Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZEROACCESS rootkit symptoms found.


  • This topic is locked This topic is locked
23 replies to this topic

#1 supersain

supersain

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 September 2013 - 04:54 PM

Hi Guys,
 
Been reading through the forums but this one has me a little stumped... Most cases I have been able to remedy myself but then I came across you tool of Rkill... which when run comes up with "ZeroAccess rootkit symptoms found..
 
Anyhow I have run pretty much in this order, Rkill - Malwarebytes - Nod32 - Combofix... and ran Rkill one last time after this to see if it detected anything else.. so here I am.. I have downloaded the Farbar Recovery Scantool and hit scan.. below I post the log files, anyhelp please greatly appreciated.
 
Rkill Logfile
 
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/26/2013 08:08:09 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * C:\Users\user\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe (PID: 6128) [T-HEUR]
 * C:\Users\user\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe (PID: 4252) [T-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 * ALERT: ZEROACCESS rootkit symptoms found!
     * C:\Program Files\Google\Desktop\Install\{d6172571-7fd8-76c0-ce3b-fb94b76b6f76}\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{d6172571-7fd8-76c0-ce3b-fb94b76b6f76}\   \ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{d6172571-7fd8-76c0-ce3b-fb94b76b6f76}\   \...\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{d6172571-7fd8-76c0-ce3b-fb94b76b6f76}\   \...\ﯹ๛\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{d6172571-7fd8-76c0-ce3b-fb94b76b6f76}\   \...\ﯹ๛\{d6172571-7fd8-76c0-ce3b-fb94b76b6f76}\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{d6172571-7fd8-76c0-ce3b-fb94b76b6f76}\   \...\ﯹ๛\{d6172571-7fd8-76c0-ce3b-fb94b76b6f76}\U\ [ZA Dir]
Checking Windows Service Integrity:
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
Searching for Missing Digital Signatures:
 * No issues found.
Checking HOSTS File:
 * HOSTS file entries found:
  127.0.0.1       localhost
Program finished at: 09/26/2013 08:16:39 AM
Execution time: 0 hours(s), 8 minute(s), and 29 seconds(s)
 
