Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keep seeing pop ups and Google keeps redirecting. Do not know how to remove!


  • This topic is locked This topic is locked
12 replies to this topic

#1 cadetj8

cadetj8

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 28 August 2013 - 08:03 PM

Every time i click on to my Google chrome to go to a website lets say Facebook. It would direct me to the site but also open another tab and redirect me to virus protection sites and computer clean up sites. Also, i keep seeing pop ups just open up on my computer. Furthermore, I keep getting pop ups on You Tube that says Media update required: update to version 12.7 but when i click it the site is not  a media update. Help! 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by JAY at 20:38:11 on 2013-08-28
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2939.1025 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\File Type Assistant\TSAssist.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JAY\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: PriceGong - Price Comparison: {1631550F-191D-4826-B069-D9439253D926} - c:\program files\pricegong\2.6.12\PriceGongIE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: LyricXeeker: {5012ecbd-6d7f-4cd0-80f2-46f0b42a7111} - c:\program files\lyrixeeker\130.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\jay\appdata\local\toparcadehits\Toparcadehits.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\jay\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [TANU] c:\program files\toshiba\tanu\TANU.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: NameServer = 10.201.5.1
TCP: Interfaces\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C} : DHCPNameServer = 10.201.5.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2012-8-8 25896]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files\toshiba\toshiba web camera application\TWebCameraSrv.exe [2012-8-8 20544]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2012-8-8 22272]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2012-8-8 346112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
SUnknown dquralgx;dquralgx; [x]
.
=============== Created Last 30 ================
.
2013-08-29 00:19:29 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c2f1b79a-aa83-4f44-8de6-9f0cf0ff1511}\mpengine.dll
2013-08-27 22:42:00 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-27 00:08:56 -------- d-----w- c:\program files\PriceGong
2013-08-26 23:59:44 7166848 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-26 00:18:34 -------- d-----w- c:\program files\LyriXeeker
2013-08-22 17:24:20 697992 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dfdae020-85a0-4dee-a133-fd7f8f06e323}\gapaengine.dll
2013-08-22 00:29:07 -------- d-----w- c:\users\jay\appdata\roaming\1O1L1I1PtF1F1C1N
2013-08-22 00:29:03 -------- d-----w- c:\users\jay\appdata\local\TopArcadeHits
2013-08-15 03:25:17 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 03:25:17 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-15 03:25:16 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 03:25:16 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-15 03:24:53 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 03:24:45 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 03:24:42 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 03:24:42 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 03:24:41 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 03:24:34 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 03:24:34 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 03:24:34 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 03:24:33 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-31 18:55:38 48648 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-19\Markup.dll
2013-07-31 18:55:22 652296 ----a-w- c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore-20\Microsoft.MediaCenter.Sports.UI.dll
.
==================== Find3M  ====================
.
2013-08-20 18:28:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 18:28:57 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-09 01:37:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-09 01:37:41 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-09 01:37:41 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-19 01:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 01:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-04 23:44:30 715038 ----a-w- c:\windows\unins000.exe
2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 20:38:52.98 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 28 August 2013 - 09:33 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 cadetj8

cadetj8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 29 August 2013 - 02:57 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by JAY (administrator) on 29-08-2013 12:18:29
Running from C:\Users\JAY\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Trusted Software ApS) C:\Program Files\File Type Assistant\TSAssist.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TANU\TANU.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\JAY\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JAY\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6965792 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448376 2008-12-18] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1318912 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [TANU] - C:\Program Files\TOSHIBA\TANU\TANU.exe [263560 2009-03-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1007616 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-05-03] (Google)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-08] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Users\JAY\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-15] (Google Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [135680 2008-07-03] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
BHO: PriceGong - Price Comparison - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.12\PriceGongIE.dll (PriceGong)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: LyricXeeker - {5012ecbd-6d7f-4cd0-80f2-46f0b42a7111} - C:\Program Files\LyriXeeker\130.dll (LyricXeeker)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\JAY\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\JAY\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\JAY\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\JAY\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\JAY\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\JAY\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\JAY\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Wolfram Mathematica) - C:\Program Files\Common Files\Wolfram Research\Browser\9.0.0.3942197\npmathplugin.dll (Wolfram Research, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (PriceGong) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0
CHR Extension: (YouTube) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0
CHR Extension: (InfoBird Pro) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl\3.0.0.0_0
CHR Extension: (New Tab) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj\9.4_0
CHR Extension: (PricePeep) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.293.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files\PriceGong\2.6.12\pricegong.crx
CHR HKLM\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files\LyriXeeker\130.crx
CHR HKLM\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files\WebCake\WebCakeLayers.crx
CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\JAY\AppData\Local\InfoBirdPro.crx
CHR HKLM\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\Users\JAY\AppData\Local\newhb.crx
CHR HKLM\...\Chrome\Extension: [licjnkifamhpbaefhdpacpmihicfbomb] - C:\Program Files\PricePeep\pricepeep.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 
========================== Services (Whitelisted) =================
 
