03:57 - 00027208 ____A (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
2013-05-07 23:15 - 2013-05-02 12:59 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\MusicBee
2013-05-07 10:40 - 2013-05-07 10:40 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\Thunderbird
2013-05-07 10:31 - 2013-05-07 10:18 - 00000000 ____D C:\Program Files (x86)\SysTools EMLViewer
2013-05-07 10:31 - 2011-09-30 11:13 - 00000000 ____D C:\Program Files (x86)\MacheteSoft
2013-05-07 10:22 - 2013-02-04 16:48 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Local\Avg2013
2013-05-07 10:22 - 2011-10-10 16:47 - 00795928 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-05 17:36 - 2013-05-15 03:02 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 17:16 - 2013-05-15 03:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 15:25 - 2013-05-15 03:02 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 15:12 - 2013-05-15 03:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-02 12:59 - 2013-05-02 12:58 - 00001009 ____A C:\Users\labadmin\Desktop\MusicBee.lnk
2013-05-02 12:59 - 2013-05-02 12:58 - 00001009 ____A C:\Users\Jfitch\Desktop\MusicBee.lnk
2013-05-02 12:59 - 2013-05-02 12:58 - 00000000 ____D C:\Program Files (x86)\MusicBee
2013-05-02 11:29 - 2012-04-14 10:55 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 18:09 - 2013-05-01 18:09 - 00085377 ____A C:\Users\jfitch.THEFITCHSTUDIO\Documents\bookmarks_5_1_13.html
2013-05-01 10:42 - 2013-01-23 12:50 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\Desktop\Matls for Alex Jaffe
2013-05-01 08:43 - 2012-01-07 09:43 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForQUERCUS$.job
2013-04-29 19:06 - 2013-04-29 19:06 - 00000000 ____D C:\Users\jfitch.THEFITCHSTUDIO\AppData\Roaming\ASCOMP Software
2013-04-29 19:06 - 2013-04-29 19:06 - 00000000 ____D C:\Program Files (x86)\ASCOMP Software
2013-04-29 08:34 - 2012-05-30 09:11 - 00000000 ____D C:\ProgramData\TuneUpMedia

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-15 05:14

==================== End Of Log ============================



#11 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 May 2013 - 07:49 AM

Here's the Addition.txt log--

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2013
Ran by jfitch at 2013-05-28 08:44:52 Run:
Running from C:\Users\jfitch.THEFITCHSTUDIO\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

