Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Issues, Screen Blackout/Hijack


  • This topic is locked This topic is locked
20 replies to this topic

#1 VitalEcho

VitalEcho

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 30 May 2013 - 07:02 PM

Hey there everyone! So I've been having some issues with my computer. Initially most of the problems were forced re-directs on IE when doing google searches, particularly when using the address bar. I've tried to use malwarebytes and spybot, which typically between the both of them can clear up any issues I have. Not this time. :( My system restore points also only go back until around the 16th of this month, which is after I began having issues. More recently I had an issue where the screen blacked out and I got a notification to choose a recording device, as if I were viewing a flash game(not sure if it's flash that you typically see this on, but I'm sure you can figure out what I mean. XD), and then the screen blacked out and displayed a message from the supposed FBI claiming I have some illegal unmentionables that were found on my pc and that I owe 400$ to unlock the computer and my task manager and such were disabled. I was able to get rid of this by starting a Hard shutdown, then canceling it out. My log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576
Run by Tiffany at 19:44:21 on 2013-05-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.1768 [GMT -4:00]
.
AV: Trend Micro Titanium *Disabled/Outdated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium *Disabled/Outdated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\windows\system32\lxdxcoms.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\regsvr32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\syswow64\rundll32.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\syswow64\svchost.exe -k netsvcs
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\twunk_32.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\twunk_32.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
mStart Page = about:blank
uWinlogon: Shell = explorer.exe,
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
uRun: [GoogleChromeAutoLaunch_8AEA0EEB960CAFACB93F92690E929CDE] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Mozilla] rundll32 "C:\Users\Tiffany\AppData\Local\Programs\Mozilla\gsprs.dll",CollectDwgDependentsEx
uRun: [LunarianConcepts] regsvr32.exe C:\Users\Tiffany\AppData\Local\LunarianConcepts\ixqsxuju.dll
uRun: [Adobe CSS5.1 Manager] C:\Users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad\dfbeaedacbaad.exe
uRunOnce: [Adobe CSS5.1 Manager] C:\Users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad\dfbeaedacbaad.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartupFolder: C:\Users\Tiffany\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Tiffany\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PNotes.lnk - E:\Artemis\Programs\PortableApps\PortableApps\PNotesPortable\PNotesPortable.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B14C8957-83C3-4D63-967C-E4F7300722FE} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B14C8957-83C3-4D63-967C-E4F7300722FE}\2375942554431373 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\5i0osxqa.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TMEBC;TMEBC;C:\windows\System32\drivers\TMEBC64.sys [2013-3-19 46392]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2013-3-19 76672]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-3-19 310952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-8 87992]
R2 lxdx_device;lxdx_device;C:\windows\System32\lxdxcoms.exe -service --> C:\windows\System32\lxdxcoms.exe -service [?]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-2 120728]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-1-12 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-1-12 126392]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-4-30 65657]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-12 2656280]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-1-12 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-1-12 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-1-12 1109096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-1-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-3-28 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-1-12 243712]
S3 tmeevw;tmeevw;C:\windows\System32\drivers\tmeevw.sys [2013-3-19 98104]
S3 tmnciesc;tmnciesc;C:\windows\System32\drivers\tmnciesc.sys [2013-3-19 210232]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-3-28 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-3-28 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-30 21:30:56 0 ----a-w- C:\Users\Tiffany\acrobat.exe
2013-05-30 21:30:53 161280 ----a-w- C:\Users\Tiffany\acrobatreader.exe
2013-05-30 16:32:32 0 ----a-w- C:\Users\Tiffany\teamviewer.exe
2013-05-30 16:32:31 0 ----a-w- C:\Users\Tiffany\jucheck.exe
2013-05-30 16:32:29 161280 ----a-w- C:\Users\Tiffany\googleupdate.exe
2013-05-30 16:30:33 0 ----a-w- C:\Users\Tiffany\skype.exe
2013-05-30 16:30:31 161280 ----a-w- C:\Users\Tiffany\mstsc.exe
2013-05-30 16:25:29 0 ----a-w- C:\Users\Tiffany\chrome.exe
2013-05-30 16:25:28 0 ----a-w- C:\Users\Tiffany\jqs.exe
2013-05-30 16:25:28 0 ----a-w- C:\Users\Tiffany\icq.exe
2013-05-30 16:20:51 -------- d-----w- C:\Users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad
2013-05-30 16:20:30 0 ----a-w- C:\Users\Tiffany\windowsupdate.exe
2013-05-30 16:20:30 0 ----a-w- C:\Users\Tiffany\opera.exe
2013-05-30 16:20:29 0 ----a-w- C:\Users\Tiffany\notepad.exe
2013-05-28 13:32:23 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-05-28 13:32:23 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-05-28 13:32:23 144384 ----a-w- C:\windows\System32\cdd.dll
2013-05-28 13:31:55 1930752 ----a-w- C:\windows\System32\authui.dll
2013-05-28 13:31:54 70144 ----a-w- C:\windows\System32\appinfo.dll
2013-05-28 13:31:54 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-05-28 13:31:54 111448 ----a-w- C:\windows\System32\consent.exe
2013-05-28 13:31:46 48640 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-05-28 13:31:46 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-05-28 13:31:46 230400 ----a-w- C:\windows\System32\wwansvc.dll
2013-05-21 20:05:42 -------- d-----w- C:\Program Files (x86)\PC Checkup
2013-05-21 16:54:45 -------- d-----w- C:\Users\Tiffany\AppData\Roaming\wabEventSupport16
2013-05-15 15:03:27 -------- d-----w- C:\Users\Tiffany\AppData\Roaming\PCCUStubInstaller
2013-05-15 01:44:53 -------- d-----w- C:\Users\Tiffany\AppData\Local\LunarianConcepts
2013-05-07 23:53:23 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-05-07 23:53:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2013-05-15 13:51:16 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 13:51:16 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-29 23:12:08 234544 ----a-w- C:\windows\RegBootClean64.exe
2013-03-19 19:19:10 59 ----a-w- C:\windows\System32\SupportTool.exe.bat
2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe
.
============= FINISH: 19:44:32.76 ===============
 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 01 June 2013 - 09:35 PM


Hello VitalEcho

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 VitalEcho

VitalEcho
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 02 June 2013 - 08:03 PM

 I apreciate the help, Gringo!

The 'blackout' is happening more frequently, and is happening immediately after starting the computer. The only way to bypass this full-screen hijack was the shutdown and cancel. Now that won't work the computer doesn't allow me to cancel, so I had to boot into safe mode. The 'blackout' has also shown a new trick; hijacking the webcam to take a picture, and pasting it into the page.