FRST.TXT
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013
Ran by user (administrator) on USER-PC on 26-09-2013 09:36:14
Running from C:\Users\user\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\windows\system32\cmd.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TeamViewer GmbH) C:\Users\user\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Users\user\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) c:\users\user\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7858720 2009-10-22] (Realtek Semiconductor)
HKLM\...\Run: [SVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-03] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-10-30] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742712 2009-10-27] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1586472 2009-10-16] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-10-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-07] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {5F3BEBD5-F6C6-A4B8-EDD2-A6F5F61813A8} URL = http://www.buzqo.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-401-0-0
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM -  No Name - {CCAC5586-44D7-4c43-B64A-F042461A97D2} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B71504B0-1960-452B-85B9-DE44EC45C73B}: [NameServer]203.118.191.1 203.109.191.1
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\user.js
FF Homepage: hxxp://www.google.com
FF Keyword.URL: chrome://browser-region/locale/region.properties
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\searchplugins\ask.uk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: desktop - C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\desktop@clipconverter.cc.xpi
FF Extension: uTorrentBar Community Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF Extension: gophoto - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\Extensions\gophoto@gophoto.it.xpi
FF Extension: hdvc - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\Extensions\hdvc@hdvc.com.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Thunderbird\Extensions: [{2501db70-da6e-11de-8a39-0800200c9a66}] - C:\Program Files\Corel\WordPerfect Office eMail add-ons\{2501db70-da6e-11de-8a39-0800200c9a66}
FF Extension: WordPerfect Office theme - C:\Program Files\Corel\WordPerfect Office eMail add-ons\{2501db70-da6e-11de-8a39-0800200c9a66}
FF HKCU\...\Thunderbird\Extensions: [{6929979a-166e-4660-bbee-c763333d7eb9}] - C:\Program Files\Corel\WordPerfect Office eMail add-ons\{6929979a-166e-4660-bbee-c763333d7eb9}
FF Extension: Mozilla Thunderbird for WordPerfect Office X5 - C:\Program Files\Corel\WordPerfect Office eMail add-ons\{6929979a-166e-4660-bbee-c763333d7eb9}
FF HKCU\...\Thunderbird\Extensions: [{e2fda1a4-762b-4020-b5ad-a41df1933103}] - C:\Program Files\Corel\WordPerfect Office eMail add-ons\{e2fda1a4-762b-4020-b5ad-a41df1933103}
FF Extension: Lightning - C:\Program Files\Corel\WordPerfect Office eMail add-ons\{e2fda1a4-762b-4020-b5ad-a41df1933103}
FF HKCU\...\Thunderbird\Extensions: [{98d5815d-6aa2-499a-8845-6ef9d926c7bf}] - C:\Program Files\Corel\WordPerfect Office eMail add-ons\{98d5815d-6aa2-499a-8845-6ef9d926c7bf}
FF Extension: Mozilla Thunderbird Configuration for WordPerfect Office X5 - C:\Program Files\Corel\WordPerfect Office eMail add-ons\{98d5815d-6aa2-499a-8845-6ef9d926c7bf}
========================== Services (Whitelisted) =================
R2 BackupService; C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-10-28] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [238328 2009-08-28] (WildTangent, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [92928 2009-12-14] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-18] (Nuance Communications, Inc.)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-08] (TOSHIBA Corporation)
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-10-07] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-11-06] (TOSHIBA Corporation)
==================== Drivers (Whitelisted) ====================
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-31] (COMPAL ELECTRONIC INC.)
S3 massfilter; C:\Windows\System32\DRIVERS\massfilter.sys [9216 2010-12-03] (MBB Incorporated)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-21] (Realtek Semiconductor Corp.)
S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [40056 2011-09-13] (Cristalink Ltd)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-12-03] (ZTE Incorporated)
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [193536 2011-04-09] (ZTE Incorporated)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [x]
S1 jbgeorvx; \??\C:\windows\system32\drivers\jbgeorvx.sys [x]
S3 MFE_RR; \??\C:\Users\user\AppData\Local\Temp\mfe_rr.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-26 09:36 - 2013-09-26 09:36 - 00000000 ____D C:\FRST
2013-09-26 09:35 - 2013-09-26 09:35 - 01088653 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2013-09-26 08:03 - 2013-09-26 07:33 - 05130004 ____R (Swearware) C:\combofix.exe
2013-09-26 08:00 - 2013-09-26 08:00 - 00000270 ____H C:\windows\Tasks\User_Feed_Synchronization-{B855E805-CBC3-4DC2-A2C6-92571533B031}.job
2013-09-26 07:59 - 2013-09-26 07:33 - 05130004 ____R (Swearware) C:\Users\user\Desktop\combofix.exe
2013-09-26 07:32 - 2013-09-26 08:05 - 00000000 ___SD C:\32788R22FWJFW
2013-09-25 17:06 - 2013-09-25 17:06 - 01898112 _____ (Bleeping Computer, LLC) C:\rkill.com
2013-09-25 16:22 - 2013-08-10 15:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-25 16:22 - 2013-08-10 15:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-25 16:22 - 2013-08-10 15:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-25 16:22 - 2013-08-10 15:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-25 16:22 - 2013-08-10 15:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-25 16:22 - 2013-08-10 15:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-25 16:22 - 2013-08-10 15:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-25 16:22 - 2013-08-10 15:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-25 16:22 - 2013-08-10 15:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-25 16:22 - 2013-08-10 15:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-25 16:22 - 2013-08-10 15:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-25 16:22 - 2013-08-10 15:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-25 16:22 - 2013-08-10 15:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-25 16:22 - 2013-08-10 15:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-25 16:22 - 2013-08-10 15:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-25 16:22 - 2013-08-10 14:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-25 13:45 - 2013-09-26 08:06 - 00000504 _____ C:\windows\setupact.log
2013-09-25 13:45 - 2013-09-25 13:45 - 00000000 _____ C:\windows\setuperr.log
2013-09-25 13:43 - 2013-09-26 07:31 - 00002148 _____ C:\windows\PFRO.log
2013-09-25 08:24 - 2013-09-25 10:05 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2013-09-25 08:23 - 2013-09-25 08:24 - 04428032 _____ (TeamViewer) C:\Users\user\Desktop\TeamViewerQS_en-ckq.exe