50 FREE MP3s +1 Free Audiobook! (Version: 1.0.0.1)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
AC3Filter 1.63b (Version: 1.63b)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.7)
Adobe AIR (Version: 3.7.0.1530)
Adobe Community Help (Version: 3.4.980)
Adobe Content Viewer (Version: 1.4.0)
Adobe Creative Suite 5.5 Design Standard (Version: 5.5)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Ashampoo Burning Studio 6 FREE v.6.80 (Version: 6.8.0)
ATI Catalyst Install Manager (Version: 3.0.790.0)
ATI Stream SDK v2 Developer (Version: 2.2.0.0)
AVG 2013 (Version: 13.0.3184)
AVG 2013 (Version: 13.0.3343)
AVG 2013 (Version: 2013.0.3343)
AVG SafeGuard toolbar (Version: 15.2.0.5)
AVS Audio Converter 7 (Version: 7.0.6.519)
AVS Audio Editor 7.1 (Version: 7.1.6.484)
AVS Audio Recorder version 4.0 (Version: 4.0.1.21)
AVS Screen Capture version 2.0.2
AVS Update Manager 1.0
AVS Video Converter 8 (Version: 8.3.3.535)
AVS Video Editor 6 (Version: 6.3.3.235)
AVS Video Recorder 2.5 (Version: 2.5.4.84)
AVS4YOU Software Navigator 1.4
AxCrypt 1.7.2687.0 (Version: 1.7.2687.0)
Bass Audio Decoder (remove only)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Belarc Advisor 8.2 (Version: 8.2.6.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Bonjour (Version: 2.0.5.0)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0907.2140.37006)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0907.2140.37006)
Catalyst Control Center InstallProxy (Version: 2010.0907.2140.37006)
Catalyst Control Center Localization All (Version: 2010.0907.2140.37006)
CCC Help Chinese Standard (Version: 2010.0907.2139.37006)
CCC Help Chinese Traditional (Version: 2010.0907.2139.37006)
CCC Help Czech (Version: 2010.0907.2139.37006)
CCC Help Danish (Version: 2010.0907.2139.37006)
CCC Help Dutch (Version: 2010.0907.2139.37006)
CCC Help English (Version: 2010.0907.2139.37006)
CCC Help Finnish (Version: 2010.0907.2139.37006)
CCC Help French (Version: 2010.0907.2139.37006)
CCC Help German (Version: 2010.0907.2139.37006)
CCC Help Greek (Version: 2010.0907.2139.37006)
CCC Help Hungarian (Version: 2010.0907.2139.37006)
CCC Help Italian (Version: 2010.0907.2139.37006)
CCC Help Japanese (Version: 2010.0907.2139.37006)
CCC Help Korean (Version: 2010.0907.2139.37006)
CCC Help Norwegian (Version: 2010.0907.2139.37006)
CCC Help Polish (Version: 2010.0907.2139.37006)
CCC Help Portuguese (Version: 2010.0907.2139.37006)
CCC Help Russian (Version: 2010.0907.2139.37006)
CCC Help Spanish (Version: 2010.0907.2139.37006)
CCC Help Swedish (Version: 2010.0907.2139.37006)
CCC Help Thai (Version: 2010.0907.2139.37006)
CCC Help Turkish (Version: 2010.0907.2139.37006)
ccc-core-static (Version: 2010.0907.2140.37006)
ccc-utility64 (Version: 2010.0907.2140.37006)
CCleaner (Version: 3.11)
CD Audio Reader Filter (remove only)
Chuzzle Deluxe (Version: 2.2.0.95)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CutePDF Writer 3.0 (Version:  3.0)
D3DX10 (Version: 15.4.2368.0902)
DCoder Image Source (remove only)
DGN to DWG Converter
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DirectVobSub (remove only)
Dora's World Adventure (Version: 2.2.0.95)
DScaler 5 Mpeg Decoders
Duplicate Finder v4.2.0.0
DVD Menu Pack for HP MediaSmart Video (Version: 4.2.4412)
DWG TrueView 2012 (Version: 18.2.51.0)
Escape Rosecliff Island (Version: 2.2.0.95)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
ffdshow v1.1.3996 [2011-10-13] (Version: 1.1.3996.0)
FFMPEG Core Files (remove only)
File Shredder 2.0
FileZilla Client 3.5.2 (Version: 3.5.2)
Final Drive Nitro (Version: 2.2.0.95)