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
S3 GoogleDesktopManager-092308-165331; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-05-03] (Google)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [57344 2009-02-19] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-14] (TOSHIBA Corporation)
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [346112 2009-01-13] (Realtek Semiconductor Corporation                           )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-29 12:17 - 2013-08-29 12:17 - 01579080 _____ (Farbar) C:\Users\JAY\Downloads\FRST64.exe
2013-08-29 12:17 - 2013-08-29 12:17 - 01072975 _____ (Farbar) C:\Users\JAY\Downloads\FRST.exe
2013-08-28 20:39 - 2013-08-28 20:41 - 00014185 _____ C:\Users\JAY\Desktop\dds.txt
2013-08-28 20:39 - 2013-08-28 20:39 - 00012091 _____ C:\Users\JAY\Desktop\attach.txt
2013-08-28 20:36 - 2013-08-28 20:36 - 00688992 ____R (Swearware) C:\Users\JAY\Downloads\dds.com
2013-08-27 18:42 - 2013-08-02 00:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-26 20:08 - 2013-08-26 20:08 - 00000000 ____D C:\Program Files\PriceGong
2013-08-26 20:07 - 2013-08-26 20:08 - 00456240 _____ (Company) C:\Users\JAY\Downloads\setup (1).exe
2013-08-26 20:06 - 2013-08-26 20:06 - 00002584 _____ C:\Users\JAY\Downloads\[kickass.to]probability.statistics.for.engineers.scientists.8th.edition.instructors.solution.manual.pdf.torrent
2013-08-25 20:18 - 2013-08-28 21:06 - 00000000 ____D C:\Program Files\LyriXeeker
2013-08-21 20:29 - 2013-08-29 12:13 - 00000256 _____ C:\Windows\Tasks\TopArcadeHits.job
2013-08-21 20:29 - 2013-08-21 20:29 - 00000000 ____D C:\Users\JAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
2013-08-21 20:29 - 2013-08-21 20:29 - 00000000 ____D C:\Users\JAY\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-08-21 20:29 - 2013-08-21 20:29 - 00000000 ____D C:\Users\JAY\AppData\Local\TopArcadeHits
2013-08-21 20:28 - 2013-08-28 21:13 - 00000360 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-21 20:28 - 2013-08-21 20:28 - 84035640 _____ (DivX, LLC) C:\Users\JAY\Downloads\DivXPlusPlayerSetup.exe
2013-08-21 20:26 - 2013-08-21 20:26 - 00000947 _____ C:\Users\JAY\Desktop\Continue DivX Plus Player Free Download Installation.lnk
2013-08-19 21:11 - 2013-08-19 21:11 - 00703936 _____ C:\Users\JAY\Downloads\VideoPlayerSetup.exe
2013-08-19 20:49 - 2013-08-19 20:59 - 500688912 _____ C:\Users\JAY\Downloads\Sherlock-Holmes(2009).flv
2013-08-15 03:09 - 2013-08-15 03:10 - 00288696 _____ C:\Users\JAY\Downloads\FLV_Media_Player.exe
2013-08-15 03:01 - 2013-07-24 22:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:01 - 2013-07-24 22:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:01 - 2013-07-24 22:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:01 - 2013-07-24 22:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:01 - 2013-07-24 22:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:01 - 2013-07-24 22:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 03:01 - 2013-07-24 22:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 03:01 - 2013-07-24 22:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:01 - 2013-07-24 22:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:01 - 2013-07-24 22:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:01 - 2013-07-24 22:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:01 - 2013-07-24 22:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 03:01 - 2013-07-24 22:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 03:01 - 2013-07-24 22:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:01 - 2013-07-24 22:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:01 - 2013-07-24 22:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 23:25 - 2013-07-04 23:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 23:25 - 2013-07-04 21:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-14 23:25 - 2013-06-15 09:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 23:25 - 2013-06-15 07:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 23:24 - 2013-07-17 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 23:24 - 2013-07-10 05:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 23:24 - 2013-07-09 08:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 23:24 - 2013-07-08 00:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 23:24 - 2013-07-08 00:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 23:24 - 2013-07-08 00:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 23:24 - 2013-07-08 00:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 23:24 - 2013-07-08 00:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 23:24 - 2013-07-08 00:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-07 03:01 - 2013-08-07 03:01 - 00051157 _____ C:\Users\JAY\AppData\Local\InfoBirdPro.crx
2013-08-04 09:56 - 2013-08-26 20:08 - 00000000 ____D C:\Users\JAY\AppData\Roaming\Mozilla
2013-08-01 00:43 - 2013-08-01 00:43 - 00361119 _____ C:\Users\JAY\AppData\Local\newhb.crx
 