Also, attached is a screenshot of one example of the 'blackout' page. The black box is where the webcam picture was displayed.

 

Adw Log;

# AdwCleaner v2.301 - Logfile created 06/02/2013 at 20:22:04
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tiffany - TIFFANY-PC
# Boot Mode : Normal
# Running from : C:\Users\Tiffany\Desktop\Fake Porn\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Mom\AppData\Local\Temp\boost_interprocess
Folder Found : C:\Users\Tiffany\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\5i0osxqa.default\prefs.js

[OK] File is clean.

File : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\to6xkzts.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2007 octets] - [02/06/2013 20:22:04]

########## EOF - C:\AdwCleaner[R1].txt - [2067 octets] ##########
 

 

 

 

JRT Log;

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Tiffany on Sun 06/02/2013 at 20:51:41.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Tiffany\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Program Files (x86)\pc checkup"
Successfully deleted: [Empty Folder] C:\Users\Tiffany\appdata\local\{36E3B9D9-95BA-4845-9D74-4213B52E04FA}
Successfully deleted: [Empty Folder] C:\Users\Tiffany\appdata\local\{56e02f73-c73e-341c-1909-583710acfd43}
Successfully deleted: [Empty Folder] C:\Users\Tiffany\appdata\local\{90313437-B558-4C98-B07A-EC300E2494CB}



~~~ FireFox

Successfully deleted: [File] C:\Users\Tiffany\AppData\Roaming\mozilla\firefox\profiles\5i0osxqa.default\extensions\sivuvsktua@sivuvsktua.org.xpi [Tracur]
Emptied folder: C:\Users\Tiffany\AppData\Roaming\mozilla\firefox\profiles\5i0osxqa.default\minidumps [16 files]



~~~ Chrome

Dumping contents of C:\Users\Tiffany\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Tiffany\appdata\local\Google\Chrome\User Data\Default\Default\aadegfgedddcdgdcdjdbdddfdcdgdigc
C:\Users\Tiffany\appdata\local\Google\Chrome\User Data\Default\Default\aadegfgedddcdgdcdjdbdddfdcdgdigc\background.js
C:\Users\Tiffany\appdata\local\Google\Chrome\User Data\Default\Default\aadegfgedddcdgdcdjdbdddfdcdgdigc\ContentScript.js
C:\Users\Tiffany\appdata\local\Google\Chrome\User Data\Default\Default\aadegfgedddcdgdcdjdbdddfdcdgdigc\manifest.json

Successfully deleted: [Folder] C:\Users\Tiffany\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/02/2013 at 20:53:08.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by VitalEcho, 03 June 2013 - 10:20 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 02 June 2013 - 09:01 PM


Hello VitalEcho

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 VitalEcho

VitalEcho
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 03 June 2013 - 10:20 AM

Good and bad news. The good news is that I am no longer forced to boot into safemode to avoid the 'blackout' screen initially. However, as I was typing this reply the screen flashed as if trying to load this blackout screen, and later was able to load it. The previous method of initiating shutdown then canceling worked. Additionally, IE doesn't want to load any pages other than the home page, and does not return page not found errors or anything, just a white screen. Loading of the requested url doesn't even seem to initiate. Firefox and Chrome do not have this issue.

 

My Log;

 

