Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hit with SystemCare Anti-virus


  • Please log in to reply
22 replies to this topic

#1 captwalt929

captwalt929

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 20 June 2013 - 01:50 PM

Hi all,

I need help with the removal of some lingering files from SystemCare (phony) anti-virus. I jumped the gun and ran combofix and it did get my machine back up and running but I can't get Microsoft Security Essentials to open and run. I keep getting an error code(0x80073b01) for the file "msseces". I also found some files that are associated with this malware that are probably gumming up my computer. I'm using Windows 7 professional and no additional antivirus programs other than Sec. Essentials.

This malware got into my machine from a phony FedEx email that I stupidly opened (it should have been caught by Windows Live Mail)

I did create a log report from Combofix, which I am attaching. Any and all help would be greatly appriciated.

Combofix did get my computer back to a decent working speed but I still have issues.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 23 June 2013 - 04:55 AM


Hello captwalt929

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 captwalt929

captwalt929
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 25 June 2013 - 10:55 AM

Gringo,

Had a hard time trying to send the reports as an open notepad form. The reports arebelow as attached files. I hope these are ok for you to use.

The computer is working like it should except I still can't get Security Essentials to open and run. I keep getting the same error message.

Hope you see the problem.

captwalt929

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 25 June 2013 - 12:06 PM

Hello captwalt929


You have sent me the same report twice, I need the main report from first


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 captwalt929

captwalt929
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 25 June 2013 - 10:13 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by Owner (administrator) on 25-06-2013 23:02:44
Running from C:\Users\Owner\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(COMPANYVERS_NAME) C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AWS Convergence Technologies, Inc.) C:\Program Files\AWS\WeatherBug\Weather.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(AWS Convergence Technologies, Inc.) C:\Program Files\AWS\WeatherBug\Weather.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Farbar) C:\Users\Owner\Downloads\FRST (2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 60 [69632 2010-07-27] (Primax Electronics Ltd.)
HKLM\...\Run: [Power Manager Power Agenda] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe [75064 2010-07-28] ()
HKLM\...\Run: [Lenovo Registration] C:\Program Files\Lenovo Registration\LenovoReg.exe /boot [4309184 2011-02-09] (Lenovo, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2012-06-14] (RealNetworks, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKCU\...\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 [1652736 2011-10-05] (AWS Convergence Technologies, Inc.)
HKCU\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-06-07] (Google Inc.)
HKU\Default\...\RunOnce: []  [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~1\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [ 2009-03-24] ()
HKU\Default User\...\RunOnce: []  [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~1\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [ 2009-03-24] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL =
SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm077^S02028^us&ptb=D9ECB18D-4B4B-48E5-A7BB-8B781354FC87&ind=2012081909&n=77edeef5&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {2368D2CA-A3FB-4E86-9044-A61F32F9B152} URL =
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL =
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL =
SearchScopes: HKCU - {CFA05B85-3797-432A-B99D-3B7A238A7CBB} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282134&CUI=UN12781343871636371
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} http://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://www.gamehouse.com/games/zylom/zylomplayer.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://acs-inc.webex.com/client/WBXclient-T27L10NSP32EP5-14362/nbr/ieatgpc1.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\user.js
FF Homepage: hxxp://www.optimum.net/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: VideoDownloadConverter - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\Extensions\{725b5896-d7e3-11e2-8276-b8ac6f996f26}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20472 2012-09-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [287824 2012-09-12] (Microsoft Corporation)
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
S2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [184320 2010-04-22] ()
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [21416 2012-09-13] ()
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)
R2 VideoDownloadConverter_4zService; C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [42504 2012-08-19] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation)
S3 TrufosAlt; C:\Windows\System32\DRIVERS\TrufosAlt.sys [309320 2013-06-18] (BitDefender S.R.L.)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [x]
R3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-25 23:01 - 2013-06-25 23:02 - 01370251 ____A (Farbar) C:\Users\Owner\Downloads\FRST (2).exe
2013-06-25 11:54 - 2013-06-25 11:55 - 00000000 ____D C:\Users\Owner\AppData\Local\{6587CC44-287F-4CEB-B969-53EE2F446B61}
2013-06-25 11:45 - 2013-06-25 11:45 - 00006811 ____A C:\Users\Owner\Downloads\frst addition.zip
2013-06-25 11:44 - 2013-06-25 11:44 - 00000000 ____D C:\43ba2ba7459f6d00fa7890f7
2013-06-25 11:42 - 2013-06-25 11:42 - 00001481 ____A C:\Users\Owner\Downloads\frst addition - Shortcut.lnk
2013-06-25 11:31 - 2013-06-25 11:31 - 00001418 ____A C:\Users\Owner\Desktop\FRST - Shortcut.lnk
