Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing unknown virus :^)


  • This topic is locked This topic is locked
8 replies to this topic

#1 Christian.Anderson79

Christian.Anderson79

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 27 May 2013 - 01:15 PM

Recently I have gotten a virus on my computer while I was listening to the music on the Internet. It makes my computer run slow. I downloaded malwarebytes and did a full scan and it didn't pick up anything. I also did a full scan with AVG and it didn't get anything. I also ran both on safe mode also. The virus also plays ad noises when I close everything out. I check the volume mixer to see what is making the noises and it says "Name not available" is making the sounds. I cannot find here it is and when I try to close the process using task manager, I open it but I cannot End any process. Please help me :^)

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 28 May 2013 - 10:48 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 04 June 2013 - 09:40 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 06 June 2013 - 09:14 AM

This topic has been re-opened at the request of the person who originally posted.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Christian.Anderson79

Christian.Anderson79
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 07 June 2013 - 07:20 PM

Hello, sorry for the late reply. Here is what you asked for :)

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-06-2013 02
Ran by Drew (administrator) on 07-06-2013 17:16:34
Running from F:\help
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() Q:\140066.enu\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\SndVol.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Farbar) F:\help\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-09-15] ()
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE" /quietlaunch "MSOSYNC 9014006604090000" [3208032 2012-01-04] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-25] (Google Inc.)
MountPoints2: L - L:\Setup.exe
MountPoints2: {942e059e-9aa4-11e0-8bb8-6431502734dd} - F:\PcOptions.exe
MountPoints2: {d8a6c016-5ebc-11e0-bf79-6431502734dd} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
HKLM-x32 SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={FB0F503B-23DB-4362-A5DE-F9697ECD7C29}&mid=9e57f34f4eec47d6a702b57816c3dd2e-f2aebc5b7f159c57c78ecd065de1afce1d256568&lang=en&ds=AVG&pr=pr&d=2012-03-28 06:30:22&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - !{c98d5b61-b0ea-4d48-9839-1079d352d880} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{c98d5b61-b0ea-4d48-9839-1079d352d880} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/
CHR RestoreOnStartup: "hxxp://www.msn.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Drew\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Drew\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Drew\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Drew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Drew\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0
CHR Extension: (Gmail) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-07 17:16 - 2013-06-07 17:16 - 00000000 ____D C:\FRST
2013-06-07 17:15 - 2013-06-07 17:13 - 01919218 ____A (Farbar) C:\Users\Drew\Desktop\FRST.exe
2013-06-07 17:13 - 2013-06-07 17:13 - 00000355 ____A C:\Users\Drew\Desktop\Computer - Shortcut.lnk
2013-05-27 14:44 - 2013-06-03 07:42 - 00007668 ____A C:\Windows\PFRO.log
2013-05-27 14:20 - 2013-05-27 14:22 - 00002429 ____A C:\Windows\LDPINST.LOG
2013-05-27 14:10 - 2013-05-27 14:10 - 00000000 ____D C:\Users\Drew\Documents\Resumes 2013
2013-05-27 13:27 - 2013-06-05 07:56 - 00171487 ____A C:\Windows\WindowsUpdate.log
2013-05-27 13:23 - 2013-06-07 17:10 - 00000392 ____A C:\Windows\setupact.log
2013-05-27 13:23 - 2013-05-27 13:23 - 00000000 ____A C:\Windows\setuperr.log
2013-05-27 12:27 - 2013-05-27 12:27 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-27 12:27 - 2013-05-27 12:27 - 00000000 ____D C:\Program Files\CCleaner
2013-05-27 12:12 - 2013-05-27 12:12 - 00001079 ____A C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2013-05-27 12:12 - 2013-05-27 12:12 - 00000000 ____D C:\Users\Drew\AppData\Local\VS Revo Group
2013-05-27 12:12 - 2013-05-27 12:12 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-05-27 12:12 - 2013-05-27 12:12 - 00000000 ____D C:\Program Files\VS Revo Group