ComboFix 13-06-03.03 - Tiffany 06/03/2013  10:04:53.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2515 [GMT -4:00]
Running from: c:\users\Tiffany\Desktop\Fake Porn\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Outdated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium *Disabled/Outdated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\1F4.tmp
c:\programdata\Microsoft\Windows\DRM\6638.tmp
c:\programdata\Microsoft\Windows\DRM\6CDA.tmp
c:\programdata\Microsoft\Windows\DRM\8EB1.tmp
c:\programdata\Microsoft\Windows\DRM\92FF.tmp
c:\programdata\Microsoft\Windows\DRM\9C7D.tmp
c:\programdata\Microsoft\Windows\DRM\B36A.tmp
c:\programdata\Microsoft\Windows\DRM\B6D7.tmp
c:\programdata\ntuser.dat
c:\users\Tiffany\acrobat.exe
c:\users\Tiffany\acrobat905534.exe
c:\users\Tiffany\acrobatreader.exe
c:\users\Tiffany\acrobatreader481222.exe
c:\users\Tiffany\alg.exe
c:\users\Tiffany\alg41006.exe
c:\users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad
c:\users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad\dfbeaedacbaad.exe
c:\users\Tiffany\AppData\Local\Programs\Mozilla\gsprs.dll
c:\users\Tiffany\AppData\Roaming\skype.dat
c:\users\Tiffany\chrome.exe
c:\users\Tiffany\chrome613069.exe
c:\users\Tiffany\conhost.exe
c:\users\Tiffany\csrss.exe
c:\users\Tiffany\csrss105656.exe
c:\users\Tiffany\ctfmon.exe
c:\users\Tiffany\ctfmon365520.exe
c:\users\Tiffany\ctfmon945117.exe
c:\users\Tiffany\firefox.exe
c:\users\Tiffany\firefox13243.exe
c:\users\Tiffany\firefox231267.exe
c:\users\Tiffany\flashplayer.exe
c:\users\Tiffany\flashplayer69571.exe
c:\users\Tiffany\googleupdate.exe
c:\users\Tiffany\googleupdate166196.exe
c:\users\Tiffany\icq.exe
c:\users\Tiffany\icq16280.exe
c:\users\Tiffany\icq236877.exe
c:\users\Tiffany\iexplore.exe
c:\users\Tiffany\iexplore329050.exe
c:\users\Tiffany\java.exe
c:\users\Tiffany\java684075.exe
c:\users\Tiffany\jqs.exe
c:\users\Tiffany\jucheck.exe
c:\users\Tiffany\jucheck447371.exe
c:\users\Tiffany\jucheck673356.exe
c:\users\Tiffany\msconfig.exe
c:\users\Tiffany\mstsc.exe
c:\users\Tiffany\mstsc573076.exe
c:\users\Tiffany\notepad.exe
c:\users\Tiffany\opera.exe
c:\users\Tiffany\opera696422.exe
c:\users\Tiffany\rundll32.exe
c:\users\Tiffany\rundll32204917.exe
c:\users\Tiffany\rundll32239140.exe
c:\users\Tiffany\skype.exe
c:\users\Tiffany\spoolsv.exe
c:\users\Tiffany\teamviewer.exe
c:\users\Tiffany\vlcplayer.exe
c:\users\Tiffany\windowsupdate.exe
c:\users\Tiffany\winlogon.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RdpVideoMiniport
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-03 to 2013-06-03  )))))))))))))))))))))))))))))))
.
.
2013-06-03 14:25 . 2013-06-03 14:25 -------- d-----w- c:\users\Mom\AppData\Local\temp
2013-06-03 14:25 . 2013-06-03 14:25 -------- d-----w- c:\users\Mcx1-TIFFANY-PC\AppData\Local\temp
2013-06-03 14:25 . 2013-06-03 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-03 14:25 . 2013-06-03 14:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-06-03 00:46 . 2013-06-03 00:46 -------- d-----w- c:\users\Mom\AppData\Roaming\Motorola Mobility
2013-06-03 00:34 . 2013-06-03 00:34 -------- d-----w- c:\windows\ERUNT
2013-06-03 00:33 . 2013-06-03 00:51 -------- d-----w- C:\JRT
2013-05-28 13:32 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-28 13:32 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-28 13:32 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-28 13:31 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-28 13:31 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-28 13:31 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-28 13:31 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-28 13:31 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-28 13:31 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-28 13:31 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 13:31 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-28 13:31 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-21 16:54 . 2013-05-30 21:28 -------- d-----w- c:\users\Tiffany\AppData\Roaming\wabEventSupport16
2013-05-15 01:44 . 2013-05-30 21:23 -------- d-----w- c:\users\Tiffany\AppData\Local\LunarianConcepts
2013-05-07 23:53 . 2013-05-07 23:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-07 23:53 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-29 17:40 . 2013-03-28 16:45 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 13:51 . 2012-04-05 04:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:51 . 2011-10-31 02:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 12:42 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-28 13:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-28 13:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 13:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 13:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 13:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-28 13:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 17:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-29 23:12 . 2013-03-29 23:11 234544 ----a-w- c:\windows\RegBootClean64.exe
2013-03-28 16:41 . 2013-03-28 16:41 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-28 16:41 . 2013-03-28 16:41 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-28 16:41 . 2013-03-28 16:41 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-28 16:41 . 2013-03-28 16:41 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-28 16:41 . 2013-03-28 16:41 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-28 16:41 . 2013-03-28 16:41 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-28 16:41 . 2013-03-28 16:41 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-28 16:41 . 2013-03-28 16:41 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-28 16:41 . 2013-03-28 16:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-28 16:41 . 2013-03-28 16:41 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-28 16:41 . 2013-03-28 16:41 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-28 16:41 . 2013-03-28 16:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-28 16:41 . 2013-03-28 16:41 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-28 16:41 . 2013-03-28 16:41 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-28 16:41 . 2013-03-28 16:41 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-28 16:41 . 2013-03-28 16:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-28 16:41 . 2013-03-28 16:41 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-28 16:41 . 2013-03-28 16:41 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-28 16:41 . 2013-03-28 16:41 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-28 16:41 . 2013-03-28 16:41 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-28 16:41 . 2013-03-28 16:41 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-28 16:41 . 2013-03-28 16:41 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-28 16:41 . 2013-03-28 16:41 441856 ----a-w- c:\windows\system32\html.iec
2013-03-28 16:41 . 2013-03-28 16:41 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-28 16:41 . 2013-03-28 16:41 235008 ----a-w- c:\windows\system32\url.dll
2013-03-28 16:41 . 2013-03-28 16:41 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-28 16:41 . 2013-03-28 16:41 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-28 16:41 . 2013-03-28 16:41 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-28 16:41 . 2013-03-28 16:41 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-28 16:41 . 2013-03-28 16:41 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-28 16:41 . 2013-03-28 16:41 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-28 16:41 . 2013-03-28 16:41 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-28 16:41 . 2013-03-28 16:41 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-28 16:41 . 2013-03-28 16:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-28 16:41 . 2013-03-28 16:41 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-28 16:41 . 2013-03-28 16:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-28 16:41 . 2013-03-28 16:41 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-28 16:41 . 2013-03-28 16:41 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-28 16:41 . 2013-03-28 16:41 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-28 16:41 . 2013-03-28 16:41 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-28 16:41 . 2013-03-28 16:41 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-28 16:41 . 2013-03-28 16:41 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-28 16:41 . 2013-03-28 16:41 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-28 16:41 . 2013-03-28 16:41 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-28 16:41 . 2013-03-28 16:41 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-28 16:41 . 2013-03-28 16:41 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-28 16:41 . 2013-03-28 16:41 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-28 16:41 . 2013-03-28 16:41 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-28 16:41 . 2013-03-28 16:41 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-24 21:39 . 2012-05-21 14:10 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-03-24 21:39 . 2012-05-21 14:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-03-19 19:19 . 2013-03-19 19:19 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2013-03-19 06:04 . 2013-04-10 21:08 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 21:08 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 21:08 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 21:08 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 21:08 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 21:08 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2013-04-30 2022]
"GoogleChromeAutoLaunch_8AEA0EEB960CAFACB93F92690E929CDE"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-05-23 825808]
"LunarianConcepts"="c:\users\Tiffany\AppData\Local\LunarianConcepts\ixqsxuju.dll" [2013-05-28 682496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk.disabled [2012-10-1 1246]
PNotes.lnk.disabled [2013-2-23 1148]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]
R3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys;c:\windows\SYSNATIVE\DRIVERS\tmnciesc.sys [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys;c:\windows\SYSNATIVE\DRIVERS\TMEBC64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe;c:\windows\SYSNATIVE\lxdxcoms.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-28 18:59 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:51]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 05:35]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 05:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 213856]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\5i0osxqa.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Adobe CSS5.1 Manager - c:\users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad\dfbeaedacbaad.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-06-03  10:46:52 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-03 14:46
.
Pre-Run: 52,931,710,976 bytes free
Post-Run: 52,901,474,304 bytes free
.
- - End Of File - - 75E8FB20E2DCA189E86AFEA0277CE7F0