2013-06-25 11:30 - 2013-06-25 11:30 - 00001503 ____A C:\Users\Owner\Desktop\frst addition - Shortcut.lnk
2013-06-25 01:26 - 2013-06-25 01:26 - 00001458 ____A C:\Users\Owner\Desktop\gringo - Shortcut.lnk
2013-06-25 01:07 - 2013-06-25 01:33 - 00026543 ____A C:\Users\Owner\Downloads\frst addition.txt
2013-06-25 01:05 - 2013-06-25 01:05 - 00026543 ____A C:\Users\Owner\Downloads\Addition.txt
2013-06-25 01:04 - 2013-06-25 01:04 - 00000000 ____D C:\FRST
2013-06-25 01:03 - 2013-06-25 01:04 - 01370263 ____A (Farbar) C:\Users\Owner\Downloads\FRST (1).exe
2013-06-25 01:02 - 2013-06-25 01:03 - 01370263 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-25 00:53 - 2013-06-25 00:53 - 00004042 ____A C:\Users\Owner\Documents\gringo.txt
2013-06-24 23:54 - 2013-06-24 23:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{E3662E2C-F899-44E3-BAE5-9423865AAF19}
2013-06-23 22:14 - 2013-06-23 22:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{472E1217-5440-4924-9526-4C3C648B79EB}
2013-06-23 00:50 - 2013-06-23 00:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{EB810F3F-EB5C-4EDB-994C-48D22B800B5F}
2013-06-22 03:43 - 2013-06-22 03:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{EA9ABF8A-BD7F-4A2E-B1DD-D33C7FF5E8EA}
2013-06-20 21:11 - 2013-06-20 21:11 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
2013-06-20 21:10 - 2013-06-20 21:11 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Google
2013-06-20 21:10 - 2013-06-20 21:11 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2013-06-20 21:10 - 2013-06-20 21:10 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2013-06-20 21:10 - 2013-06-20 21:10 - 00000000 ____D C:\Users\Guest\AppData\Roaming\DesktopPwrMgr
2013-06-20 21:10 - 2013-06-20 21:10 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-06-20 21:09 - 2013-06-20 21:09 - 00000020 __ASH C:\Users\Guest\ntuser.ini
2013-06-20 21:09 - 2013-06-20 21:09 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Real
2013-06-20 21:09 - 2013-06-20 21:09 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Leadertech
2013-06-20 21:09 - 2013-06-20 21:09 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2013-06-20 21:09 - 2013-06-20 21:09 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2013-06-20 21:09 - 2013-06-20 21:09 - 00000000 ____D C:\users\Guest
2013-06-20 21:09 - 2013-03-14 10:14 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Help
2013-06-20 14:49 - 2013-06-20 14:49 - 00000834 ____A C:\Users\Owner\Desktop\combofix report - Shortcut.lnk
2013-06-20 14:48 - 2013-06-20 14:44 - 00014296 ____A C:\Users\Owner\Documents\combofix report.txt
2013-06-20 14:44 - 2013-06-20 14:44 - 00014296 ____A C:\combofix report.txt
2013-06-20 13:29 - 2013-06-20 13:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{559B3608-A781-425D-BBB4-10FA40B6B1B1}
2013-06-19 17:41 - 2013-06-19 17:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{DC01E97D-7075-4F89-A185-A3A99BBB7AFD}
2013-06-19 17:27 - 2013-06-19 17:27 - 00014296 ____A C:\ComboFix.txt
2013-06-19 17:03 - 2013-06-19 17:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Max Secure Software
2013-06-19 17:01 - 2013-06-19 17:01 - 00368256 ____A (RegNow.com) C:\Users\Owner\Downloads\Download_MaxDownloadMgrtrial (1).exe
2013-06-19 16:47 - 2013-06-19 16:47 - 04560251 ____A C:\Users\Owner\Downloads\Windows6.1-KB2592687-x86.msu
2013-06-19 15:43 - 2013-05-16 19:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-19 15:43 - 2013-05-16 18:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-19 15:43 - 2013-05-16 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-19 15:43 - 2013-05-16 18:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-19 15:43 - 2013-05-16 18:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-19 15:43 - 2013-05-16 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-19 15:43 - 2013-05-16 18:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-19 15:43 - 2013-05-16 18:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-19 15:43 - 2013-05-16 18:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-19 15:43 - 2013-05-16 18:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-19 15:43 - 2013-05-16 18:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-19 15:43 - 2013-05-16 18:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-19 15:43 - 2013-05-16 18:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-19 15:43 - 2013-05-16 18:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-19 15:43 - 2013-05-16 18:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-19 15:43 - 2013-05-16 18:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-19 15:41 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-19 15:41 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-19 15:41 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-19 15:41 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-19 15:41 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-19 15:41 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-19 15:41 - 2013-05-06 01:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-19 15:41 - 2013-05-06 01:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-19 15:41 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-19 15:40 - 2013-05-08 01:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-19 14:35 - 2013-06-19 17:27 - 00000000 ___AD C:\Qoobox
2013-06-19 14:35 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-19 14:35 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-19 14:35 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-19 14:35 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-19 14:35 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-19 14:35 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-19 14:35 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-19 14:35 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-19 14:34 - 2013-06-19 14:49 - 00000000 ____D C:\Windows\erdnt
2013-06-19 14:34 - 2013-06-19 14:34 - 05081021 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2013-06-19 12:41 - 2013-06-19 12:41 - 00045960 ____A C:\Users\Owner\AppData\Local\fwnocxjf