==================== One Month Modified Files and Folders =======
 
2013-08-29 12:18 - 2013-08-29 12:18 - 00000000 ____D C:\FRST
2013-08-29 12:17 - 2013-08-29 12:17 - 01579080 _____ (Farbar) C:\Users\JAY\Downloads\FRST64.exe
2013-08-29 12:17 - 2013-08-29 12:17 - 01072975 _____ (Farbar) C:\Users\JAY\Downloads\FRST.exe
2013-08-29 12:13 - 2013-08-21 20:29 - 00000256 _____ C:\Windows\Tasks\TopArcadeHits.job
2013-08-29 12:11 - 2013-06-04 19:43 - 00000278 _____ C:\Windows\Tasks\DSite.job
2013-08-29 12:11 - 2012-10-26 13:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 12:11 - 2012-08-15 05:33 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-940852955-2124207640-1106212104-1000UA.job
2013-08-29 12:11 - 2012-08-08 16:01 - 01995415 _____ C:\Windows\WindowsUpdate.log
2013-08-29 12:11 - 2012-08-08 06:13 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 01:08 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 01:08 - 2006-11-02 08:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 01:06 - 2013-06-17 02:29 - 00000005 _____ C:\Users\JAY\AppData\Roaming\WBPU-TTL.DAT
2013-08-28 22:55 - 2012-08-15 05:33 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-940852955-2124207640-1106212104-1000Core.job
2013-08-28 22:53 - 2012-08-08 06:13 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 21:13 - 2013-08-21 20:28 - 00000360 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-28 21:13 - 2006-11-02 08:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-28 21:12 - 2006-11-02 06:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-28 21:08 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 21:07 - 2008-01-20 22:47 - 00194386 _____ C:\Windows\PFRO.log
2013-08-28 21:06 - 2013-08-25 20:18 - 00000000 ____D C:\Program Files\LyriXeeker
2013-08-28 21:06 - 2006-11-02 09:01 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-28 20:41 - 2013-08-28 20:39 - 00014185 _____ C:\Users\JAY\Desktop\dds.txt
2013-08-28 20:39 - 2013-08-28 20:39 - 00012091 _____ C:\Users\JAY\Desktop\attach.txt
2013-08-28 20:36 - 2013-08-28 20:36 - 00688992 ____R (Swearware) C:\Users\JAY\Downloads\dds.com
2013-08-28 19:58 - 2013-05-31 17:40 - 00000000 ____D C:\Program Files\File Type Assistant
2013-08-26 20:08 - 2013-08-26 20:08 - 00000000 ____D C:\Program Files\PriceGong
2013-08-26 20:08 - 2013-08-26 20:07 - 00456240 _____ (Company) C:\Users\JAY\Downloads\setup (1).exe
2013-08-26 20:08 - 2013-08-04 09:56 - 00000000 ____D C:\Users\JAY\AppData\Roaming\Mozilla
2013-08-26 20:06 - 2013-08-26 20:06 - 00002584 _____ C:\Users\JAY\Downloads\[kickass.to]probability.statistics.for.engineers.scientists.8th.edition.instructors.solution.manual.pdf.torrent
2013-08-26 00:20 - 2009-05-03 23:37 - 00000000 ____D C:\ProgramData\WildTangent
2013-08-24 01:16 - 2012-09-19 23:09 - 00001945 _____ C:\Windows\epplauncher.mif
2013-08-24 01:16 - 2012-09-19 23:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-23 08:19 - 2012-08-10 07:22 - 00000680 _____ C:\Users\JAY\AppData\Local\d3d9caps.dat
2013-08-21 20:29 - 2013-08-21 20:29 - 00000000 ____D C:\Users\JAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
2013-08-21 20:29 - 2013-08-21 20:29 - 00000000 ____D C:\Users\JAY\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-08-21 20:29 - 2013-08-21 20:29 - 00000000 ____D C:\Users\JAY\AppData\Local\TopArcadeHits
2013-08-21 20:28 - 2013-08-21 20:28 - 84035640 _____ (DivX, LLC) C:\Users\JAY\Downloads\DivXPlusPlayerSetup.exe
2013-08-21 20:26 - 2013-08-21 20:26 - 00000947 _____ C:\Users\JAY\Desktop\Continue DivX Plus Player Free Download Installation.lnk
2013-08-20 14:28 - 2012-10-26 13:10 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-20 14:28 - 2012-10-26 13:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-19 21:11 - 2013-08-19 21:11 - 00703936 _____ C:\Users\JAY\Downloads\VideoPlayerSetup.exe
2013-08-19 20:59 - 2013-08-19 20:49 - 500688912 _____ C:\Users\JAY\Downloads\Sherlock-Holmes(2009).flv
2013-08-15 04:53 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 03:52 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 03:19 - 2013-07-11 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:14 - 2006-11-02 06:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-15 03:12 - 2012-08-08 16:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 03:10 - 2013-08-15 03:09 - 00288696 _____ C:\Users\JAY\Downloads\FLV_Media_Player.exe
2013-08-07 03:01 - 2013-08-07 03:01 - 00051157 _____ C:\Users\JAY\AppData\Local\InfoBirdPro.crx
2013-08-07 03:01 - 2013-07-27 00:43 - 00000077 _____ C:\Users\JAY\AppData\Roaming\WB.CFG
2013-08-02 00:09 - 2013-08-27 18:42 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-01 00:43 - 2013-08-01 00:43 - 00361119 _____ C:\Users\JAY\AppData\Local\newhb.crx
 