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 03 June 2013 - 12:28 PM


Hello VitalEcho



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 VitalEcho

VitalEcho
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 03 June 2013 - 08:34 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-06-2013 02
Ran by Tiffany (administrator) on 03-06-2013 21:32:32
Running from C:\Users\Tiffany\Desktop\Fake Porn
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
( ) C:\windows\system32\lxdxcoms.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Mobility Inc.) C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\regsvr32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TrueCrypt Foundation) C:\Users\Tiffany\iexplore956806.exe
() C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [213856 2012-07-25] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1374864 2012-07-25] (Trend Micro Inc.)
HKCU\...\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2022 2013-04-30] ()
HKCU\...\Run: [GoogleChromeAutoLaunch_8AEA0EEB960CAFACB93F92690E929CDE] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-05-23] (Google Inc.)
HKCU\...\Run: [LunarianConcepts] regsvr32.exe C:\Users\Tiffany\AppData\Local\LunarianConcepts\ixqsxuju.dll [682496 2013-05-28] (CANON INC.)
HKCU\...\Run: [Adobe CSS5.1 Manager] C:\Users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad\dfbeaedacbaad.exe [0 2013-06-03] () <===== ATTENTION
HKCU\...\Run: [] C:\Users\Tiffany\iexplore956806.exe [104448 2013-06-03] (TrueCrypt Foundation)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Tiffany\AppData\Roaming\skype.dat [160256 2011-11-17] (SmartDev Software INC.) <==== ATTENTION 
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Mcx1-TIFFANY-PC\...\Winlogon: [Shell] C:\windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk.disabled
ShortcutTarget: OpenOffice.org 3.4.1.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PNotes.lnk.disabled
ShortcutTarget: PNotes.lnk.disabled -> E:\Artemis\Programs\PortableApps\PortableApps\PNotesPortable\PNotesPortable.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe64.dll (Trend Micro Inc.)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\5i0osxqa.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Extension: Autoplay Known Devices Info - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\5i0osxqa.default\Extensions\{8AC324BB-46AA-CABD-9CA2-81C8C17ED57B}
 
Chrome: 
=======
CHR HomePage: hxxp://start.toshiba.com/?cid=C001B2Y
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.wikipedia.org/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (TrendMicro BEP Extension) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\7.5.0.1125_0
CHR Extension: (Google Search) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (TLDR) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\giepilabiomhlcmlefmbfkgeoccfhhhc\2.1.1_0
CHR Extension: (Hello Kitty) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioiobnjjjgemkflahplehgpkbjcojld\1.1_0
CHR Extension: (Gmail) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
==================== Services (Whitelisted) =================
 
R2 lxdx_device; C:\windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll [132984 2011-07-19] (Symantec Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]
S2 Norton PC Checkup Application Launcher; "C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe" /s  [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [106000 2012-07-12] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-07-12] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [98104 2012-08-25] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [76672 2012-07-12] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-05] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 TMAgent; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-03 21:32 - 2013-06-03 21:32 - 00000000 ____D C:\FRST
2013-06-03 12:25 - 2012-10-24 15:44 - 00656048 ____A (WildTangent, Inc.) C:\ProgramData\uninstall1513370.exe
2013-06-03 11:21 - 2013-06-03 12:19 - 00000004 ____A C:\Users\Tiffany\AppData\Roaming\skype.ini
2013-06-03 11:21 - 2013-06-03 11:21 - 00339968 ____A C:\Users\Tiffany\java80729.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00339968 ____A C:\Users\Tiffany\alg323256.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\icq730997.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00104448 ____A (TrueCrypt Foundation) C:\Users\Tiffany\iexplore956806.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\rundll32888162.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\notepad496918.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00000000 ____A C:\Users\Tiffany\vlcplayer558497.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00000000 ____A C:\Users\Tiffany\rundll32371444.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00000000 ____A C:\Users\Tiffany\alg910384.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00000000 ____A C:\Users\Tiffany\alg903587.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00339968 ____A C:\Users\Tiffany\googleupdate970861.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00339968 ____A C:\Users\Tiffany\googleupdate558524.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\notepad.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\acrobat.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\iexplore.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\firefox.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00000000 ____A C:\Users\Tiffany\opera203082.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00000000 ____A C:\Users\Tiffany\jucheck.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00000000 ____A C:\Users\Tiffany\googleupdate.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00000000 ____A C:\Users\Tiffany\ctfmon756610.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00339968 ____A C:\Users\Tiffany\java.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00339968 ____A C:\Users\Tiffany\ctfmon.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\msconfig.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00104448 ____A (TrueCrypt Foundation) C:\Users\Tiffany\csrss.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\rundll32.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\flashplayer.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00000000 ____A C:\Users\Tiffany\spoolsv.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00000000 ____A C:\Users\Tiffany\opera.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00000000 ____A C:\Users\Tiffany\icq.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00000000 ____A C:\Users\Tiffany\acrobatreader.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00339968 ____A C:\Users\Tiffany\vlcplayer.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00339968 ____A C:\Users\Tiffany\jqs.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\winlogon.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\teamviewer.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____D C:\Users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\windowsupdate.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\skype.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\mstsc.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\conhost.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\chrome.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\alg.exe
2013-06-03 10:46 - 2013-06-03 10:46 - 00027892 ____A C:\ComboFix.txt
2013-06-03 10:00 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-03 10:00 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-03 10:00 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-03 10:00 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-03 10:00 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-03 10:00 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-03 10:00 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-03 10:00 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-03 09:59 - 2013-06-03 10:47 - 00000000 ____D C:\Qoobox
2013-06-03 09:59 - 2013-06-03 10:43 - 00000000 ____D C:\Windows\erdnt
2013-06-02 20:46 - 2013-06-02 20:46 - 00000000 ____D C:\Users\Mom\AppData\Roaming\Motorola Mobility
2013-06-02 20:34 - 2013-06-02 20:34 - 00000000 ____D C:\Windows\ERUNT
2013-06-02 20:33 - 2013-06-02 20:51 - 00000000 ____D C:\JRT
2013-06-02 20:22 - 2013-06-02 20:23 - 00002316 ____A C:\AdwCleaner[S1].txt
2013-06-02 20:22 - 2013-06-02 20:22 - 00002128 ____A C:\AdwCleaner[R1].txt
2013-05-31 10:09 - 2013-05-31 10:09 - 00002546 ____A C:\Users\Tiffany\Documents\virus scan 3.txt
2013-05-30 19:44 - 2013-06-03 21:32 - 00000000 ____D C:\Users\Tiffany\Desktop\Fake Porn
2013-05-30 18:42 - 2013-05-30 18:42 - 00003066 ____A C:\Users\Tiffany\Documents\virus scan 2.txt
2013-05-30 15:01 - 2013-05-30 15:01 - 00003082 ____A C:\Users\Tiffany\Documents\virus scan.txt
2013-05-29 13:36 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-29 13:36 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-29 13:36 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-29 13:36 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-29 13:36 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-29 13:36 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-29 13:36 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-29 13:36 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-29 13:36 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-29 13:36 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-29 13:36 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-29 13:36 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-29 13:36 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-29 13:36 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-29 13:36 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-29 13:36 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-29 13:36 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-29 13:36 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-29 13:36 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-29 13:36 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-29 13:36 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-28 09:32 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-28 09:32 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-28 09:32 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-28 09:31 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-28 09:31 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-28 09:31 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-28 09:31 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-28 09:31 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-28 09:31 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-28 09:31 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-28 09:31 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-28 09:31 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-28 09:31 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-28 09:31 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-21 12:54 - 2013-05-30 17:28 - 00000000 ____D C:\Users\Tiffany\AppData\Roaming\wabEventSupport16
2013-05-14 21:44 - 2013-05-30 17:23 - 00000000 ____D C:\Users\Tiffany\AppData\Local\LunarianConcepts
2013-05-07 19:53 - 2013-05-07 19:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-07 19:53 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-04 12:29 - 2013-05-04 12:29 - 00000251 ____A C:\Users\Tiffany\Desktop\Discuss How To Instrument cluster bulb replacement - Ford Ranger Forum.url
 