2013-09-25 08:02 - 2013-07-25 20:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-09-25 08:02 - 2013-07-09 17:03 - 03968960 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2013-09-25 08:02 - 2013-07-09 17:03 - 03913664 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-09-25 08:02 - 2013-07-09 16:53 - 01289096 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-09-25 08:02 - 2013-07-09 16:52 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-09-25 08:02 - 2013-07-09 16:50 - 00652800 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-09-25 08:02 - 2013-07-09 16:46 - 01166848 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-09-25 08:02 - 2013-07-09 16:46 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-09-25 08:02 - 2013-07-09 16:46 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-09-25 08:02 - 2013-07-06 17:05 - 01293760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-09-25 08:01 - 2013-08-08 13:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-25 08:01 - 2013-08-05 13:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-25 08:01 - 2013-08-02 13:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-25 08:01 - 2013-08-02 13:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-25 08:01 - 2013-08-02 13:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 12:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-25 08:01 - 2013-08-02 12:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 12:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 12:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-25 08:01 - 2013-08-02 12:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-25 08:01 - 2013-07-26 13:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-25 08:01 - 2013-07-26 13:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-25 08:01 - 2013-07-19 13:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-09-25 08:00 - 2013-08-02 13:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-25 08:00 - 2013-08-02 13:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-25 08:00 - 2013-06-15 15:38 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-09-25 07:40 - 2013-09-25 07:40 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-25 07:40 - 2013-09-25 07:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-09-25 07:40 - 2013-09-25 07:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-25 07:40 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-24 23:26 - 2013-09-24 23:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-24 23:26 - 2013-09-24 23:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 23:20 - 2013-09-24 23:20 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-09-24 23:11 - 2013-09-26 08:16 - 00004296 _____ C:\Users\user\Desktop\Rkill.txt
2013-09-24 22:40 - 2013-09-24 22:40 - 00015312 _____ C:\ComboFix.txt
2013-09-24 22:26 - 2013-09-24 22:26 - 00000000 __RSH C:\MSDOS.SYS
2013-09-24 22:26 - 2013-09-24 22:26 - 00000000 __RSH C:\IO.SYS
2013-09-24 22:05 - 2013-09-26 07:33 - 05130004 ____R (Swearware) C:\uninstall.exe
2013-09-24 21:18 - 2013-09-24 21:18 - 00000000 ____D C:\windows\pss
2013-09-24 21:04 - 2013-09-25 16:14 - 00000000 ____D C:\Program Files\CCleaner
2013-09-24 20:15 - 2011-06-26 18:45 - 00256000 _____ C:\windows\PEV.exe
2013-09-24 20:15 - 2010-11-08 05:20 - 00208896 _____ C:\windows\MBR.exe
2013-09-24 20:15 - 2009-04-20 16:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-09-24 20:15 - 2000-08-31 12:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-09-24 20:15 - 2000-08-31 12:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-09-24 20:15 - 2000-08-31 12:00 - 00098816 _____ C:\windows\sed.exe
2013-09-24 20:15 - 2000-08-31 12:00 - 00080412 _____ C:\windows\grep.exe
2013-09-24 20:15 - 2000-08-31 12:00 - 00068096 _____ C:\windows\zip.exe
2013-09-24 20:08 - 2013-09-26 07:36 - 00000000 ____D C:\Qoobox
2013-09-24 20:08 - 2013-09-26 07:31 - 00000000 ____D C:\windows\erdnt
==================== One Month Modified Files and Folders =======
2013-09-26 09:36 - 2013-09-26 09:36 - 00000000 ____D C:\FRST
2013-09-26 09:35 - 2013-09-26 09:35 - 01088653 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2013-09-26 08:53 - 2012-04-19 18:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-26 08:43 - 2010-07-12 13:15 - 01454087 _____ C:\windows\WindowsUpdate.log
2013-09-26 08:16 - 2013-09-24 23:11 - 00004296 _____ C:\Users\user\Desktop\Rkill.txt
2013-09-26 08:15 - 2009-07-14 16:34 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-26 08:15 - 2009-07-14 16:34 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-26 08:07 - 2010-10-05 23:02 - 00000000 ___RD C:\Users\user\Documents\My Dropbox
2013-09-26 08:07 - 2010-10-05 23:00 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2013-09-26 08:06 - 2013-09-25 13:45 - 00000504 _____ C:\windows\setupact.log
2013-09-26 08:06 - 2009-07-14 16:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-26 08:05 - 2013-09-26 07:32 - 00000000 ___SD C:\32788R22FWJFW
2013-09-26 08:00 - 2013-09-26 08:00 - 00000270 ____H C:\windows\Tasks\User_Feed_Synchronization-{B855E805-CBC3-4DC2-A2C6-92571533B031}.job
2013-09-26 07:49 - 2009-07-14 16:53 - 00032626 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-09-26 07:36 - 2013-09-24 20:08 - 00000000 ____D C:\Qoobox
2013-09-26 07:33 - 2013-09-26 08:03 - 05130004 ____R (Swearware) C:\combofix.exe
2013-09-26 07:33 - 2013-09-26 07:59 - 05130004 ____R (Swearware) C:\Users\user\Desktop\combofix.exe
2013-09-26 07:33 - 2013-09-24 22:05 - 05130004 ____R (Swearware) C:\uninstall.exe
2013-09-26 07:31 - 2013-09-25 13:43 - 00002148 _____ C:\windows\PFRO.log
2013-09-26 07:31 - 2013-09-24 20:08 - 00000000 ____D C:\windows\erdnt
2013-09-26 00:40 - 2009-07-14 14:37 - 00000000 ____D C:\windows\rescache
2013-09-25 18:03 - 2011-09-04 08:09 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2013-09-25 17:19 - 2009-07-14 14:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-25 17:06 - 2013-09-25 17:06 - 01898112 _____ (Bleeping Computer, LLC) C:\rkill.com
2013-09-25 16:28 - 2009-07-14 16:33 - 00459872 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-25 16:14 - 2013-09-24 21:04 - 00000000 ____D C:\Program Files\CCleaner
2013-09-25 13:45 - 2013-09-25 13:45 - 00000000 _____ C:\windows\setuperr.log
2013-09-25 13:45 - 2009-11-11 15:32 - 00000000 ____D C:\windows\Panther
2013-09-25 13:43 - 2009-11-10 23:54 - 00000000 ____D C:\Program Files\TOSHIBA
2013-09-25 13:41 - 2011-12-25 10:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-09-25 13:41 - 2010-12-06 17:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Media Player Classic
2013-09-25 13:40 - 2011-12-29 08:20 - 00000000 ____D C:\windows\Minidump
2013-09-25 10:05 - 2013-09-25 08:24 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2013-09-25 09:52 - 2009-11-10 23:54 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-25 09:46 - 2009-11-10 23:57 - 00000000 ____D C:\Program Files\Adobe
2013-09-25 08:28 - 2010-07-12 13:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-25 08:25 - 2009-11-11 00:31 - 00798144 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-25 08:24 - 2013-09-25 08:23 - 04428032 _____ (TeamViewer) C:\Users\user\Desktop\TeamViewerQS_en-ckq.exe
2013-09-25 08:17 - 2013-07-31 10:35 - 00000000 ____D C:\windows\system32\MRT
2013-09-25 07:59 - 2011-12-25 10:28 - 00000000 ___RD C:\Program Files\Skype
2013-09-25 07:40 - 2013-09-25 07:40 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-25 07:40 - 2013-09-25 07:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-09-25 07:40 - 2013-09-25 07:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 23:55 - 2013-09-24 23:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-24 23:26 - 2013-09-24 23:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-24 23:20 - 2013-09-24 23:20 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-09-24 22:40 - 2013-09-24 22:40 - 00015312 _____ C:\ComboFix.txt
2013-09-24 22:38 - 2009-07-14 14:04 - 00000215 _____ C:\windows\system.ini
2013-09-24 22:26 - 2013-09-24 22:26 - 00000000 __RSH C:\MSDOS.SYS
2013-09-24 22:26 - 2013-09-24 22:26 - 00000000 __RSH C:\IO.SYS
2013-09-24 21:31 - 2009-07-14 14:37 - 00000000 ____D C:\windows\system32\NDF
2013-09-24 21:18 - 2013-09-24 21:18 - 00000000 ____D C:\windows\pss
2013-09-24 20:54 - 2009-07-14 14:37 - 00000000 ___RD C:\Users\Public
2013-09-24 19:35 - 2012-02-07 21:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Smilebox
2013-09-21 14:26 - 2012-04-19 18:13 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-21 14:26 - 2011-05-17 23:03 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-01 16:57 - 2010-08-22 14:21 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
Files to move or delete:
====================
ZeroAccess:
C:\Program Files\Google\Desktop\Install
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-26 00:25
==================== End Of Log ============================
 