Files to move or delete:
====================
C:\Users\JAY\AppData\Local\Temp\Adobe ReaderUpdateSetup.exe
C:\Users\JAY\AppData\Local\Temp\conduitinstaller.exe
C:\Users\JAY\AppData\Local\Temp\contentDATs.exe
C:\Users\JAY\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\JAY\AppData\Local\Temp\FLV_Blaster_setup.exe
C:\Users\JAY\AppData\Local\Temp\fx-runtime.exe
C:\Users\JAY\AppData\Local\Temp\htmlayout.dll
C:\Users\JAY\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\JAY\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\JAY\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\JAY\AppData\Local\Temp\LyriXtmp.exe
C:\Users\JAY\AppData\Local\Temp\MSIM339508922.exe
C:\Users\JAY\AppData\Local\Temp\mssinstaller.exe
C:\Users\JAY\AppData\Local\Temp\PricePeep_BetterInstaller_2012-10-02.exe
C:\Users\JAY\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\JAY\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\JAY\AppData\Local\Temp\SetupToparcadehits.exe
C:\Users\JAY\AppData\Local\Temp\SoftwareUpdateSetup.exe
C:\Users\JAY\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\JAY\AppData\Local\Temp\{3B3B688E-18FC-48FB-8A85-75B69AAD5158}-GoogleUpdateSetup.exe
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\GoogleCrashHandler.exe
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\GoogleCrashHandler64.exe
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\GoogleUpdate.exe
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\GoogleUpdateBroker.exe
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\GoogleUpdateOnDemand.exe
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\GoogleUpdateSetup.exe
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdate.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_am.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_ar.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_bg.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_bn.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_ca.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_cs.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_da.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_de.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_el.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_en-GB.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_en.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_es-419.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_es.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_et.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_fa.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_fi.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_fil.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_fr.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_gu.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_hi.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_hr.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_hu.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_id.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_is.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_it.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_iw.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_ja.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_kn.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_ko.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_lt.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_lv.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_ml.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_mr.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_ms.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_nl.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_no.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_pl.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_pt-BR.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_pt-PT.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_ro.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_ru.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_sk.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_sl.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_sr.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_sv.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_sw.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_ta.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_te.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_th.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_tr.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_uk.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_ur.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_vi.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_zh-CN.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\goopdateres_zh-TW.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\npGoogleUpdate3.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\psmachine.dll
C:\Users\JAY\AppData\Local\Temp\{C7A2008A-BAB7-40A7-8933-C26567CFEE51}\psuser.dll
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\Banner.dll
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\DivXSetup.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\Qt4.8\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\Player\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\OVSHelper\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\MSVC80CRTRedist\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\MPEG2Plugin\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\MFComponents\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\MaintenanceDivX\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\Hotfix\SetupSelfUpdate\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\DSDesktopComponents\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\DSAVCDecoder\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\DSASPDecoder\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\DSAACDecoder\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\DivXPlusShortcuts\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\DivXMediaServer\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\DivXDecoderShortcut\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\DFXPlugin\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\DesktopService\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\Converter\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\ControlPanel\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\package\ASPEncoder\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\offer\uniblue\driverscanner.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\offer\uniblue\UniblueDriverScannerPlugin.dll
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\offer\conduit\checktbexist.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\offer\conduit\ConduitToolbarPlugin.dll
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\offer\conduit\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsv84D7.tmp\dist.divx.com\divx\offer\conduit\mism.exe
C:\Users\JAY\AppData\Local\Temp\nskEDFB.tmp\uac.dll
C:\Users\JAY\AppData\Local\Temp\nsj8480.tmp\uac.dll
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\Banner.dll
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\DivXSetup.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\Update\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\TransferWizard\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\TranscodeEngine\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\Qt4.8\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\Player\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\OVSHelper\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\MSVC80CRTRedist\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\MPEG2Plugin\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\MFComponents\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\MaintenanceDivX\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\Hotfix\SetupSelfUpdate\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\DSDesktopComponents\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\DSAVCDecoder\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\DSASPDecoder\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\DSAACDecoder\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\DivXPlusShortcuts\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\DivXMediaServer\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\DivXDecoderShortcut\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\DFXPlugin\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\DesktopService\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\Converter\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\ControlPanel\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\package\ASPEncoder\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\offer\uniblue\driverscanner.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\offer\uniblue\UniblueDriverScannerPlugin.dll
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\offer\conduit\checktbexist.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\offer\conduit\ConduitToolbarPlugin.dll
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\offer\conduit\Installer.exe
C:\Users\JAY\AppData\Local\Temp\nsa86CA.tmp\dist.divx.com\divx\offer\conduit\mism.exe
C:\Users\JAY\AppData\Local\Temp\Low\Google Toolbar\gtbDF2B.tmp.exe
C:\Users\JAY\AppData\Local\Temp\Low\Google Toolbar\gtbEB38.tmp.exe
C:\Users\JAY\AppData\Local\Temp\is357113909\CodecPack.exe
C:\Users\JAY\AppData\Local\Temp\is357113909\DeltaTB.exe
C:\Users\JAY\AppData\Local\Temp\is357113909\dp.exe
C:\Users\JAY\AppData\Local\Temp\is357113909\nss_handler.exe
C:\Users\JAY\AppData\Local\Temp\is357113909\SymCCIS.dll
C:\Users\JAY\AppData\Local\Temp\is357113909\uninstaller.exe
C:\Users\JAY\AppData\Local\Temp\is1852162411\42176984_Setup.EXE
C:\Users\JAY\AppData\Local\Temp\is1852162411\42177362_Setup.EXE
C:\Users\JAY\AppData\Local\Temp\is1852162411\488438649_Setup.EXE
C:\Users\JAY\AppData\Local\Temp\is1852162411\AVG_Safeguard.exe
C:\Users\JAY\AppData\Local\Temp\is1852162411\HomePageDLL.dll
C:\Users\JAY\AppData\Local\Temp\is1852162411\KAVcompatibilityCheck.dll
C:\Users\JAY\AppData\Local\Temp\is1852162411\nss_handler.exe
C:\Users\JAY\AppData\Local\Temp\is1852162411\SymCCIS.dll
C:\Users\JAY\AppData\Local\Temp\is1852162411\Toparcadehits.exe
C:\Users\JAY\AppData\Local\Temp\is1852162411\uninstaller.exe
C:\Users\JAY\AppData\Local\Temp\ct3176921\ism.exe
C:\Users\JAY\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-28 21:13
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 29 August 2013 - 07:19 PM