==================== One Month Modified Files and Folders =======
 
2013-06-03 21:32 - 2013-06-03 21:32 - 00000000 ____D C:\FRST
2013-06-03 21:32 - 2013-05-30 19:44 - 00000000 ____D C:\Users\Tiffany\Desktop\Fake Porn
2013-06-03 21:31 - 2009-07-14 01:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 21:30 - 2012-01-12 01:35 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-03 21:30 - 2012-01-12 01:01 - 01385643 ____A C:\Windows\WindowsUpdate.log
2013-06-03 21:29 - 2012-04-05 00:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-03 21:29 - 2012-01-12 01:35 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-03 12:28 - 2009-07-14 00:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-03 12:28 - 2009-07-14 00:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-03 12:25 - 2013-03-27 15:13 - 00000000 ____D C:\Users\Tiffany\AppData\Roaming\WildTangent
2013-06-03 12:25 - 2013-03-27 15:13 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-06-03 12:25 - 2012-01-12 01:31 - 00000000 ____D C:\ProgramData\WildTangent
2013-06-03 12:23 - 2013-04-30 15:30 - 00000000 ____D C:\Users\Tiffany\.gstreamer-0.10
2013-06-03 12:23 - 2013-04-30 15:23 - 00000000 ____D C:\Users\Tiffany\AppData\Roaming\MotoCast
2013-06-03 12:20 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-03 12:20 - 2009-07-14 00:51 - 00055234 ____A C:\Windows\setupact.log
2013-06-03 12:19 - 2013-06-03 11:21 - 00000004 ____A C:\Users\Tiffany\AppData\Roaming\skype.ini
2013-06-03 11:21 - 2013-06-03 11:21 - 00339968 ____A C:\Users\Tiffany\java80729.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00339968 ____A C:\Users\Tiffany\alg323256.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\icq730997.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00104448 ____A (TrueCrypt Foundation) C:\Users\Tiffany\iexplore956806.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\rundll32888162.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\notepad496918.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00000000 ____A C:\Users\Tiffany\vlcplayer558497.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00000000 ____A C:\Users\Tiffany\rundll32371444.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00000000 ____A C:\Users\Tiffany\alg910384.exe
2013-06-03 11:21 - 2013-06-03 11:21 - 00000000 ____A C:\Users\Tiffany\alg903587.exe
2013-06-03 11:21 - 2012-03-29 20:33 - 00000000 ____D C:\users\Tiffany
2013-06-03 11:18 - 2013-06-03 11:18 - 00339968 ____A C:\Users\Tiffany\googleupdate970861.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00339968 ____A C:\Users\Tiffany\googleupdate558524.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\notepad.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\acrobat.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\iexplore.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\firefox.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00000000 ____A C:\Users\Tiffany\opera203082.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00000000 ____A C:\Users\Tiffany\jucheck.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00000000 ____A C:\Users\Tiffany\googleupdate.exe
2013-06-03 11:18 - 2013-06-03 11:18 - 00000000 ____A C:\Users\Tiffany\ctfmon756610.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00339968 ____A C:\Users\Tiffany\java.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00339968 ____A C:\Users\Tiffany\ctfmon.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\msconfig.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00104448 ____A (TrueCrypt Foundation) C:\Users\Tiffany\csrss.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\rundll32.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00079360 ____A (TrueCrypt Foundation) C:\Users\Tiffany\flashplayer.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00000000 ____A C:\Users\Tiffany\spoolsv.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00000000 ____A C:\Users\Tiffany\opera.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00000000 ____A C:\Users\Tiffany\icq.exe
2013-06-03 11:16 - 2013-06-03 11:16 - 00000000 ____A C:\Users\Tiffany\acrobatreader.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00339968 ____A C:\Users\Tiffany\vlcplayer.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00339968 ____A C:\Users\Tiffany\jqs.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\winlogon.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00160256 ____A (SmartDev Software INC.) C:\Users\Tiffany\teamviewer.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____D C:\Users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\windowsupdate.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\skype.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\mstsc.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\conhost.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\chrome.exe
2013-06-03 11:13 - 2013-06-03 11:13 - 00000000 ____A C:\Users\Tiffany\alg.exe
2013-06-03 11:10 - 2012-04-09 23:19 - 00000000 ____D C:\Users\Tiffany\AppData\Roaming\vlc
2013-06-03 11:03 - 2009-07-14 01:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-03 10:47 - 2013-06-03 09:59 - 00000000 ____D C:\Qoobox
2013-06-03 10:46 - 2013-06-03 10:46 - 00027892 ____A C:\ComboFix.txt
2013-06-03 10:43 - 2013-06-03 09:59 - 00000000 ____D C:\Windows\erdnt
2013-06-03 10:31 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-06-03 10:29 - 2010-11-20 23:47 - 00722818 ____A C:\Windows\PFRO.log
2013-06-03 10:29 - 2009-07-13 22:34 - 59506688 ____A C:\Windows\System32\config\software.bak
2013-06-03 10:29 - 2009-07-13 22:34 - 14155776 ____A C:\Windows\System32\config\system.bak
2013-06-03 10:29 - 2009-07-13 22:34 - 00524288 ____A C:\Windows\System32\config\default.bak
2013-06-03 10:29 - 2009-07-13 22:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2013-06-03 10:29 - 2009-07-13 22:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2013-06-03 09:49 - 2013-03-19 14:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-02 20:51 - 2013-06-02 20:33 - 00000000 ____D C:\JRT
2013-06-02 20:46 - 2013-06-02 20:46 - 00000000 ____D C:\Users\Mom\AppData\Roaming\Motorola Mobility
2013-06-02 20:46 - 2012-05-11 10:24 - 00000000 ____D C:\Users\Mom\AppData\Local\VirtualStore
2013-06-02 20:34 - 2013-06-02 20:34 - 00000000 ____D C:\Windows\ERUNT
2013-06-02 20:23 - 2013-06-02 20:22 - 00002316 ____A C:\AdwCleaner[S1].txt
2013-06-02 20:22 - 2013-06-02 20:22 - 00002128 ____A C:\AdwCleaner[R1].txt
2013-06-01 23:19 - 2012-01-12 01:41 - 00000000 ____D C:\ProgramData\Norton
2013-05-31 10:09 - 2013-05-31 10:09 - 00002546 ____A C:\Users\Tiffany\Documents\virus scan 3.txt
2013-05-30 18:42 - 2013-05-30 18:42 - 00003066 ____A C:\Users\Tiffany\Documents\virus scan 2.txt
2013-05-30 17:28 - 2013-05-21 12:54 - 00000000 ____D C:\Users\Tiffany\AppData\Roaming\wabEventSupport16
2013-05-30 17:23 - 2013-05-14 21:44 - 00000000 ____D C:\Users\Tiffany\AppData\Local\LunarianConcepts
2013-05-30 15:39 - 2013-02-28 16:28 - 00000000 ____D C:\Windows\rescache
2013-05-30 15:01 - 2013-05-30 15:01 - 00003082 ____A C:\Users\Tiffany\Documents\virus scan.txt
2013-05-30 12:31 - 2013-03-19 20:33 - 00000000 ____D C:\Users\Tiffany\AppData\Roaming\uTorrent
2013-05-30 11:58 - 2009-07-14 00:45 - 00294040 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-29 13:40 - 2013-03-28 12:45 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-28 15:00 - 2013-03-23 10:05 - 00002154 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-28 09:22 - 2012-05-20 22:39 - 00000000 ____D C:\users\Mcx1-TIFFANY-PC
2013-05-28 09:22 - 2012-05-11 10:24 - 00000000 ____D C:\users\Mom
2013-05-28 09:22 - 2012-05-11 09:19 - 00000000 ____D C:\users\Guest
2013-05-28 09:21 - 2012-05-01 16:41 - 00000000 ____D C:\ProgramData\Trend Micro
2013-05-28 09:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-28 09:21 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-28 09:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-05-16 00:05 - 2013-04-16 20:26 - 00002209 ____A C:\Users\Tiffany\Documents\songs.txt
2013-05-15 09:51 - 2012-04-05 00:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 09:51 - 2011-10-30 22:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-07 19:53 - 2013-05-07 19:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-07 19:53 - 2013-03-19 14:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-05-05 21:31 - 2011-10-30 22:33 - 00000000 ____D C:\ProgramData\Adobe
2013-05-04 12:29 - 2013-05-04 12:29 - 00000251 ____A C:\Users\Tiffany\Desktop\Discuss How To Instrument cluster bulb replacement - Ford Ranger Forum.url
 