2013-06-19 08:44 - 2013-06-19 08:44 - 00045960 ____A C:\Users\Owner\AppData\Local\fbtgnjei
2013-06-19 07:55 - 2013-06-19 17:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GetRightToGo
2013-06-19 07:54 - 2013-06-19 07:54 - 00368256 ____A (RegNow.com) C:\Users\Owner\Downloads\Download_MaxDownloadMgrtrial.exe
2013-06-19 06:32 - 2013-06-19 06:32 - 00598808 ____A C:\Users\Owner\AppData\Local\cbiohtac
2013-06-19 04:37 - 2013-06-19 04:37 - 00045960 ____A C:\Users\Owner\AppData\Local\pkipeemu
2013-06-19 00:41 - 2013-06-19 00:41 - 00045960 ____A C:\Users\Owner\AppData\Local\uhnacjrt
2013-06-18 20:45 - 2013-06-18 20:45 - 00045960 ____A C:\Users\Owner\AppData\Local\otnhqwue
2013-06-18 16:40 - 2013-06-18 16:40 - 00045960 ____A C:\Users\Owner\AppData\Local\ijwjnful
2013-06-18 12:59 - 2013-06-18 12:59 - 00045960 ____A C:\Users\Owner\AppData\Local\jtmwoicv
2013-06-18 08:47 - 2013-06-18 08:47 - 00045960 ____A C:\Users\Owner\AppData\Local\cxhpalfe
2013-06-18 08:13 - 2013-06-18 08:13 - 00001732 ____A C:\tvtpktfilter.dat
2013-06-18 06:44 - 2013-06-18 06:44 - 00598808 ____A C:\Users\Owner\AppData\Local\jbuqqwpq
2013-06-18 06:07 - 2013-06-22 03:33 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2013-06-18 05:49 - 2013-06-18 05:49 - 00000000 ____D C:\ProgramData\SMR322
2013-06-18 05:48 - 2013-06-18 12:17 - 00000000 ____D C:\Users\Owner\AppData\Local\NPE
2013-06-18 05:48 - 2013-06-18 05:48 - 00309320 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys
2013-06-18 05:48 - 2013-06-18 05:48 - 00000000 ____D C:\ProgramData\Norton
2013-06-18 04:57 - 2013-06-18 04:57 - 00045960 ____A C:\Users\Owner\AppData\Local\efnodhlx
2013-06-18 04:47 - 2013-06-18 04:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2013-06-18 04:47 - 2013-06-18 04:47 - 00000000 ____D C:\ProgramData\IObit
2013-06-18 04:47 - 2013-06-18 04:47 - 00000000 ____D C:\Program Files\IObit
2013-06-18 04:36 - 2013-06-18 04:52 - 00000000 ____D C:\ProgramData\SparkTrust
2013-06-18 04:36 - 2013-06-18 04:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-18 04:36 - 2013-06-18 04:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
2013-06-18 04:20 - 2013-06-18 04:20 - 00000116 ____A C:\tvttemp.txt
2013-06-18 02:59 - 2013-06-18 02:59 - 00045960 ____A C:\Users\Owner\AppData\Local\fnacidsm
2013-06-18 02:57 - 2013-06-18 02:57 - 00000000 ____A C:\Users\Owner\AppData\Roaming\SharedSettings.ccs
2013-06-18 01:15 - 2013-06-18 01:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{E6A88462-5AFE-4030-8581-F5F276119147}
2013-06-16 11:15 - 2013-06-16 11:15 - 00212992 ____A C:\Users\Nancy J. Kramer\Documents\Summary of Invoicing 12- 2006.mdb
2013-06-16 10:59 - 2013-06-16 11:00 - 00000000 ____D C:\Users\Nancy J. Kramer\AppData\Local\{14FE3BC2-7E9C-4223-894F-9E7132727B45}
2013-06-16 10:59 - 2013-06-16 10:59 - 00000000 ____D C:\Users\Nancy J. Kramer\AppData\Local\{65056690-5C43-4B08-B8F0-59AA0F2C49FE}
2013-06-15 10:47 - 2013-06-15 10:47 - 00000000 ____D C:\Users\Owner\AppData\Local\{49B008AA-0549-42CC-A38E-6B0AC900C064}
2013-06-13 23:28 - 2013-06-13 23:28 - 00013496 ____A C:\Users\Owner\Documents\DMT Application[1]-signed.txt
2013-06-13 12:52 - 2013-06-13 12:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{9441E66F-5A10-4424-AFC3-21165F441E0F}
2013-06-12 18:06 - 2013-06-12 18:06 - 00000000 ____D C:\Users\Owner\AppData\Local\{2CE537BF-DAF4-416B-AD69-B0F760D5661B}
2013-06-11 23:39 - 2013-06-25 16:46 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job
2013-06-11 23:39 - 2013-06-24 23:51 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job
2013-06-11 23:39 - 2013-06-20 21:09 - 00000376 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
2013-06-11 20:38 - 2013-06-11 20:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{C1B0A5B8-338F-4722-8782-7881E9DB1F23}
2013-06-09 22:55 - 2013-06-09 22:55 - 00000000 ____D C:\Users\Owner\AppData\Local\{FDB75C17-2C44-4339-B85F-62C95291D290}
2013-06-08 13:26 - 2013-06-08 13:26 - 00001823 ____A C:\Users\Owner\Desktop\Microsoft Office - Shortcut.lnk
2013-06-08 08:05 - 2013-06-08 08:06 - 00000000 ____D C:\Users\Owner\AppData\Local\{BE827FD2-20AA-41BD-AA1E-CB85ECEA4BBB}
2013-06-07 13:10 - 2013-06-07 13:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{2B396D3A-DB8F-4B3B-951B-B2BAC8E15C44}
2013-06-06 12:25 - 2013-06-06 12:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{7FA100B2-A272-4A20-BFA0-44C9E0E31F5A}
2013-06-04 23:14 - 2013-06-04 23:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{EE7FB356-A096-453B-9058-D556B5F26545}
2013-06-03 11:42 - 2013-06-03 11:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{BA58A747-7B0F-4BDB-81BC-F48198496F40}
2013-06-02 23:41 - 2013-06-02 23:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{5BD44D53-304B-4D77-B6DE-24A13AA9B5E6}
2013-06-02 11:41 - 2013-06-02 11:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{37A5A9F9-6F3C-4743-B13F-4C11EB1A599D}
2013-06-01 01:15 - 2013-06-01 01:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{37A3C145-DA9C-41E7-9441-3C13CCA29FB0}
2013-05-31 19:51 - 2013-05-31 19:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-31 18:26 - 2013-05-31 18:26 - 00000000 ____D C:\Users\Nancy J. Kramer\AppData\Local\Apple
2013-05-30 23:07 - 2013-05-30 23:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{42C37833-D08F-424F-841D-B6015876323F}
2013-05-29 12:26 - 2013-05-29 12:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{9370D193-8A9F-4099-AFC8-524301E88AA7}
2013-05-29 00:26 - 2013-05-29 00:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{A1A80647-CBD6-4E6A-91AB-0E87E8948AC5}
2013-05-28 12:32 - 2013-05-28 12:32 - 00153992 ____A C:\Windows\Minidump\052813-19827-01.dmp
2013-05-28 11:35 - 2013-05-28 11:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{F8559FB0-3499-41FF-878D-0F752E095619}
2013-05-27 12:39 - 2013-05-27 12:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{4E8825E3-574E-4F08-8239-294F7353EA4D}
2013-05-26 12:38 - 2013-05-26 12:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{8E5E3718-FDA5-4C8A-B8DC-145A9DDAAE5B}
2013-05-26 00:03 - 2013-05-26 00:03 - 00000241 ____A C:\Users\Nancy J. Kramer\Desktop\Home Gallery Furniture for Broyhill.url