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 cadetj8

cadetj8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 31 August 2013 - 06:43 AM

ComboFix 13-08-30.02 - JAY 08/31/2013   7:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2939.1749 [GMT -4:00]
Running from: c:\users\JAY\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DefaultTab
c:\program files\DefaultTab\DefaultTab.crx
c:\program files\DefaultTab\uid
c:\program files\PriceGong
c:\program files\PriceGong\2.6.12\FF\chrome.manifest
c:\program files\PriceGong\2.6.12\FF\chrome\content\options.js
c:\program files\PriceGong\2.6.12\FF\chrome\content\options.xul
c:\program files\PriceGong\2.6.12\FF\chrome\content\overlay.js
c:\program files\PriceGong\2.6.12\FF\chrome\content\preferences.xul
c:\program files\PriceGong\2.6.12\FF\chrome\content\pricegong-3.x.xul
c:\program files\PriceGong\2.6.12\FF\chrome\content\pricegong-4.x.xul
c:\program files\PriceGong\2.6.12\FF\chrome\locale\en-US\overlay.dtd
c:\program files\PriceGong\2.6.12\FF\chrome\locale\en-US\pricegong.dtd
c:\program files\PriceGong\2.6.12\FF\chrome\skin\overlay.css
c:\program files\PriceGong\2.6.12\FF\chrome\skin\PriceGong.png
c:\program files\PriceGong\2.6.12\FF\install.rdf
c:\program files\PriceGong\2.6.12\FF\modules\pg_tab_wrapper.js
c:\program files\PriceGong\2.6.12\FF\plugins\npPriceGong_FF.dll
c:\program files\PriceGong\2.6.12\PriceGong.crx
c:\program files\PriceGong\2.6.12\PriceGongIE.dll
c:\program files\PriceGong\uninst.exe
c:\program files\PricePeep
c:\program files\PricePeep\installer.ico
c:\program files\PricePeep\pricepeep.crx
c:\program files\PricePeep\uninstall.exe
c:\users\JAY\AppData\Local\TopArcadeHits
c:\users\JAY\AppData\Local\TopArcadeHits\tah.config
c:\users\JAY\AppData\Local\TopArcadeHits\Toparcadehits.dll
c:\users\JAY\AppData\Local\TopArcadeHits\uninstaller.exe
c:\users\JAY\AppData\Local\TopArcadeHits\updater.exe
c:\windows\system32\Thumbs.db
c:\windows\Tasks\TopArcadeHits.job
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-31  )))))))))))))))))))))))))))))))
.
.
2013-08-31 11:29 . 2013-08-31 11:29 -------- d-----w- c:\users\JAY\AppData\Local\temp
2013-08-31 11:29 . 2013-08-31 11:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-30 12:39 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{522FBE20-DB0E-4D61-B24B-175CAB107729}\mpengine.dll
2013-08-29 16:18 . 2013-08-29 16:18 -------- d-----w- C:\FRST
2013-08-29 00:19 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-27 22:42 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-26 00:18 . 2013-08-29 01:06 -------- d-----w- c:\program files\LyriXeeker
2013-08-22 17:24 . 2013-08-22 17:23 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFDAE020-85A0-4DEE-A133-FD7F8F06E323}\gapaengine.dll
2013-08-22 00:29 . 2013-08-22 00:29 -------- d-----w- c:\users\JAY\AppData\Roaming\1O1L1I1PtF1F1C1N
2013-08-15 03:25 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-15 03:25 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 03:25 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 03:25 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-15 03:24 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 03:24 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 03:24 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 03:24 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 03:24 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 03:24 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 03:24 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 03:24 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 03:24 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 18:28 . 2012-10-26 17:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 18:28 . 2012-10-26 17:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-31 18:55 . 2013-07-31 18:55 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-19\Markup.dll
2013-07-31 18:55 . 2012-08-20 00:00 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-31 18:55 . 2012-08-19 23:59 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2013-07-31 18:55 . 2013-07-31 18:55 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore-20\Microsoft.MediaCenter.Sports.UI.dll