2013-05-27 12:12 - 2009-12-30 11:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2013-05-26 16:36 - 2013-05-26 16:36 - 00000000 ____D C:\Users\Drew\AppData\Roaming\AVG2013
2013-05-26 16:25 - 2013-05-26 16:25 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-26 16:25 - 2013-05-26 16:25 - 00000000 ____D C:\Users\Drew\AppData\Roaming\TuneUp Software
2013-05-26 16:20 - 2013-05-26 16:29 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-26 16:17 - 2013-05-26 16:45 - 00000000 ____D C:\Users\Drew\AppData\Local\Avg2013
2013-05-26 16:17 - 2013-05-26 16:17 - 00000000 ____D C:\Users\Drew\AppData\Local\MFAData
2013-05-26 11:14 - 2013-05-26 11:14 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-15 16:48 - 2013-05-15 16:48 - 00596729 ____A C:\Users\Drew\Downloads\Turret Mod Installer.zip
2013-05-15 03:01 - 2013-05-05 14:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 03:01 - 2013-05-05 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 03:01 - 2013-05-05 12:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 03:01 - 2013-05-05 12:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 03:00 - 2013-04-04 18:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 03:00 - 2013-04-04 18:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 03:00 - 2013-04-04 18:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 03:00 - 2013-04-04 18:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 03:00 - 2013-04-04 17:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 03:00 - 2013-04-04 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 03:00 - 2013-04-04 17:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 03:00 - 2013-04-04 17:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 03:00 - 2013-04-04 17:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 03:00 - 2013-04-04 17:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 03:00 - 2013-04-04 17:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 03:00 - 2013-04-04 17:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 03:00 - 2013-04-04 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 03:00 - 2013-04-04 17:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 03:00 - 2013-04-04 15:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 03:00 - 2013-04-04 15:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 03:00 - 2013-04-04 15:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 03:00 - 2013-04-04 15:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 03:00 - 2013-04-04 15:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 03:00 - 2013-04-04 15:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-15 03:00 - 2013-04-04 14:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 03:00 - 2013-04-04 14:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 03:00 - 2013-04-04 14:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 03:00 - 2013-04-04 14:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-15 03:00 - 2013-04-04 14:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 03:00 - 2013-04-04 14:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 03:00 - 2013-04-04 14:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 03:00 - 2013-04-04 14:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-14 21:27 - 2013-04-09 23:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 21:27 - 2013-04-09 23:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 21:27 - 2013-03-18 22:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 21:27 - 2013-03-18 22:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 21:27 - 2013-02-26 23:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 21:27 - 2013-02-26 22:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 21:27 - 2013-02-26 22:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 21:27 - 2013-02-26 22:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 21:27 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 21:27 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 21:27 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 21:27 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 21:27 - 2011-02-03 04:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 21:26 - 2013-04-09 20:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-08 07:11 - 2013-05-08 07:12 - 116061582 ____A C:\Users\Drew\Downloads\Sphax PureBDcraft 512x MC15.zip