==================== One Month Modified Files and Folders ========

2013-06-25 23:02 - 2013-06-25 23:01 - 01370251 ____A (Farbar) C:\Users\Owner\Downloads\FRST (2).exe
2013-06-25 22:21 - 2012-06-19 13:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-25 22:15 - 2012-06-07 14:50 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 16:46 - 2013-06-11 23:39 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job
2013-06-25 16:04 - 2011-07-21 08:16 - 01222863 ____A C:\Windows\WindowsUpdate.log
2013-06-25 11:55 - 2013-06-25 11:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{6587CC44-287F-4CEB-B969-53EE2F446B61}
2013-06-25 11:45 - 2013-06-25 11:45 - 00006811 ____A C:\Users\Owner\Downloads\frst addition.zip
2013-06-25 11:44 - 2013-06-25 11:44 - 00000000 ____D C:\43ba2ba7459f6d00fa7890f7
2013-06-25 11:44 - 2012-06-04 23:38 - 00002057 ____A C:\Windows\epplauncher.mif
2013-06-25 11:42 - 2013-06-25 11:42 - 00001481 ____A C:\Users\Owner\Downloads\frst addition - Shortcut.lnk
2013-06-25 11:31 - 2013-06-25 11:31 - 00001418 ____A C:\Users\Owner\Desktop\FRST - Shortcut.lnk
2013-06-25 11:30 - 2013-06-25 11:30 - 00001503 ____A C:\Users\Owner\Desktop\frst addition - Shortcut.lnk
2013-06-25 11:00 - 2012-06-04 17:04 - 00000466 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-06-25 09:15 - 2012-06-07 14:50 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 01:33 - 2013-06-25 01:07 - 00026543 ____A C:\Users\Owner\Downloads\frst addition.txt
2013-06-25 01:26 - 2013-06-25 01:26 - 00001458 ____A C:\Users\Owner\Desktop\gringo - Shortcut.lnk
2013-06-25 01:05 - 2013-06-25 01:05 - 00026543 ____A C:\Users\Owner\Downloads\Addition.txt
2013-06-25 01:04 - 2013-06-25 01:04 - 00000000 ____D C:\FRST
2013-06-25 01:04 - 2013-06-25 01:03 - 01370263 ____A (Farbar) C:\Users\Owner\Downloads\FRST (1).exe
2013-06-25 01:03 - 2013-06-25 01:02 - 01370263 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2013-06-25 00:53 - 2013-06-25 00:53 - 00004042 ____A C:\Users\Owner\Documents\gringo.txt
2013-06-24 23:54 - 2013-06-24 23:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{E3662E2C-F899-44E3-BAE5-9423865AAF19}
2013-06-24 23:51 - 2013-06-11 23:39 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job
2013-06-23 22:14 - 2013-06-23 22:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{472E1217-5440-4924-9526-4C3C648B79EB}
2013-06-23 18:42 - 2012-06-21 16:52 - 00000000 ____D C:\Users\Owner\AppData\Local\WeatherBug
2013-06-23 15:24 - 2012-07-01 12:30 - 00000000 ____D C:\Users\Nancy J. Kramer\AppData\Local\WeatherBug
2013-06-23 02:17 - 2009-07-14 00:34 - 00030688 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-23 02:17 - 2009-07-14 00:34 - 00030688 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-23 00:50 - 2013-06-23 00:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{EB810F3F-EB5C-4EDB-994C-48D22B800B5F}
2013-06-22 09:07 - 2012-06-07 21:20 - 00000000 ____D C:\Users\Nancy J. Kramer\AppData\Local\Google
2013-06-22 03:43 - 2013-06-22 03:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{EA9ABF8A-BD7F-4A2E-B1DD-D33C7FF5E8EA}
2013-06-22 03:33 - 2013-06-18 06:07 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2013-06-21 22:21 - 2012-06-05 22:01 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-06-20 21:11 - 2013-06-20 21:11 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
2013-06-20 21:11 - 2013-06-20 21:10 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Google
2013-06-20 21:11 - 2013-06-20 21:10 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2013-06-20 21:10 - 2013-06-20 21:10 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2013-06-20 21:10 - 2013-06-20 21:10 - 00000000 ____D C:\Users\Guest\AppData\Roaming\DesktopPwrMgr
2013-06-20 21:10 - 2013-06-20 21:10 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-06-20 21:09 - 2013-06-20 21:09 - 00000020 __ASH C:\Users\Guest\ntuser.ini
2013-06-20 21:09 - 2013-06-20 21:09 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Real
2013-06-20 21:09 - 2013-06-20 21:09 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Leadertech
2013-06-20 21:09 - 2013-06-20 21:09 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2013-06-20 21:09 - 2013-06-20 21:09 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2013-06-20 21:09 - 2013-06-20 21:09 - 00000000 ____D C:\users\Guest
2013-06-20 21:09 - 2013-06-11 23:39 - 00000376 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
2013-06-20 14:49 - 2013-06-20 14:49 - 00000834 ____A C:\Users\Owner\Desktop\combofix report - Shortcut.lnk
2013-06-20 14:44 - 2013-06-20 14:48 - 00014296 ____A C:\Users\Owner\Documents\combofix report.txt
2013-06-20 14:44 - 2013-06-20 14:44 - 00014296 ____A C:\combofix report.txt
2013-06-20 13:33 - 2012-06-04 17:04 - 00000528 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-06-20 13:29 - 2013-06-20 13:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{559B3608-A781-425D-BBB4-10FA40B6B1B1}
2013-06-20 05:59 - 2013-04-20 10:36 - 00028160 __ASH C:\Users\Owner\Documents\Thumbs.db
2013-06-19 20:40 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2013-06-19 20:17 - 2013-04-28 01:46 - 00002140 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-19 17:41 - 2013-06-19 17:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{DC01E97D-7075-4F89-A185-A3A99BBB7AFD}
2013-06-19 17:27 - 2013-06-19 17:27 - 00014296 ____A C:\ComboFix.txt
2013-06-19 17:27 - 2013-06-19 14:35 - 00000000 ___AD C:\Qoobox
2013-06-19 17:24 - 2009-07-13 22:04 - 00000215 ____A C:\Windows\system.ini
2013-06-19 17:03 - 2013-06-19 17:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Max Secure Software
2013-06-19 17:03 - 2013-06-19 07:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GetRightToGo
2013-06-19 17:01 - 2013-06-19 17:01 - 00368256 ____A (RegNow.com) C:\Users\Owner\Downloads\Download_MaxDownloadMgrtrial (1).exe
2013-06-19 16:47 - 2013-06-19 16:47 - 04560251 ____A C:\Users\Owner\Downloads\Windows6.1-KB2592687-x86.msu