2013-07-20 06:48 . 2013-07-20 06:48 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse-20\NetTVResources.dll
2013-07-18 01:20 . 2012-10-02 16:11 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-13 06:30 . 2012-08-20 00:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-07-13 06:30 . 2012-08-19 23:59 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-07-11 07:22 . 2013-07-11 07:22 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-18\Markup.dll
2013-07-11 07:22 . 2013-07-11 07:22 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-12\SpotlightResources.dll
2013-07-11 07:22 . 2013-07-11 07:22 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse-19\NetTVResources.dll
2013-07-11 07:22 . 2013-07-11 07:22 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore-19\Microsoft.MediaCenter.Sports.UI.dll
2013-07-09 01:37 . 2013-07-09 01:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-09 01:37 . 2012-08-20 06:19 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-09 01:37 . 2012-08-20 06:19 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-24 07:01 . 2013-06-24 07:01 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore-18\Microsoft.MediaCenter.Sports.UI.dll
2013-06-19 01:50 . 2013-06-19 01:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 01:50 . 2012-03-21 03:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-18 22:02 . 2013-06-18 22:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-17\Markup.dll
2013-06-18 22:02 . 2013-06-18 22:02 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse-18\NetTVResources.dll
2013-06-18 22:02 . 2013-06-18 22:02 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore-17\Microsoft.MediaCenter.Sports.UI.dll
2013-06-15 07:01 . 2013-06-15 07:01 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-11\SpotlightResources.dll
2013-06-07 06:16 . 2013-06-07 06:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-16\Markup.dll
2013-06-07 06:16 . 2013-06-07 06:16 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-10\SpotlightResources.dll
2013-06-07 06:16 . 2013-06-07 06:16 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse-17\NetTVResources.dll
2013-06-07 06:16 . 2013-06-07 06:16 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore-16\Microsoft.MediaCenter.Sports.UI.dll
2013-06-04 23:44 . 2013-06-04 23:44 715038 ----a-w- c:\windows\unins000.exe
2013-06-04 01:50 . 2013-07-09 21:27 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5012ecbd-6d7f-4cd0-80f2-46f0b42a7111}]
2013-08-25 20:19 145920 ----a-w- c:\program files\LyriXeeker\130.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-08 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-17 2513472]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-03-25 163840]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"TANU"="c:\program files\TOSHIBA\TANU\TANU.exe" [2009-03-28 263560]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-04 30192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-26 18:28]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-08 10:13]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-08 10:13]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-940852955-2124207640-1106212104-1000Core.job
- c:\users\JAY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 09:33]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-940852955-2124207640-1106212104-1000UA.job
- c:\users\JAY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 09:33]
.
2013-08-31 c:\windows\Tasks\LyricXeeker Update.job
- c:\program files\LyriXeeker\LyriXupdate.exe [2013-08-25 20:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.201.5.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe
AddRemove-PricePeep - c:\program files\PricePeep\uninstall.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\JAY\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-31 07:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\JAY\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-08-31  07:36:03
ComboFix-quarantined-files.txt  2013-08-31 11:35
.
Pre-Run: 217,422,176,256 bytes free
Post-Run: 218,024,038,400 bytes free
.
- - End Of File - - E39415CB059557E86BFA878D711A9A81
5B5E648D12FCADC244C1EC30318E1EB9