==================== One Month Modified Files and Folders =======

2013-06-07 17:16 - 2013-06-07 17:16 - 00000000 ____D C:\FRST
2013-06-07 17:16 - 2013-05-27 13:27 - 00171487 ____A C:\Windows\WindowsUpdate.log
2013-06-07 17:16 - 2011-03-27 18:55 - 00000000 ____D C:\ProgramData\MFAData
2013-06-07 17:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2013-06-07 17:13 - 2013-06-07 17:15 - 01919218 ____A (Farbar) C:\Users\Drew\Desktop\FRST.exe
2013-06-07 17:13 - 2013-06-07 17:13 - 00000355 ____A C:\Users\Drew\Desktop\Computer - Shortcut.lnk
2013-06-07 17:10 - 2013-05-27 13:23 - 00000392 ____A C:\Windows\setupact.log
2013-06-07 17:10 - 2013-01-21 22:22 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-06-07 17:10 - 2012-04-19 19:46 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-06-07 17:10 - 2011-04-19 18:44 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-07 17:10 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-05 07:56 - 2009-07-13 22:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-05 07:53 - 2011-04-04 18:39 - 00000000 ____D C:\Users\Drew\AppData\Roaming\SoftGrid Client
2013-06-05 07:53 - 2009-07-13 22:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-05 07:53 - 2009-07-13 21:45 - 00015568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-05 07:53 - 2009-07-13 21:45 - 00015568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-05 07:48 - 2013-01-17 08:34 - 00025413 ____A C:\Users\Drew\Desktop\Monthly Bill Tracker 2013.xlsx
2013-06-04 06:43 - 2012-04-09 06:17 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2329356659-3466762839-766936419-1000UA.job
2013-06-04 06:42 - 2011-04-19 18:44 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-03 13:43 - 2012-04-09 06:17 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2329356659-3466762839-766936419-1000Core.job
2013-06-03 07:42 - 2013-05-27 14:44 - 00007668 ____A C:\Windows\PFRO.log
2013-05-27 19:05 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-27 18:29 - 2012-04-26 18:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-27 17:35 - 2011-12-26 17:24 - 00000000 ____D C:\Users\Drew\AppData\Local\Facebook
2013-05-27 14:22 - 2013-05-27 14:20 - 00002429 ____A C:\Windows\LDPINST.LOG
2013-05-27 14:22 - 2011-04-30 18:21 - 00012681 ____A C:\Windows\System32\lvcoinst.log
2013-05-27 14:22 - 2011-04-30 18:21 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-05-27 14:20 - 2011-04-30 18:28 - 00000000 ____D C:\Users\Drew\AppData\Local\LogiShrd
2013-05-27 14:19 - 2011-01-18 19:45 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-05-27 14:19 - 2011-01-18 19:45 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-05-27 14:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2013-05-27 14:13 - 2011-01-18 19:46 - 00000000 ____D C:\Program Files\hp
2013-05-27 14:12 - 2011-01-18 19:54 - 00000000 ____D C:\Program Files (x86)\Hp
2013-05-27 14:10 - 2013-05-27 14:10 - 00000000 ____D C:\Users\Drew\Documents\Resumes 2013
2013-05-27 13:43 - 2011-01-18 19:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-27 13:42 - 2011-01-18 19:57 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-05-27 13:24 - 2011-04-30 18:24 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2013-05-27 13:24 - 2011-04-30 18:24 - 00000000 ____D C:\Windows\System32\logishrd
2013-05-27 13:23 - 2013-05-27 13:23 - 00000000 ____A C:\Windows\setuperr.log
2013-05-27 13:12 - 2011-05-12 10:31 - 00000000 ____D C:\Windows\Minidump