2013-06-19 16:27 - 2012-06-05 14:53 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2013-06-19 15:57 - 2010-11-20 17:01 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 15:51 - 2009-07-14 00:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 15:51 - 2009-07-14 00:39 - 00064969 ____A C:\Windows\setupact.log
2013-06-19 15:50 - 2013-03-09 10:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-19 15:45 - 2012-06-16 22:31 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-19 15:04 - 2010-11-20 17:48 - 00053528 ____A C:\Windows\PFRO.log
2013-06-19 14:59 - 2012-06-05 12:23 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live Writer
2013-06-19 14:50 - 2009-07-13 22:37 - 00000000 ___RD C:\users\Public
2013-06-19 14:49 - 2013-06-19 14:34 - 00000000 ____D C:\Windows\erdnt
2013-06-19 14:46 - 2012-06-09 12:17 - 00000000 ____D C:\Program Files\Coupons.com CouponBar
2013-06-19 14:34 - 2013-06-19 14:34 - 05081021 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2013-06-19 12:41 - 2013-06-19 12:41 - 00045960 ____A C:\Users\Owner\AppData\Local\fwnocxjf
2013-06-19 08:44 - 2013-06-19 08:44 - 00045960 ____A C:\Users\Owner\AppData\Local\fbtgnjei
2013-06-19 07:54 - 2013-06-19 07:54 - 00368256 ____A (RegNow.com) C:\Users\Owner\Downloads\Download_MaxDownloadMgrtrial.exe
2013-06-19 06:32 - 2013-06-19 06:32 - 00598808 ____A C:\Users\Owner\AppData\Local\cbiohtac
2013-06-19 04:37 - 2013-06-19 04:37 - 00045960 ____A C:\Users\Owner\AppData\Local\pkipeemu
2013-06-19 00:41 - 2013-06-19 00:41 - 00045960 ____A C:\Users\Owner\AppData\Local\uhnacjrt
2013-06-18 20:45 - 2013-06-18 20:45 - 00045960 ____A C:\Users\Owner\AppData\Local\otnhqwue
2013-06-18 17:42 - 2012-06-06 06:27 - 00000000 ____D C:\users\Nancy J. Kramer
2013-06-18 17:42 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-18 17:42 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-18 17:42 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\registration
2013-06-18 17:41 - 2012-06-14 16:41 - 00000000 ____D C:\ProgramData\Real
2013-06-18 17:38 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-06-18 16:40 - 2013-06-18 16:40 - 00045960 ____A C:\Users\Owner\AppData\Local\ijwjnful
2013-06-18 13:43 - 2012-06-04 17:03 - 00000000 ____D C:\users\Owner
2013-06-18 12:59 - 2013-06-18 12:59 - 00045960 ____A C:\Users\Owner\AppData\Local\jtmwoicv
2013-06-18 12:17 - 2013-06-18 05:48 - 00000000 ____D C:\Users\Owner\AppData\Local\NPE
2013-06-18 09:22 - 2011-07-21 08:24 - 00000000 ____D C:\swshare
2013-06-18 08:47 - 2013-06-18 08:47 - 00045960 ____A C:\Users\Owner\AppData\Local\cxhpalfe
2013-06-18 08:16 - 2012-12-23 14:45 - 00000000 ____D C:\Users\Owner\AppData\Local\AOL Toolbar
2013-06-18 08:15 - 2012-12-23 14:45 - 00000000 ____D C:\ProgramData\AOL Toolbar
2013-06-18 08:15 - 2011-07-21 08:37 - 00000000 ____D C:\Program Files\Windows Live
2013-06-18 08:14 - 2012-09-06 17:21 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-18 08:14 - 2012-06-21 11:38 - 00000000 ____D C:\GameHouse Games
2013-06-18 08:14 - 2011-07-21 08:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-18 08:14 - 2011-07-21 08:20 - 00000000 ____D C:\Program Files\Analog Devices
2013-06-18 08:13 - 2013-06-18 08:13 - 00001732 ____A C:\tvtpktfilter.dat
2013-06-18 06:44 - 2013-06-18 06:44 - 00598808 ____A C:\Users\Owner\AppData\Local\jbuqqwpq
2013-06-18 05:50 - 2009-07-14 00:53 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-18 05:49 - 2013-06-18 05:49 - 00000000 ____D C:\ProgramData\SMR322
2013-06-18 05:48 - 2013-06-18 05:48 - 00309320 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys
2013-06-18 05:48 - 2013-06-18 05:48 - 00000000 ____D C:\ProgramData\Norton
2013-06-18 05:48 - 2012-11-12 22:37 - 00461046 ____A C:\Windows\ntbtlog.txt.bak
2013-06-18 04:57 - 2013-06-18 04:57 - 00045960 ____A C:\Users\Owner\AppData\Local\efnodhlx
2013-06-18 04:52 - 2013-06-18 04:36 - 00000000 ____D C:\ProgramData\SparkTrust
2013-06-18 04:47 - 2013-06-18 04:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2013-06-18 04:47 - 2013-06-18 04:47 - 00000000 ____D C:\ProgramData\IObit
2013-06-18 04:47 - 2013-06-18 04:47 - 00000000 ____D C:\Program Files\IObit
2013-06-18 04:36 - 2013-06-18 04:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SparkTrust
2013-06-18 04:36 - 2013-06-18 04:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
2013-06-18 04:20 - 2013-06-18 04:20 - 00000116 ____A C:\tvttemp.txt
2013-06-18 04:19 - 2011-02-15 03:38 - 00000000 ____D C:\SWTOOLS
2013-06-18 04:19 - 2009-07-13 22:37 - 00000000 __RHD C:\users\Default
2013-06-18 04:18 - 2012-06-24 16:35 - 00000000 ____D C:\ProgramData\WeCareReminder
2013-06-18 04:18 - 2011-07-21 08:29 - 00000000 ____D C:\Program Files\Roxio
2013-06-18 04:18 - 2011-02-15 19:23 - 00000000 ____D C:\Program Files\Windows Journal
2013-06-18 04:18 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-06-18 04:18 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-06-18 04:18 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-18 04:18 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-18 04:17 - 2012-06-21 10:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 04:17 - 2012-06-13 17:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-18 04:17 - 2012-06-13 17:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-18 04:17 - 2012-06-09 12:17 - 00000000 ____D C:\Program Files\Coupons
2013-06-18 04:17 - 2012-06-07 01:31 - 00000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2013-06-18 04:17 - 2012-06-04 23:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-18 04:17 - 2012-06-04 23:14 - 00000000 ____D C:\Program Files\Open Freely
2013-06-18 04:17 - 2012-06-04 23:14 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2013-06-18 04:17 - 2011-07-21 08:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-18 04:17 - 2011-07-21 08:33 - 00000000 ____D C:\Program Files\PC-Doctor
2013-06-18 04:17 - 2011-07-21 08:29 - 00000000 ____D C:\Program Files\Common Files\SureThing Shared