ZeroAccess:
C:\Users\Tiffany\AppData\Local\{56e02f73-c73e-341c-1909-583710acfd43}
 
Files to move or delete:
====================
C:\ProgramData\uninstall1513370.exe
C:\Users\Tiffany\acrobat.exe
C:\Users\Tiffany\acrobatreader.exe
C:\Users\Tiffany\alg.exe
C:\Users\Tiffany\alg323256.exe
C:\Users\Tiffany\alg903587.exe
C:\Users\Tiffany\alg910384.exe
C:\Users\Tiffany\chrome.exe
C:\Users\Tiffany\conhost.exe
C:\Users\Tiffany\csrss.exe
C:\Users\Tiffany\ctfmon.exe
C:\Users\Tiffany\ctfmon756610.exe
C:\Users\Tiffany\firefox.exe
C:\Users\Tiffany\flashplayer.exe
C:\Users\Tiffany\googleupdate.exe
C:\Users\Tiffany\googleupdate558524.exe
C:\Users\Tiffany\googleupdate970861.exe
C:\Users\Tiffany\icq.exe
C:\Users\Tiffany\icq730997.exe
C:\Users\Tiffany\iexplore.exe
C:\Users\Tiffany\iexplore956806.exe
C:\Users\Tiffany\java.exe
C:\Users\Tiffany\java80729.exe
C:\Users\Tiffany\jqs.exe
C:\Users\Tiffany\jucheck.exe
C:\Users\Tiffany\msconfig.exe
C:\Users\Tiffany\mstsc.exe
C:\Users\Tiffany\notepad.exe
C:\Users\Tiffany\notepad496918.exe
C:\Users\Tiffany\opera.exe
C:\Users\Tiffany\opera203082.exe
C:\Users\Tiffany\rundll32.exe
C:\Users\Tiffany\rundll32371444.exe
C:\Users\Tiffany\rundll32888162.exe
C:\Users\Tiffany\skype.exe
C:\Users\Tiffany\spoolsv.exe
C:\Users\Tiffany\teamviewer.exe
C:\Users\Tiffany\vlcplayer.exe
C:\Users\Tiffany\vlcplayer558497.exe
C:\Users\Tiffany\windowsupdate.exe
C:\Users\Tiffany\winlogon.exe
C:\Users\Tiffany\AppData\Roaming\skype.dat
C:\Users\Tiffany\AppData\Roaming\skype.ini
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
Last Boot: 2013-06-03 12:43
 
==================== End Of Log ============================

 

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 03 June 2013 - 10:56 PM

Hello VitalEcho



I need you to download this script I have made for you --> Attached File  fixlist.txt   6.17KB   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 VitalEcho

VitalEcho
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 04 June 2013 - 08:21 AM