2013-05-27 13:12 - 2011-01-18 23:00 - 00285199 ____N C:\Windows\Minidump\052713-26629-01.dmp
2013-05-27 12:31 - 2011-03-27 21:03 - 00000000 ____D C:\Users\Drew\AppData\Local\CrashDumps
2013-05-27 12:31 - 2009-07-24 12:22 - 00000000 ____D C:\Windows\Panther
2013-05-27 12:27 - 2013-05-27 12:27 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-27 12:27 - 2013-05-27 12:27 - 00000000 ____D C:\Program Files\CCleaner
2013-05-27 12:14 - 2011-08-04 19:45 - 00000000 ____D C:\Users\Drew\AppData\Local\5-Day Forecast
2013-05-27 12:14 - 2011-08-04 19:44 - 00000000 ____D C:\ProgramData\5-Day Forecast
2013-05-27 12:14 - 2011-05-01 17:16 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-27 12:13 - 2012-01-31 06:05 - 00000000 ____D C:\Program Files (x86)\VideoSpirit Pro
2013-05-27 12:12 - 2013-05-27 12:12 - 00001079 ____A C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2013-05-27 12:12 - 2013-05-27 12:12 - 00000000 ____D C:\Users\Drew\AppData\Local\VS Revo Group
2013-05-27 12:12 - 2013-05-27 12:12 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-05-27 12:12 - 2013-05-27 12:12 - 00000000 ____D C:\Program Files\VS Revo Group
2013-05-26 16:45 - 2013-05-26 16:17 - 00000000 ____D C:\Users\Drew\AppData\Local\Avg2013
2013-05-26 16:40 - 2011-12-17 07:15 - 00000000 ____D C:\ProgramData\AVG2012
2013-05-26 16:40 - 2011-03-27 19:00 - 00000000 ____D C:\Program Files (x86)\AVG
2013-05-26 16:36 - 2013-05-26 16:36 - 00000000 ____D C:\Users\Drew\AppData\Roaming\AVG2013
2013-05-26 16:29 - 2013-05-26 16:20 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-26 16:25 - 2013-05-26 16:25 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-26 16:25 - 2013-05-26 16:25 - 00000000 ____D C:\Users\Drew\AppData\Roaming\TuneUp Software
2013-05-26 16:17 - 2013-05-26 16:17 - 00000000 ____D C:\Users\Drew\AppData\Local\MFAData
2013-05-26 11:14 - 2013-05-26 11:14 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-26 11:14 - 2012-12-24 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-26 10:58 - 2012-11-16 19:49 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForDrew.job
2013-05-26 10:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-05-25 18:59 - 2012-09-03 18:01 - 00000000 ____D C:\Users\Drew\AppData\Roaming\.minecraft
2013-05-24 19:12 - 2011-10-28 21:41 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-05-24 19:12 - 2011-04-01 20:41 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-05-24 19:10 - 2011-04-01 20:40 - 00000000 ____D C:\Users\Drew\AppData\Roaming\HP Support Assistant
2013-05-24 19:10 - 2011-03-28 19:10 - 00000000 ____D C:\Users\Drew\AppData\Roaming\HpUpdate
2013-05-24 14:40 - 2013-01-21 18:57 - 00001057 ____A C:\Users\Public\Desktop\FileASSASSIN.lnk
2013-05-23 20:43 - 2012-04-09 06:17 - 00002323 ____A C:\Users\Drew\Desktop\Google Chrome.lnk
2013-05-21 05:35 - 2011-01-18 20:06 - 00000000 ____D C:\ProgramData\PDFC
2013-05-15 16:48 - 2013-05-15 16:48 - 00596729 ____A C:\Users\Drew\Downloads\Turret Mod Installer.zip
2013-05-15 08:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-05-15 05:29 - 2012-04-26 18:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 05:29 - 2011-07-08 23:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 04:35 - 2009-07-13 21:45 - 00354080 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 03:04 - 2011-04-06 21:58 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-08 07:12 - 2013-05-08 07:11 - 116061582 ____A C:\Users\Drew\Downloads\Sphax PureBDcraft 512x MC15.zip