2013-06-18 04:17 - 2011-07-21 08:29 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2013-06-18 04:17 - 2011-07-21 08:29 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2013-06-18 04:17 - 2011-07-21 08:29 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-06-18 04:17 - 2011-07-21 08:28 - 00000000 ____D C:\Program Files\Lenovo Registration
2013-06-18 04:17 - 2011-07-21 08:20 - 00000000 ____D C:\Program Files\Lenovo
2013-06-18 04:17 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\DVD Maker
2013-06-18 04:17 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-06-18 04:16 - 2012-12-23 14:52 - 00000000 ____D C:\ProgramData\FileHelp
2013-06-18 04:16 - 2012-12-23 14:52 - 00000000 ____D C:\Program Files\FileHelp
2013-06-18 04:16 - 2012-12-23 14:45 - 00000000 __HDC C:\ProgramData\{ACDC8DC6-55A7-483E-8C90-75B21285CD5C}
2013-06-18 04:16 - 2012-12-23 14:45 - 00000000 ____D C:\Program Files\Ultimate Media Player
2013-06-18 04:16 - 2012-12-23 14:45 - 00000000 ____D C:\Program Files\Common Files\Software Update Utility
2013-06-18 04:16 - 2012-12-23 14:45 - 00000000 ____D C:\Program Files\AOL Toolbar
2013-06-18 04:16 - 2012-10-22 07:15 - 00000000 ____D C:\Program Files\InboxDollars
2013-06-18 04:16 - 2012-09-21 19:32 - 00000000 ____D C:\ProgramData\WebEx
2013-06-18 04:16 - 2012-08-26 19:44 - 00000000 ____D C:\Users\Nancy J. Kramer\AppData\Local\Lenovo
2013-06-18 04:16 - 2012-08-19 09:55 - 00000000 ____D C:\Program Files\Video Download Converter
2013-06-18 04:16 - 2012-06-21 10:07 - 00000000 ____D C:\Program Files\Apple Software Update
2013-06-18 04:16 - 2012-06-07 01:31 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-06-18 04:16 - 2012-06-05 11:52 - 00000000 ____D C:\Program Files\Java
2013-06-18 04:16 - 2011-07-21 08:27 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-18 02:59 - 2013-06-18 02:59 - 00045960 ____A C:\Users\Owner\AppData\Local\fnacidsm
2013-06-18 02:57 - 2013-06-18 02:57 - 00000000 ____A C:\Users\Owner\AppData\Roaming\SharedSettings.ccs
2013-06-18 01:16 - 2013-06-18 01:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{E6A88462-5AFE-4030-8581-F5F276119147}
2013-06-16 11:15 - 2013-06-16 11:15 - 00212992 ____A C:\Users\Nancy J. Kramer\Documents\Summary of Invoicing 12- 2006.mdb
2013-06-16 11:00 - 2013-06-16 10:59 - 00000000 ____D C:\Users\Nancy J. Kramer\AppData\Local\{14FE3BC2-7E9C-4223-894F-9E7132727B45}
2013-06-16 10:59 - 2013-06-16 10:59 - 00000000 ____D C:\Users\Nancy J. Kramer\AppData\Local\{65056690-5C43-4B08-B8F0-59AA0F2C49FE}
2013-06-15 10:47 - 2013-06-15 10:47 - 00000000 ____D C:\Users\Owner\AppData\Local\{49B008AA-0549-42CC-A38E-6B0AC900C064}
2013-06-13 23:28 - 2013-06-13 23:28 - 00013496 ____A C:\Users\Owner\Documents\DMT Application[1]-signed.txt
2013-06-13 12:52 - 2013-06-13 12:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{9441E66F-5A10-4424-AFC3-21165F441E0F}
2013-06-12 18:06 - 2013-06-12 18:06 - 00000000 ____D C:\Users\Owner\AppData\Local\{2CE537BF-DAF4-416B-AD69-B0F760D5661B}
2013-06-11 22:21 - 2012-06-12 11:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 22:21 - 2012-06-12 11:41 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 20:38 - 2013-06-11 20:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{C1B0A5B8-338F-4722-8782-7881E9DB1F23}
2013-06-09 22:55 - 2013-06-09 22:55 - 00000000 ____D C:\Users\Owner\AppData\Local\{FDB75C17-2C44-4339-B85F-62C95291D290}
2013-06-08 13:26 - 2013-06-08 13:26 - 00001823 ____A C:\Users\Owner\Desktop\Microsoft Office - Shortcut.lnk
2013-06-08 08:06 - 2013-06-08 08:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{BE827FD2-20AA-41BD-AA1E-CB85ECEA4BBB}
2013-06-07 13:10 - 2013-06-07 13:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{2B396D3A-DB8F-4B3B-951B-B2BAC8E15C44}
2013-06-06 13:31 - 2012-06-07 19:24 - 00001960 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-06 12:26 - 2013-06-06 12:25 - 00000000 ____D C:\Users\Owner\AppData\Local\{7FA100B2-A272-4A20-BFA0-44C9E0E31F5A}
2013-06-04 23:14 - 2013-06-04 23:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{EE7FB356-A096-453B-9058-D556B5F26545}
2013-06-03 11:42 - 2013-06-03 11:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{BA58A747-7B0F-4BDB-81BC-F48198496F40}
2013-06-02 23:42 - 2013-06-02 23:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{5BD44D53-304B-4D77-B6DE-24A13AA9B5E6}
2013-06-02 11:41 - 2013-06-02 11:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{37A5A9F9-6F3C-4743-B13F-4C11EB1A599D}
2013-06-01 01:15 - 2013-06-01 01:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{37A3C145-DA9C-41E7-9441-3C13CCA29FB0}
2013-05-31 19:52 - 2013-05-31 19:51 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-31 18:26 - 2013-05-31 18:26 - 00000000 ____D C:\Users\Nancy J. Kramer\AppData\Local\Apple
2013-05-30 23:07 - 2013-05-30 23:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{42C37833-D08F-424F-841D-B6015876323F}
2013-05-29 12:27 - 2013-05-29 12:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{9370D193-8A9F-4099-AFC8-524301E88AA7}
2013-05-29 00:26 - 2013-05-29 00:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{A1A80647-CBD6-4E6A-91AB-0E87E8948AC5}
2013-05-28 19:50 - 2012-06-21 10:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2013-05-28 18:07 - 2013-02-03 17:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-05-28 12:35 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\System32\NDF
2013-05-28 12:32 - 2013-05-28 12:32 - 00153992 ____A C:\Windows\Minidump\052813-19827-01.dmp
2013-05-28 12:32 - 2013-01-23 03:49 - 233817750 ____A C:\Windows\MEMORY.DMP
2013-05-28 12:32 - 2013-01-23 03:49 - 00000000 ____D C:\Windows\Minidump
2013-05-28 11:35 - 2013-05-28 11:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{F8559FB0-3499-41FF-878D-0F752E095619}
2013-05-27 12:39 - 2013-05-27 12:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{4E8825E3-574E-4F08-8239-294F7353EA4D}
2013-05-26 12:38 - 2013-05-26 12:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{8E5E3718-FDA5-4C8A-B8DC-145A9DDAAE5B}
2013-05-26 00:03 - 2013-05-26 00:03 - 00000241 ____A C:\Users\Nancy J. Kramer\Desktop\Home Gallery Furniture for Broyhill.url