Free Hide Folder
FreeFileSync v5.3 (Version: 5.3)
FVD Suite 2.7.5
Gabest MPEG Splitter (remove only)
Gadwin PrintScreen (Version: 4.7)
Google Apps Migration For Microsoft Outlook® 2.3.12.34 (Version: 2.3.12.34)
Google Chrome (Version: 27.0.1453.94)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 7.0.3.8542)
Google SketchUp Pro 8 (Version: 3.0.14346)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GoToMeeting 5.4.0.1082 (Version: 5.4.0.1082)
GPL Ghostscript (Version: 9.07)
Haali Media Splitter
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Game Console
HP Games (Version: 1.0.1.5)
HP MediaSmart DVD (Version: 4.2.4725)
HP MediaSmart Music (Version: 4.2.4517)
HP MediaSmart Photo (Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.4)
HP MediaSmart Video (Version: 4.2.4522)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.4.0)
HP Odometer (Version: 2.10.0000)
HP Setup (Version: 8.4.4400.3525)
HP Setup Manager (Version: 1.0.12844.3519)
HP Support Assistant (Version: 7.0.39.15)
HP Support Information (Version: 10.1.1000)
HP Update (Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.1.6.0)
Hulu Desktop (Version: 0.9.13)
HydraVision (Version: 4.2.180.0)
IDT Audio (Version: 1.0.6302.0)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
IrfanView (remove only) (Version: 4.30)
iTunes (Version: 10.3.1.55)
IZArc 4.1.6 (Version: 4.1.6)
Java 7 Update 21 (Version: 7.0.210)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.5)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
K-Lite Codec Pack 5.2.0 (64-bit) (Version: 5.2.0)
LabelPrint (Version: 2.5.3130)
LAV Filters (remove only)
LightScribe System Software (Version: 1.18.20.1)
LogMeIn (Version: 4.1.1890)
Machete 3.7 (Version: 3.7.33)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Masterworks (Version: 7.0.0.0)
Media Player Classic - Home Cinema v1.5.2.3456 x64 (Version: 1.5.2.3456)
MediaInfo 0.7.52 (Version: 0.7.52)
Meridian Systems Prolog WebSite 2007 R2 Client (Version: 7.72.0005)
Meridian Systems Prolog Website 2007 R2 File Management Control (Version: 7.72.0005)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 17.0.5 (x86 en-US) (Version: 17.0.5)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Music Manager
MusicBee 2.0 (Version: 2.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
PDF Settings CS5 (Version: 10.0)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.7717)
Picture Resizer 1.0
PictureMover (Version: 3.5.0.33)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4329)
PowerDirector (Version: 8.0.3129)
PressReader (Version: 5.10.1102.0)
QuickBooks (Version: 21.0.4008.904)
QuickBooks Premier: Accountant Edition 2011 (Version: 21.0.4008.904)
Quicken 2012 (Version: 21.1.7.18)
QuickTime (Version: 7.72.80.56)
RealMedia (remove only)
Recovery Manager (Version: 5.5.3219)
RoxioNow Player (Version: 1.9.5.101)
RxFilters3D (Version: 16.0.4.5286)
Solway's Plain Backup 1.71 (Version: 1.71)
Spotify (Version: 0.8.4.124.ga3559d86)
SUPERAntiSpyware (Version: 5.0.1132)
Synchredible (Version: 4.0.0.5)
TeamViewer 6 (Version: 6.0.11117)
TuneUp Companion 2.4.8.5 (Version: 2.4.8.5)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Vectorworks 2012 Help (Version: 1.0)
Vectorworks 2013 Help (Version: 2.0)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 1.1.11 (Version: 1.1.11)
Wheel of Fortune 2 (Version: 2.2.0.95)
Winamp (Version: 5.63 )
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
WinRAR 4.10 beta 4 (64-bit) (Version: 4.10.4)
Zinio Reader 4 (Version: 4.0.3184)
Zoom Player (remove only)
Zuma Deluxe (Version: 2.2.0.95)