Files to move or delete:
====================
C:\Users\Drew\afmwcxuriswrohczbcqurm.exe
C:\ProgramData\ism_0_llatsni.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-24 00:07

==================== End Of Log ============================

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2013 02
Ran by Drew at 2013-06-07 17:17:30 Run:
Running from F:\help
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
ATI Catalyst Install Manager (Version: 3.0.774.0)
AVG 2013 (Version: 13.0.3199)
AVG 2013 (Version: 13.0.3343)
AVG 2013 (Version: 2013.0.3343)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Camtasia Studio 7 (Version: 7.1.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Full Existing (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Full New (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Light (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0511.2153.37435)
Catalyst Control Center InstallProxy (Version: 2010.0511.2153.37435)
Catalyst Control Center Localization All (Version: 2010.0511.2153.37435)
CCC Help Chinese Standard (Version: 2010.0511.2152.37435)
CCC Help Chinese Traditional (Version: 2010.0511.2152.37435)
CCC Help Czech (Version: 2010.0511.2152.37435)
CCC Help Danish (Version: 2010.0511.2152.37435)
CCC Help Dutch (Version: 2010.0511.2152.37435)
CCC Help English (Version: 2010.0511.2152.37435)
CCC Help Finnish (Version: 2010.0511.2152.37435)
CCC Help French (Version: 2010.0511.2152.37435)
CCC Help German (Version: 2010.0511.2152.37435)
CCC Help Greek (Version: 2010.0511.2152.37435)
CCC Help Hungarian (Version: 2010.0511.2152.37435)
CCC Help Italian (Version: 2010.0511.2152.37435)
CCC Help Japanese (Version: 2010.0511.2152.37435)
CCC Help Korean (Version: 2010.0511.2152.37435)
CCC Help Norwegian (Version: 2010.0511.2152.37435)
CCC Help Polish (Version: 2010.0511.2152.37435)
CCC Help Portuguese (Version: 2010.0511.2152.37435)
CCC Help Russian (Version: 2010.0511.2152.37435)
CCC Help Spanish (Version: 2010.0511.2152.37435)
CCC Help Swedish (Version: 2010.0511.2152.37435)
CCC Help Thai (Version: 2010.0511.2152.37435)
CCC Help Turkish (Version: 2010.0511.2152.37435)
ccc-core-static (Version: 2010.0511.2153.37435)
ccc-utility64 (Version: 2010.0511.2153.37435)
CCleaner (Version: 4.02)
Chuzzle Deluxe (Version: 2.2.0.95)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
CyberLink DVD Suite Deluxe (Version: 7.0.3210)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.2.4412)
Escape Rosecliff Island (Version: 2.2.0.95)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
FileASSASSIN (Version: 1.06)
Final Drive Nitro (Version: 2.2.0.95)
Google Chrome (Version: 27.0.1453.94)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GoPro CineForm Studio 1.1.2 (Version: 1.1.2)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Game Console
HP Games (Version: 1.0.1.5)
HP MediaSmart DVD (Version: 4.2.4725)
HP MediaSmart Music (Version: 4.2.4517)
HP MediaSmart Photo (Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.4)
HP MediaSmart Video (Version: 4.2.4522)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.4.0)
HP MovieStore (Version: 1.0.027)
HP MovieStore (Version: 2.0.2)
HP Odometer (Version: 2.10.0000)
HP Photo Creations (Version: 1.0.0.3341)
HP Setup (Version: 8.4.4400.3525)
HP Setup Manager (Version: 1.0.12844.3519)
HP Support Information (Version: 10.1.1000)
HP Update (Version: 5.002.005.003)
HP Vision Hardware Diagnostics (Version: 2.1.6.0)
iCloud (Version: 2.1.1.3)
iTunes (Version: 11.0.2.26)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Kobo (Version: 1.6)
LADSPA_plugins-win-0.4.15
LightScribe System Software (Version: 1.18.20.1)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed 2 (MSI) (Version: 6.0.1.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MobileMe Control Panel (Version: 3.1.8.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.2.4412)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Nikon Message Center 2 (Version: 2.0.1)
Norton Online Backup (Version: 2.1.17869)
OpenAL
PDF Complete Special Edition (Version: 4.0.9)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.7717)
Picture Control Utility (Version: 1.2.1)
Pinnacle Video Driver (Version: 12.1.0.030)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4329)
PowerDirector (Version: 8.0.3129)
PressReader (Version: 5.10.1102.0)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Recovery Manager (Version: 5.5.3219)
Revo Uninstaller Pro 3.0.5 (Version: 3.0.5)
RoxioNow Player (Version: 1.9.5.101)
Samplitude 11.5 Producer Download Version (Version: 11.5.0.0)
Square Enix Secure Launcher (Version: 1.0.0.106)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Vegas Pro 11.0 (64-bit) (Version: 11.0.683)
ViewNX 2 (Version: 2.1.0)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VoiceOver Kit (Version: 1.42.128.0)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.36)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
Zinio Reader 4 (Version: 4.0.3184)
Zuma Deluxe (Version: 2.2.0.95)

==================== Restore Points  =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2013 07:53:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16484, time stamp: 0x5186cee7
Exception code: 0xc0000005
Fault offset: 0x00000000003bdb74
Faulting process id: 0x1afc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/05/2013 07:48:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_7_700_202.ocx, version: 11.7.700.202, time stamp: 0x51801ccd
Exception code: 0xc0000005
Fault offset: 0x000000000024cbc5
Faulting process id: 0x424
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/04/2013 07:11:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16484, time stamp: 0x5186cee7
Exception code: 0xc0000005
Fault offset: 0x00000000003bdb74
Faulting process id: 0x1984
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/04/2013 06:46:40 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16484, time stamp: 0x5186cee7
Exception code: 0xc0000005
Fault offset: 0x00000000003bdb74
Faulting process id: 0x43c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/03/2013 01:46:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000025e07ff
Faulting process id: 0x428
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/03/2013 07:46:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16484, time stamp: 0x5186cee7
Exception code: 0xc0000005
Fault offset: 0x00000000003bdb74
Faulting process id: 0x434
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/27/2013 03:25:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16484, time stamp: 0x5186cee7
Exception code: 0xc0000005
Fault offset: 0x00000000003bdb74
Faulting process id: 0x440
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/27/2013 02:38:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000452400003afc
Faulting process id: 0x11cc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/27/2013 01:28:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16484, time stamp: 0x5186cee7
Exception code: 0xc0000005
Fault offset: 0x00000000003bdb74
Faulting process id: 0x448
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (05/27/2013 01:21:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