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-23 01:54

==================== End Of Log ============================



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 26 June 2013 - 12:54 AM

Hello captwalt929



I need you to download this script I have made for you --> Attached File  fixlist.txt   1.61KB   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 captwalt929

captwalt929
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 26 June 2013 - 10:24 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-06-2013 01

Ran by Owner at 2013-06-26 23:13:32 Run:1

Running from C:\Users\Owner\Downloads

Boot Mode: Normal

==============================================

C:\Users\Owner\AppData\Local\fwnocxjf => Moved successfully.

C:\Users\Owner\AppData\Local\fbtgnjei => Moved successfully.

C:\Users\Owner\AppData\Local\cbiohtac => Moved successfully.

C:\Users\Owner\AppData\Local\pkipeemu => Moved successfully.

C:\Users\Owner\AppData\Local\uhnacjrt => Moved successfully.

C:\Users\Owner\AppData\Local\otnhqwue => Moved successfully.

C:\Users\Owner\AppData\Local\ijwjnful => Moved successfully.

C:\Users\Owner\AppData\Local\jtmwoicv => Moved successfully.

C:\Users\Owner\AppData\Local\cxhpalfe => Moved successfully.

C:\Users\Owner\AppData\Local\jbuqqwpq => Moved successfully.

C:\Users\Owner\AppData\Local\CrashDumps => Moved successfully.

C:\Users\Owner\AppData\Local\efnodhlx => Moved successfully.

C:\Users\Owner\AppData\Roaming\IObit => Moved successfully.

C:\ProgramData\IObit => Moved successfully.

C:\ProgramData\SparkTrust => Moved successfully.

C:\Users\Owner\AppData\Roaming\SparkTrust => Moved successfully.

C:\Users\Owner\AppData\Roaming\DriverCure => Moved successfully.

C:\Users\Owner\AppData\Local\fnacidsm => Moved successfully.

==== End of Fixlog ====

 

Hope I did everything correctly for you. Thanks



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 27 June 2013 - 12:10 AM



Hello captwalt929

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 captwalt929

captwalt929
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 June 2013 - 10:57 PM

gringo-

 

Ran the adwCleaner and got a report. I followed with the running of junkware remover and it stopped at checking registries, all of a sudden a blue screen which lasted 3 seconds and than the computer re-started itself. I only had enough time to read the first line on the blue screen that said windows shut it self down for an unexpected???????? not enough time to read the message.

 

Upon restart it gave me a short report which I'm going to try to send along with the adwcleaner log.

 

The computer is acting really strange and slow, I tried opening live mail and it's not responding. Only the top half of any window is showing and it's having a hard time letting me drag it to full view. It took forever to get to this page and once it  opened 3 windows show up. It took awhile for the cursor to appear and wouldn't respond when I tried to type. I haven't tried anything else yet, I'm just hoping I could get this info to you first. 

 

What did we do???? I don't care to run that junkware program again and I still don't have my security essentials back. Same error message keeps appearing. Where do we go from here?

 

Captwalt

 

 

 

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.256.48

Locale ID: 1033

Additional information about the problem:

BCCode: 7a

BCP1: C05A3738

BCP2: C0000185

BCP3: 27D5A8C0

BCP4: B46E70A4

OS Version: 6_1_7601

Service Pack: 1_0

Product: 256_1

Files that help describe the problem:

C:\Windows\Minidump\062713-17768-01.dmp

C:\Users\Owner\AppData\Local\temp\WER-45162-0.sysdata.xml

 

 

 

# AdwCleaner v2.303 - Logfile created 06/27/2013 at 06:33:21

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : Owner - OWNER-THINK

# Boot Mode : Normal

# Running from : C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PFDMN91\AdwCleaner.exe

# Option [Delete]

 

***** [Services] *****

Stopped & Deleted : VideoDownloadConverter_4zService

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\Software Update Utility

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\VideoDownloadConverter_4z

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\ProgramData\WeCareReminder

Folder Deleted : C:\Users\Nancy J. Kramer\AppData\Local\VideoDownloadConverter_4z

Folder Deleted : C:\Users\Nancy J. Kramer\AppData\LocalLow\VideoDownloadConverter_4z

Folder Deleted : C:\Users\Nancy J. Kramer\AppData\Roaming\Mozilla\Firefox\Profiles\xcizxhk0.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com

Folder Deleted : C:\Users\Owner\AppData\Local\Conduit

Folder Deleted : C:\Users\Owner\AppData\Local\Max Secure Software

Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware

Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Owner\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com

Folder Deleted : C:\Users\Owner\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\Imesh

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\PIP

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282134

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin

Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall

Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\prefs.js

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\user.js ... Deleted !

Deleted : user_pref("de.soerenrinne.googlebuttons.userlist", "Mail,Web Search,Maps,Calendar,Dashboard,Google S[...]

File : C:\Users\Nancy J. Kramer\AppData\Roaming\Mozilla\Firefox\Profiles\xcizxhk0.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [14574 octets] - [27/06/2013 06:33:21]

########## EOF - C:\AdwCleaner[S1].txt - [14635 octets] ##########



#10 captwalt929

captwalt929
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 June 2013 - 11:01 PM

Gringo,

I just tried running Sec. Essentials again and still getting the same error code....0x8007b01



#11 captwalt929

captwalt929
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 June 2013 - 11:03 PM

I think windows defender was still on and maybe that caused the problem with junkware.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 28 June 2013 - 12:16 AM


Hello captwalt929

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 captwalt929

captwalt929
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 28 June 2013 - 02:12 PM

Gringo,

Hope I'm not driving you crazy with postings, I guess my machine is still settling down. I've tried to shut down(sec ess) and also tried deleting sec. essentials which didn't work. So i ran the Combofix and saved the report. the computer was real slow and unresponsive this morning when I first went on. Live Mail didn't want to work but it's doing much better now, had to open and close it a couple of times. Still don't know if Sec. Essentials is going to work, I'm going to try downloading it again after I send you this. Or should I wait???? I'll wait until I hear from you.