Haven't run into the blackout screen this time around, so far. IE is still acting weird. Links clicked on a webpage load fine, urls entered into the address bar seem to never initiate loading still.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-06-2013 02
Ran by Tiffany at 2013-06-04 09:14:18 Run:1
Running from C:\Users\Tiffany\Desktop\Fake Porn
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\LunarianConcepts => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\ProgramData\uninstall1513370.exe => Moved successfully.
C:\Users\Tiffany\AppData\Local\LunarianConcepts\ixqsxuju.dll => Moved successfully.
C:\Users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad => Moved successfully.
C:\Users\Tiffany\iexplore956806.exe => Moved successfully.
C:\Users\Tiffany\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Tiffany\java80729.exe => Moved successfully.
C:\Users\Tiffany\alg323256.exe => Moved successfully.
C:\Users\Tiffany\icq730997.exe => Moved successfully.
C:\Users\Tiffany\iexplore956806.exe => File/Directory not found.
C:\Users\Tiffany\rundll32888162.exe => Moved successfully.
C:\Users\Tiffany\notepad496918.exe => Moved successfully.
C:\Users\Tiffany\vlcplayer558497.exe => Moved successfully.
C:\Users\Tiffany\rundll32371444.exe => Moved successfully.
C:\Users\Tiffany\alg910384.exe => Moved successfully.
C:\Users\Tiffany\alg903587.exe => Moved successfully.
C:\Users\Tiffany\googleupdate970861.exe => Moved successfully.
C:\Users\Tiffany\googleupdate558524.exe => Moved successfully.
C:\Users\Tiffany\notepad.exe => Moved successfully.
C:\Users\Tiffany\acrobat.exe => Moved successfully.
C:\Users\Tiffany\iexplore.exe => Moved successfully.
C:\Users\Tiffany\firefox.exe => Moved successfully.
C:\Users\Tiffany\opera203082.exe => Moved successfully.
C:\Users\Tiffany\jucheck.exe => Moved successfully.
C:\Users\Tiffany\googleupdate.exe => Moved successfully.
C:\Users\Tiffany\ctfmon756610.exe => Moved successfully.
C:\Users\Tiffany\java.exe => Moved successfully.
C:\Users\Tiffany\ctfmon.exe => Moved successfully.
C:\Users\Tiffany\msconfig.exe => Moved successfully.
C:\Users\Tiffany\csrss.exe => Moved successfully.
C:\Users\Tiffany\rundll32.exe => Moved successfully.
C:\Users\Tiffany\flashplayer.exe => Moved successfully.
C:\Users\Tiffany\spoolsv.exe => Moved successfully.
C:\Users\Tiffany\opera.exe => Moved successfully.
C:\Users\Tiffany\icq.exe => Moved successfully.
C:\Users\Tiffany\acrobatreader.exe => Moved successfully.
C:\Users\Tiffany\vlcplayer.exe => Moved successfully.
C:\Users\Tiffany\jqs.exe => Moved successfully.
C:\Users\Tiffany\winlogon.exe => Moved successfully.
C:\Users\Tiffany\teamviewer.exe => Moved successfully.
C:\Users\Tiffany\AppData\Local\41df6453-493b-487e-aed7-9a6c1ba04456ad => File/Directory not found.
C:\Users\Tiffany\windowsupdate.exe => Moved successfully.
C:\Users\Tiffany\skype.exe => Moved successfully.
C:\Users\Tiffany\mstsc.exe => Moved successfully.
C:\Users\Tiffany\conhost.exe => Moved successfully.
C:\Users\Tiffany\chrome.exe => Moved successfully.
C:\Users\Tiffany\alg.exe => Moved successfully.
C:\Users\Tiffany\AppData\Local\{56e02f73-c73e-341c-1909-583710acfd43} => Moved successfully.
C:\ProgramData\uninstall1513370.exe => File/Directory not found.
C:\Users\Tiffany\acrobat.exe => File/Directory not found.
C:\Users\Tiffany\acrobatreader.exe => File/Directory not found.
C:\Users\Tiffany\alg.exe => File/Directory not found.
C:\Users\Tiffany\alg323256.exe => File/Directory not found.
C:\Users\Tiffany\alg903587.exe => File/Directory not found.
C:\Users\Tiffany\alg910384.exe => File/Directory not found.
C:\Users\Tiffany\chrome.exe => File/Directory not found.
C:\Users\Tiffany\conhost.exe => File/Directory not found.
C:\Users\Tiffany\csrss.exe => File/Directory not found.
C:\Users\Tiffany\ctfmon.exe => File/Directory not found.
C:\Users\Tiffany\ctfmon756610.exe => File/Directory not found.
C:\Users\Tiffany\firefox.exe => File/Directory not found.
C:\Users\Tiffany\flashplayer.exe => File/Directory not found.
C:\Users\Tiffany\googleupdate.exe => File/Directory not found.
C:\Users\Tiffany\googleupdate558524.exe => File/Directory not found.
C:\Users\Tiffany\googleupdate970861.exe => File/Directory not found.
C:\Users\Tiffany\icq.exe => File/Directory not found.
C:\Users\Tiffany\icq730997.exe => File/Directory not found.
C:\Users\Tiffany\iexplore.exe => File/Directory not found.
C:\Users\Tiffany\iexplore956806.exe => File/Directory not found.
C:\Users\Tiffany\java.exe => File/Directory not found.
C:\Users\Tiffany\java80729.exe => File/Directory not found.
C:\Users\Tiffany\jqs.exe => File/Directory not found.
C:\Users\Tiffany\jucheck.exe => File/Directory not found.
C:\Users\Tiffany\msconfig.exe => File/Directory not found.
C:\Users\Tiffany\mstsc.exe => File/Directory not found.
C:\Users\Tiffany\notepad.exe => File/Directory not found.
C:\Users\Tiffany\notepad496918.exe => File/Directory not found.
C:\Users\Tiffany\opera.exe => File/Directory not found.
C:\Users\Tiffany\opera203082.exe => File/Directory not found.
C:\Users\Tiffany\rundll32.exe => File/Directory not found.
C:\Users\Tiffany\rundll32371444.exe => File/Directory not found.
C:\Users\Tiffany\rundll32888162.exe => File/Directory not found.
C:\Users\Tiffany\skype.exe => File/Directory not found.
C:\Users\Tiffany\spoolsv.exe => File/Directory not found.
C:\Users\Tiffany\teamviewer.exe => File/Directory not found.
C:\Users\Tiffany\vlcplayer.exe => File/Directory not found.
C:\Users\Tiffany\vlcplayer558497.exe => File/Directory not found.
C:\Users\Tiffany\windowsupdate.exe => File/Directory not found.
C:\Users\Tiffany\winlogon.exe => File/Directory not found.
C:\Users\Tiffany\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Tiffany\AppData\Roaming\skype.ini => File/Directory not found.

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========



The system needs a manual reboot.

==== End of Fixlog ====



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 04 June 2013 - 10:13 AM


Hello VitalEcho

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following
  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 VitalEcho

VitalEcho
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 04 June 2013 - 11:47 AM

IE issues fixed! Still haven't run into any hijacking or blackout issues as of now. I'll reply again tonight after using the computer a little more heavily to let you know if it's back to normal. Seriously appreciate the help, Gringo, and the timely responce to every single post!



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 04 June 2013 - 04:38 PM


Hello VitalEcho

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 VitalEcho

VitalEcho
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 04 June 2013 - 08:04 PM

No problems so far. Computer seems to be running good, no browser hijacking, or screen blackouts. IE works fine now.