System errors:
=============
Error: (06/05/2013 07:56:17 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/05/2013 07:56:16 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

Error: (06/05/2013 07:55:26 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (06/05/2013 07:52:24 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error:
%%1056

Error: (06/05/2013 07:52:24 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:
%%1056

Error: (06/05/2013 07:52:24 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (06/05/2013 07:52:24 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:
%%1056

Error: (06/05/2013 07:51:24 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
%%1056

Error: (06/05/2013 07:50:24 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/05/2013 07:50:24 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (06/05/2013 07:53:21 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll9.0.8112.164845186cee7c000000500000000003bdb741afc01ce61fc02def11dC:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dlla9aac5df-cdef-11e2-bb90-6431502734dd

Error: (06/05/2013 07:48:43 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_11_7_700_202.ocx11.7.700.20251801ccdc0000005000000000024cbc542401ce61fb2121b0f8C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_11_7_700_202.ocx046c4917-cdef-11e2-bb90-6431502734dd

Error: (06/04/2013 07:11:48 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll9.0.8112.164845186cee7c000000500000000003bdb74198401ce612a232a869eC:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dllb1bc27da-cd20-11e2-b31e-6431502734dd

Error: (06/04/2013 06:46:40 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll9.0.8112.164845186cee7c000000500000000003bdb7443c01ce61286b7da1b1C:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dll2e9fd58d-cd1d-11e2-b31e-6431502734dd

Error: (06/03/2013 01:46:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000025e07ff42801ce609a81aa07aeC:\Windows\system32\svchost.exeunknowna2552205-cc8e-11e2-88f4-6431502734dd

Error: (06/03/2013 07:46:31 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll9.0.8112.164845186cee7c000000500000000003bdb7443401ce6068a1033e47C:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dll603c68d5-cc5c-11e2-abe6-6431502734dd

Error: (05/27/2013 03:25:21 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll9.0.8112.164845186cee7c000000500000000003bdb7444001ce5b235c6c51caC:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dll50e09550-c71c-11e2-95c8-6431502734dd

Error: (05/27/2013 02:38:58 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c00000050000452400003afc11cc01ce5b220ef3a477C:\Windows\system32\svchost.exeunknownd60bc223-c715-11e2-84cf-6431502734dd

Error: (05/27/2013 01:28:08 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll9.0.8112.164845186cee7c000000500000000003bdb7444801ce5b17fd930283C:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dllf0decbbb-c70b-11e2-84cf-6431502734dd

Error: (05/27/2013 01:21:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

CodeIntegrity Errors:
===================================
  Date: 2013-06-07 17:10:31.972
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-05 07:44:22.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-04 06:36:09.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-03 13:40:00.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-03 07:43:32.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-27 14:45:04.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-27 13:23:41.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-27 11:02:53.910
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-27 10:47:58.158
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-26 17:03:05.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 4863.29 MB
Available physical RAM: 2766 MB
Total Pagefile: 9724.75 MB
Available Pagefile: 7451.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:685.71 GB) (Free:418.75 GB) NTFS (Disk=0 Partition=2)
Drive d: (HP_RECOVERY) (Fixed) (Total:12.83 GB) (Free:1.58 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (CHRISTIAN) (Removable) (Total:7.45 GB) (Free:6.12 GB) FAT32 (Disk=5 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 439B21E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================

 

 

 

What next?



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 07 June 2013 - 11:04 PM

Please do this next:

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • MBAR log(s)
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Christian.Anderson79

Christian.Anderson79
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 08 June 2013 - 11:30 AM

completed.

MBAR LOG:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.08.03

Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 9.0.8112.16421
Drew :: DREW-HP [administrator]

6/8/2013 8:44:03 AM
mbar-log-2013-06-08 (08-44-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P
Scan options disabled: PUP
Objects scanned: 241299
Time elapsed: 25 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 2
Master Boot Record on Drive #0 (Unknown Rootkit MBR Infection) -> Replace on reboot.
Physical Sector #1465148906 on Drive #0 (Forged physical sector) -> Replace on reboot.