ComboFix 13-06-28.02 - Owner 06/28/2013 14:18:59.3.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1900.1050 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll

c:\programdata\PCDr\5849\AddOnDownloaded\6189c538-c102-424b-b645-3fb824a63826.dll

c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2013-05-28 to 2013-06-28 )))))))))))))))))))))))))))))))

.

.

2013-06-28 18:27 . 2013-06-28 18:29 -------- d-----w- c:\users\Owner\AppData\Local\temp

2013-06-28 18:27 . 2013-06-28 18:27 -------- d-----w- c:\users\Nancy J. Kramer\AppData\Local\temp

2013-06-28 18:27 . 2013-06-28 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-28 18:13 . 2013-06-28 18:13 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C40CD081-11E4-4185-B0B8-81914AC67B57}\offreg.dll

2013-06-28 08:14 . 2013-06-28 08:14 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ADCFB88-9BDA-42CB-A267-DD81CEF07D78}\offreg.dll

2013-06-28 08:13 . 2013-06-17 06:10 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ADCFB88-9BDA-42CB-A267-DD81CEF07D78}\mpengine.dll

2013-06-28 03:24 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C40CD081-11E4-4185-B0B8-81914AC67B57}\mpengine.dll

2013-06-28 02:58 . 2013-06-28 02:58 -------- d-----w- c:\windows\ERUNT

2013-06-28 02:58 . 2013-06-28 02:58 -------- d-----w- C:\JRT

2013-06-27 10:57 . 2013-06-27 10:57 -------- d-----w- c:\users\Nancy J. Kramer\AppData\Local\CrashDumps

2013-06-27 10:52 . 2013-06-27 10:52 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps

2013-06-26 20:04 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-25 05:04 . 2013-06-25 05:04 -------- d-----w- C:\FRST

2013-06-21 01:09 . 2013-06-21 01:09 -------- d-----w- c:\users\Guest

2013-06-19 19:41 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-06-19 19:41 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll

2013-06-19 19:41 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe

2013-06-19 19:41 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-06-19 19:41 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-06-19 19:41 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-06-19 19:41 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll

2013-06-19 19:41 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-19 19:41 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-19 19:40 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-19 11:55 . 2013-06-28 18:14 -------- d-----w- c:\users\Owner\AppData\Roaming\GetRightToGo

2013-06-18 09:49 . 2013-06-18 09:49 -------- d-----w- c:\programdata\SMR322

2013-06-18 09:48 . 2013-06-18 16:17 -------- d-----w- c:\users\Owner\AppData\Local\NPE

2013-06-18 09:48 . 2013-06-18 09:48 -------- d-----w- c:\programdata\Norton

2013-06-18 09:48 . 2013-06-18 09:48 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys

2013-06-18 08:47 . 2013-06-18 08:47 -------- d-----w- c:\program files\IObit

2013-06-14 23:16 . 2013-05-21 14:45 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E44FA972-E3B3-4B55-BF87-6C1FEF1F5731}\gapaengine.dll

2013-05-31 23:51 . 2013-05-31 23:52 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-05-31 22:26 . 2013-05-31 22:26 -------- d-----w- c:\users\Nancy J. Kramer\AppData\Local\Apple

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-18 08:21 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-06-12 02:21 . 2012-06-12 15:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-12 02:21 . 2012-06-12 15:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-02 06:06 . 2012-06-05 00:54 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-28 08:25 . 2013-04-28 08:25 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin

2013-04-13 04:45 . 2013-05-17 14:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-17 14:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 13:45 . 2013-05-17 14:21 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 05:18 . 2013-05-17 14:21 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 05:18 . 2013-05-17 14:21 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 03:14 . 2013-05-17 14:21 2347520 ----a-w- c:\windows\system32\win32k.sys

2012-07-20 17:44 . 2012-06-13 21:40 136672 ------w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]

"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2010-07-28 69632]

"Power Manager Power Agenda"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2010-07-29 75064]

"Lenovo Registration"="c:\program files\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-06-14 296056]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-20 151064]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-20 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-20 174104]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 PelService;Session Launcher Service;c:\program files\Lenovo\Lenovo Mouse Suite\PelService.exe [2010-04-22 184320]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2012-03-26 18432]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]

R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2013-06-18 309320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-06 1343400]

R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]

S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2013-03-12 559168]

S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-07-29 70968]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-21 2066968]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-06-22 202408]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-20 00:15 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 02:21]

.

2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 18:50]

.

2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 18:50]

.

2013-06-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

2013-06-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

2013-06-27 c:\windows\Tasks\ReclaimerUpdateFiles_Owner.job

- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-12 00:38]

.

2013-06-28 c:\windows\Tasks\ReclaimerUpdateXML_Owner.job

- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-12 00:38]

.

2013-06-28 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job

- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-12 00:38]

.

2013-06-28 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

mStart Page = hxxp://search.coupons.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: providentnjolb.com

TCP: DhcpNameServer = 167.206.245.130 167.206.245.129

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2012-08-19 09:55; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin

FF - ExtSQL: !HIDDEN! 2013-06-18 13:43; {725b5896-d7e3-11e2-8276-b8ac6f996f26}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5naqor6d.default\extensions\{725b5896-d7e3-11e2-8276-b8ac6f996f26}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\Coupons.com CouponBar\tbcore3.dll

MSConfigStartUp-VideoDownloadConverter Search Scope Monitor - c:\progra~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe

MSConfigStartUp-VideoDownloadConverter_4z Browser Plugin Loader - c:\progra~1\VIDEOD~2\bar\1.bin\4zbrmon.exe

AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe

AddRemove-VDC_is1 - c:\program files\Video Download Converter\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-28 14:30:38

ComboFix-quarantined-files.txt 2013-06-28 18:30

ComboFix2.txt 2013-06-19 21:27

ComboFix3.txt 2013-06-19 18:50

.

Pre-Run: 162,742,407,168 bytes free

Post-Run: 163,092,279,296 bytes free

.

- - End Of File - - 9E6C0E679D9DA701823829B52449583F

81D402FBB99E693623879D8AE5B3AF49



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 29 June 2013 - 01:21 PM


Hello captwalt929

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 captwalt929

captwalt929
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 30 June 2013 - 03:35 AM

gringo-

 

Windows can't open tdsskiller, it doesn't know what type of file it is. How do I get this to open?

 

captwalt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users