==================== Restore Points  =========================

23-05-2013 04:00:00 Scheduled Checkpoint
26-05-2013 13:00:58 Windows Update
26-05-2013 23:00:12 Windows Backup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2013 00:30:15 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 07:17:32 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 07:17:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 07:17:23 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 07:00:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 07:00:01 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 09:00:58 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {856ec292-c900-4fc6-a4de-3f6289dd848f}

Error: (05/25/2013 01:30:21 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (05/25/2013 01:30:21 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (05/25/2013 01:30:21 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (05/26/2013 09:01:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.151.952.0).

Error: (05/26/2013 09:01:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.151.912.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/25/2013 11:32:06 AM) (Source: Microsoft-Windows-GroupPolicy) (User: THEFITCHSTUDIO)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (05/25/2013 00:50:33 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/24/2013 06:18:57 PM) (Source: DCOM) (User: )
Description: {9E14B23B-5D8A-447F-B962-6D6D6897861E}

Error: (05/24/2013 09:58:59 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (05/23/2013 08:49:09 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/23/2013 07:03:16 AM) (Source: Service Control Manager) (User: )
Description: The Intuit QuickBooks FCS service failed to start due to the following error:
%%31

Error: (05/23/2013 07:03:15 AM) (Source: Service Control Manager) (User: )
Description: The Intuit QuickBooks FCS service failed to start due to the following error:
%%31

Error: (05/23/2013 05:03:14 AM) (Source: Service Control Manager) (User: )
Description: The Intuit QuickBooks FCS service failed to start due to the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (05/27/2013 00:30:15 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 07:17:32 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 07:17:30 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 07:17:23 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 07:00:12 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 07:00:01 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {ee3d671d-7dd2-4733-9411-b5a345c43682}

Error: (05/26/2013 09:00:58 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2472173757-1120821206-786247379-1131.old)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {856ec292-c900-4fc6-a4de-3f6289dd848f}

Error: (05/25/2013 01:30:21 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (05/25/2013 01:30:21 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (05/25/2013 01:30:21 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle


CodeIntegrity Errors:
===================================
  Date: 2013-05-22 09:55:59.989
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-22 09:55:59.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-10-15 12:38:57.468
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3filter64.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-15 12:38:57.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-15 12:21:53.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3filter64.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-15 12:21:53.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-15 12:08:01.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3filter64.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-15 12:08:01.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-15 10:19:12.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3filter64.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-15 10:19:11.982
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 12270.5 MB
Available physical RAM: 9709.55 MB
Total Pagefile: 24539.18 MB
Available Pagefile: 20271.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.13 GB) (Free:625.08 GB) NTFS (Disk=0 Partition=2)
Drive d: (HP_RECOVERY) (Fixed) (Total:13.29 GB) (Free:1.64 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (Seagate Pocket Drive) (Fixed) (Total:232.88 GB) (Free:144.67 GB) NTFS (Disk=7 Partition=1)
Drive g: (LAB ARCHIVE) (Fixed) (Total:931.48 GB) (Free:100.97 GB) NTFS (Disk=1 Partition=1)
Drive h: (OS) (Network) (Total:927.96 GB) (Free:454.64 GB) NTFS
Drive i: (OS) (Network) (Total:927.96 GB) (Free:454.64 GB) NTFS
Drive j: (FreeAgent BackupLAB) (Fixed) (Total:931.51 GB) (Free:351.07 GB) NTFS (Disk=2 Partition=1)
Drive m: (OS) (Network) (Total:927.96 GB) (Free:454.64 GB) NTFS
Drive q: (OS) (Network) (Total:927.96 GB) (Free:454.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: BCE09E70)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E3CB3531)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: C5DE8835)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 28 May 2013 - 12:49 PM

Hello lingle873333



I need you to download this script I have made for you --> Attached File  fixlist.txt   225bytes   1 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 29 May 2013 - 09:00 AM

Gringo,

So I don't mess up, when you say "next to FRST" do you mean simply in the same folder or do you mean something more specific?



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 AM

Posted 29 May 2013 - 12:43 PM

In the same folder is perfect
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 lingle873333

lingle873333
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 29 May 2013 - 01:24 PM

Here we go.  By the way, both hijackers are still active.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-05-2013
Ran by jfitch at 2013-05-29 14:21:58 Run:1
Running from C:\Users\jfitch.THEFITCHSTUDIO\Desktop\BleepingComputer-13_0520
Boot Mode: Normal
==============================================

CHR RestoreOnStartup: "hxxp://igoogle.com/", "hxxp://search.conduit.com/?ctid=CT2998365&SearchSource=48&CUI=UN12586475619900137&UM=2", "hxxp://search.conduit.com/?ctid=CT3298566&SearchSource=48&CUI=UN19886878432779888&UM=2" ==> The Chrome "Settings" can be used to fix the entry.

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users