(end)

 

COMBOFIX LOG:

ComboFix 13-06-08.01 - Drew 06/08/2013   9:18.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4863.3165 [GMT -7:00]
Running from: f:\help\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\TelevisionFanatic
c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
c:\programdata\222620n4p360q763c457a6gir7g0
c:\programdata\5a99badd
c:\programdata\ism_0_llatsni.pad
c:\programdata\Microsoft\Windows\DRM\3A90.tmp
C:\Thumbs.db
c:\users\Drew\AppData\Roaming\e942060b
c:\users\Drew\libvorbisfile.dll
c:\windows\SysWow64\frapsvid.dll
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-08 to 2013-06-08  )))))))))))))))))))))))))))))))
.
.
2013-06-08 16:24 . 2013-06-08 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-08 15:43 . 2013-06-08 16:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-08 15:43 . 2013-06-08 15:43 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-08 00:16 . 2013-06-08 00:16 -------- d-----w- C:\FRST
2013-05-27 20:16 . 2013-05-27 20:16 -------- d-----w- c:\users\Drew\AppData\Local\ElevatedDiagnostics
2013-05-27 19:27 . 2013-05-27 19:27 -------- d-----w- c:\program files\CCleaner
2013-05-27 19:12 . 2013-05-27 19:12 -------- d-----w- c:\users\Drew\AppData\Local\VS Revo Group
2013-05-27 19:12 . 2013-05-27 19:12 -------- d-----w- c:\programdata\VS Revo Group
2013-05-27 19:12 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-05-27 19:12 . 2013-05-27 19:12 -------- d-----w- c:\program files\VS Revo Group
2013-05-26 23:36 . 2013-05-26 23:36 -------- d-----w- c:\users\Drew\AppData\Roaming\AVG2013
2013-05-26 23:25 . 2013-05-26 23:25 -------- d-----w- c:\users\Drew\AppData\Roaming\TuneUp Software
2013-05-26 23:20 . 2013-05-26 23:29 -------- d-----w- c:\programdata\AVG2013
2013-05-26 23:17 . 2013-05-26 23:45 -------- d-----w- c:\users\Drew\AppData\Local\Avg2013
2013-05-26 23:17 . 2013-05-26 23:17 -------- d-----w- c:\users\Drew\AppData\Local\MFAData
2013-05-15 10:01 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-15 10:01 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 10:01 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-15 04:27 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 04:27 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 04:27 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 04:27 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 04:27 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 04:27 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 04:27 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 04:27 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 04:27 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 04:27 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 04:27 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 04:26 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-26 17:59 . 2012-06-21 13:26 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 12:29 . 2012-04-27 01:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 12:29 . 2011-07-09 06:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 10:04 . 2011-04-07 04:58 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-04-13 05:49 . 2013-05-15 04:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 04:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 04:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 04:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 04:27 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 04:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 17:56 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 21:50 . 2012-12-24 17:24 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 09:53 . 2013-03-29 09:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-21 10:08 . 2013-03-21 10:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-03-19 06:04 . 2013-04-10 05:01 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 05:01 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 05:01 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 05:01 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 05:01 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 05:01 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE" [2012-01-04 3208032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-13 304568]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-2-9 152064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 12:29]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20 01:43]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20 01:43]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2329356659-3466762839-766936419-1000Core.job
- c:\users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 11:17]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2329356659-3466762839-766936419-1000UA.job
- c:\users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 11:17]
.
2013-05-02 c:\windows\Tasks\HPCeeScheduleForDREW-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-05-26 c:\windows\Tasks\HPCeeScheduleForDrew.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
Trusted Zone: inginvestment.com\remote
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
Toolbar-!{c98d5b61-b0ea-4d48-9839-1079d352d880} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-08  09:26:40
ComboFix-quarantined-files.txt  2013-06-08 16:26
.
Pre-Run: 449,607,266,304 bytes free
Post-Run: 449,820,155,904 bytes free
.
- - End Of File - - 811ECA6B4485F6434C2B1B4A9F0ACBF6
 

The "Name not available" sounds have gone away and my computer seems to be running quite smoothly.



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 09 June 2013 - 12:30 AM

Please do this next:

 

icon11.gif   Download AdwCleaner from  here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:

  • AdwCleaner log
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 17 June 2013 - 10:09 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users