 

 

 

ComboFix 13-06-03.03 - Tiffany 06/04/2013  20:54:59.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2126 [GMT -4:00]
Running from: c:\users\Tiffany\Desktop\Fake Porn\ComboFix.exe
Command switches used :: c:\users\Tiffany\Desktop\Fake Porn\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium *Disabled/Outdated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium *Disabled/Outdated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-05 to 2013-06-05  )))))))))))))))))))))))))))))))
.
.
2013-06-05 01:00 . 2013-06-05 01:00 -------- d-----w- c:\users\Mom\AppData\Local\temp
2013-06-05 01:00 . 2013-06-05 01:00 -------- d-----w- c:\users\Mcx1-TIFFANY-PC\AppData\Local\temp
2013-06-05 01:00 . 2013-06-05 01:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-06-05 01:00 . 2013-06-05 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-05 00:21 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-05 00:21 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-05 00:21 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-06-05 00:21 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-05 00:21 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-05 00:21 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-05 00:21 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-05 00:21 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-05 00:21 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-05 00:21 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-05 00:20 . 2013-06-05 00:20 -------- d-----w- c:\program files\AVAST Software
2013-06-05 00:17 . 2013-06-05 00:20 -------- d-----w- c:\programdata\AVAST Software
2013-06-04 01:32 . 2013-06-04 13:14 -------- d-----w- C:\FRST
2013-06-03 00:46 . 2013-06-03 00:46 -------- d-----w- c:\users\Mom\AppData\Roaming\Motorola Mobility
2013-06-03 00:34 . 2013-06-03 00:34 -------- d-----w- c:\windows\ERUNT
2013-06-03 00:33 . 2013-06-03 00:51 -------- d-----w- C:\JRT
2013-05-28 13:32 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-28 13:32 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-28 13:32 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-28 13:31 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-28 13:31 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-28 13:31 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-28 13:31 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-28 13:31 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-28 13:31 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-28 13:31 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 13:31 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-28 13:31 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-21 16:54 . 2013-05-30 21:28 -------- d-----w- c:\users\Tiffany\AppData\Roaming\wabEventSupport16
2013-05-15 01:44 . 2013-06-04 13:14 -------- d-----w- c:\users\Tiffany\AppData\Local\LunarianConcepts
2013-05-07 23:53 . 2013-05-07 23:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-07 23:53 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-29 17:40 . 2013-03-28 16:45 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 13:51 . 2012-04-05 04:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:51 . 2011-10-31 02:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 12:42 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-28 13:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-28 13:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 13:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 13:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 13:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-28 13:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 17:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-29 23:12 . 2013-03-29 23:11 234544 ----a-w- c:\windows\RegBootClean64.exe
2013-03-28 16:41 . 2013-03-28 16:41 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-28 16:41 . 2013-03-28 16:41 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-28 16:41 . 2013-03-28 16:41 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-28 16:41 . 2013-03-28 16:41 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-28 16:41 . 2013-03-28 16:41 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-28 16:41 . 2013-03-28 16:41 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-28 16:41 . 2013-03-28 16:41 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-28 16:41 . 2013-03-28 16:41 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-28 16:41 . 2013-03-28 16:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-28 16:41 . 2013-03-28 16:41 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-28 16:41 . 2013-03-28 16:41 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-28 16:41 . 2013-03-28 16:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-28 16:41 . 2013-03-28 16:41 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-28 16:41 . 2013-03-28 16:41 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-28 16:41 . 2013-03-28 16:41 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-28 16:41 . 2013-03-28 16:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-28 16:41 . 2013-03-28 16:41 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-28 16:41 . 2013-03-28 16:41 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-28 16:41 . 2013-03-28 16:41 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-28 16:41 . 2013-03-28 16:41 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-28 16:41 . 2013-03-28 16:41 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-28 16:41 . 2013-03-28 16:41 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-28 16:41 . 2013-03-28 16:41 441856 ----a-w- c:\windows\system32\html.iec
2013-03-28 16:41 . 2013-03-28 16:41 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-28 16:41 . 2013-03-28 16:41 235008 ----a-w- c:\windows\system32\url.dll
2013-03-28 16:41 . 2013-03-28 16:41 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-28 16:41 . 2013-03-28 16:41 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-28 16:41 . 2013-03-28 16:41 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-28 16:41 . 2013-03-28 16:41 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-28 16:41 . 2013-03-28 16:41 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-28 16:41 . 2013-03-28 16:41 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-28 16:41 . 2013-03-28 16:41 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-28 16:41 . 2013-03-28 16:41 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-28 16:41 . 2013-03-28 16:41 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-28 16:41 . 2013-03-28 16:41 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-28 16:41 . 2013-03-28 16:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-28 16:41 . 2013-03-28 16:41 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-28 16:41 . 2013-03-28 16:41 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-28 16:41 . 2013-03-28 16:41 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-28 16:41 . 2013-03-28 16:41 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-28 16:41 . 2013-03-28 16:41 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-28 16:41 . 2013-03-28 16:41 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-28 16:41 . 2013-03-28 16:41 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-28 16:41 . 2013-03-28 16:41 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-28 16:41 . 2013-03-28 16:41 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-28 16:41 . 2013-03-28 16:41 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-28 16:41 . 2013-03-28 16:41 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-28 16:41 . 2013-03-28 16:41 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-28 16:41 . 2013-03-28 16:41 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-24 21:39 . 2012-05-21 14:10 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-03-24 21:39 . 2012-05-21 14:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-03-19 19:19 . 2013-03-19 19:19 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2013-03-19 06:04 . 2013-04-10 21:08 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 21:08 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 21:08 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 21:08 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 21:08 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 21:08 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2013-04-30 2022]
"GoogleChromeAutoLaunch_8AEA0EEB960CAFACB93F92690E929CDE"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-05-23 825808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk.disabled [2012-10-1 1246]
PNotes.lnk.disabled [2013-2-23 1148]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R0 aswRvrt;aswRvrt; [x]
R1 aswSnx;aswSnx; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]
R3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys;c:\windows\SYSNATIVE\DRIVERS\tmnciesc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswVmm;aswVmm; [x]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys;c:\windows\SYSNATIVE\DRIVERS\TMEBC64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSP;aswSP; [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe;c:\windows\SYSNATIVE\lxdxcoms.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - ASWVMM
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-28 18:59 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:51]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 05:35]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 05:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 213856]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\5i0osxqa.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-04  21:02:12
ComboFix-quarantined-files.txt  2013-06-05 01:02
ComboFix2.txt  2013-06-05 00:45
ComboFix3.txt  2013-06-03 14:46
.
Pre-Run: 52,327,358,464 bytes free
Post-Run: 52,255,055,872 bytes free
.
- - End Of File - - 3ABBE51B0153D3D7A0ADD1993A5B0955
 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:36 AM

Posted 04 June 2013 - 08:46 PM


Hello VitalEcho

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 VitalEcho

VitalEcho
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 05 June 2013 - 09:15 AM

Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Apple Application Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
D3DX10
Google Chrome
Google Earth
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 25
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Norton PC Checkup
OpenOffice.org 3.4.1
PlayReady PC Runtime x86
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Skype Launcher
Skype™ 5.10
SPORE™
Spybot - Search & Destroy
The Sims™ 3
The Sims™ 3 Create a Sim
The Sims™ 3 High-End Loft Stuff
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users