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 31 August 2013 - 12:38 PM

Please do this now:

icon11.gif   Download AdwCleaner from  here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

icon11.gif   Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please include the following in your next post:

  • adwCleaner log
  • JRT log

Edited by RPMcMurphy, 31 August 2013 - 12:39 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 cadetj8

cadetj8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 02 September 2013 - 01:03 AM

# AdwCleaner v3.002 - Report created 02/09/2013 at 01:41:09
# Updated 01/09/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : JAY - JAY-PC
# Running from : C:\Users\JAY\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\Program Files\InfoAtoms
Folder Deleted : C:\Program Files\LyriXeeker
Folder Deleted : C:\Users\JAY\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\JAY\AppData\Roaming\DSite
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\infoatoms@infoatoms.com
File Deleted : C:\END
File Deleted : C:\Windows\Tasks\LyricXeeker Update.job
File Deleted : C:\Windows\System32\Tasks\LyricXeeker Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricXeeker Update
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AC6C859-9719-4AFD-A6C0-BE30837DB28F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2AC6C859-9719-4AFD-A6C0-BE30837DB28F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\pc optimizer pro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Product Deleted : Google Update Helper
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16502
 
 
-\\ Google Chrome v
 
[ File : C:\Users\JAY\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3774 octets] - [02/09/2013 01:39:57]
AdwCleaner[S0].txt - [3776 octets] - [02/09/2013 01:41:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3836 octets] ##########
 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by JAY on Mon 09/02/2013 at  1:53:12.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5012ecbd-6d7f-4cd0-80f2-46f0b42a7111}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5012ecbd-6d7f-4cd0-80f2-46f0b42a7111}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\JAY\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\JAY\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Program Files\w3i"
Successfully deleted: [Folder] "C:\Users\JAY\AppData\Roaming\microsoft\windows\start menu\programs\toparcadehits"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\JAY\appdata\local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/02/2013 at  1:55:18.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 02 September 2013 - 08:41 AM

How is it running now?  Please do this next:

icon11.gif  Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is your computer running now?
  • MBAM log
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 cadetj8

cadetj8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 02 September 2013 - 05:52 PM

My computer is running way better than it was a few days ago. I can really see the difference. No pop ups.
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.02.08
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
JAY :: JAY-PC [administrator]
 
9/2/2013 4:01:02 PM
mbam-log-2013-09-02 (16-01-02).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330453
Time elapsed: 46 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
C:\Users\JAY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\JAY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\JAY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\JAY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
 
Files Detected: 28
C:\Qoobox\Quarantine\C\Program Files\PriceGong\uninst.exe.vir (PUP.Optional.PriceGong.A) -> No action taken.
C:\Qoobox\Quarantine\C\Users\JAY\AppData\Local\TopArcadeHits\uninstaller.exe.vir (Adware.GameVance) -> No action taken.
C:\Qoobox\Quarantine\C\Users\JAY\AppData\Local\TopArcadeHits\updater.exe.vir (Adware.GameVance) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\LyriXeeker\LyriXupdate.exe.vir (PUP.Optional.AdLyrics) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\LyriXeeker\Uninstall.exe.vir (PUP.Optional.LyricXeeker.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe.vir (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe.vir (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\4shared_desktop_4.0.2.exe (PUP.Optional.4Squared) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\AVS_Media_Player.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\setup (1).exe (Adware.Linkular) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\Setup.exe (Adware.IBryte) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\Chrome_Setup.exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\mplayer_Setup (1).exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\mplayer_Setup (2).exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\mplayer_Setup (3).exe (Adware.IBryte) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\FLVBlaster_downloader_by_FLVBlaster.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\FLV_Media_Player.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\iLividSetup (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\iLividSetup-r757-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\JAY\Downloads\XvidSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.
C:\Users\JAY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\JAY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\JAY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\JAY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\JAY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\JAY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
 
(end)
 
 
 
C:\AdwCleaner\Quarantine\C\Program Files\LyriXeeker\130.xpi.vir Win32/Adware.AddLyrics.L application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Win32/Bundled.Toolbar.Ask.B application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir probably a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\JAY\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe.vir Win32/DownWare.E application
C:\Users\JAY\AppData\Roaming\1O1L1I1PtF1F1C1N\DivX Plus Player Free Download Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application
C:\Users\JAY\AppData\Roaming\Codec Pack Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application
C:\Users\JAY\Downloads\Angry_bird_space_.apktop_downloader_us_99138.exe a variant of Win32/ExpressFiles.B application
C:\Users\JAY\Downloads\Bittorrent77Build278788Build25431Beta_SoftangoDownloader.exe a variant of Win32/InstallBrain.AB application
C:\Users\JAY\Downloads\Chrome (1).exe a variant of Win32/AirAdInstaller.A application
C:\Users\JAY\Downloads\Chrome.exe a variant of Win32/AirAdInstaller.A application
C:\Users\JAY\Downloads\CodecPack.exe Win32/InstallCore.BN application
C:\Users\JAY\Downloads\finaltorrent_2_d14898.exe a variant of Win32/InstallIQ.A application
C:\Users\JAY\Downloads\FlashPlayer_transaction_id=1024f87e4d4bb4d670f2e0cd60442b.exe a variant of Win32/DomaIQ.A application
C:\Users\JAY\Downloads\movie_player_d998173.exe a variant of Win32/InstallIQ.A application
C:\Users\JAY\Downloads\VideoPlayerSetup.exe a variant of Win32/InstallCore.BQ application
C:\Users\JAY\Downloads\YouTV.exe a variant of Win32/ELEX.C application
 

 



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 02 September 2013 - 09:06 PM

Your logs look good.  Those ESET detections can be cleared by just deleting the contents of your download folder.  All I have left for you is some very important cleanup:

icon11.gif  You have an old version of Java that should be removed.  Go to Control Panel > Programs > Uninstall a program and remove Java™ 6 Update 11

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif  Delete the following tools along with any other logs you saved from our work:


  • DDS
  • FRST (You may also delete the c:\FRST folder)
  • Junkware Removal Tool

icon11.gif  Double click on AdwCleaner.exe to run the tool again.


  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

icon11.gif  Download TFC to your desktop


  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't,  manually reboot to ensure a complete clean

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:


  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


Edited by RPMcMurphy, 02 September 2013 - 09:06 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 cadetj8

cadetj8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 03 September 2013 - 07:32 AM

Thanks RPMcMurphy, my computer is back to normal and I have read the helpful information. 



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 03 September 2013 - 12:33 PM

You're welcome, cadetj8.  Take care.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 PM

Posted 04 September 2013 - 06:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users