ADDITION.TXT
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2013
Ran by user at 2013-09-26 09:36:49
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ESET NOD32 Antivirus 4.2 (Disabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Disabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.741.0)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Full Existing (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Full New (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Light (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Previews Common (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0908.2225.38429)
Catalyst Control Center InstallProxy (Version: 2009.0908.2225.38429)
Catalyst Control Center Localization All (Version: 2009.0908.2225.38429)
CCC Help Chinese Standard (Version: 2009.0908.2224.38429)
CCC Help Chinese Traditional (Version: 2009.0908.2224.38429)
CCC Help Czech (Version: 2009.0908.2224.38429)
CCC Help Danish (Version: 2009.0908.2224.38429)
CCC Help Dutch (Version: 2009.0908.2224.38429)
CCC Help English (Version: 2009.0908.2224.38429)
CCC Help Finnish (Version: 2009.0908.2224.38429)
CCC Help French (Version: 2009.0908.2224.38429)
CCC Help German (Version: 2009.0908.2224.38429)
CCC Help Greek (Version: 2009.0908.2224.38429)
CCC Help Hungarian (Version: 2009.0908.2224.38429)
CCC Help Italian (Version: 2009.0908.2224.38429)
CCC Help Japanese (Version: 2009.0908.2224.38429)
CCC Help Korean (Version: 2009.0908.2224.38429)
CCC Help Norwegian (Version: 2009.0908.2224.38429)
CCC Help Polish (Version: 2009.0908.2224.38429)
CCC Help Portuguese (Version: 2009.0908.2224.38429)
CCC Help Russian (Version: 2009.0908.2224.38429)
CCC Help Spanish (Version: 2009.0908.2224.38429)
CCC Help Swedish (Version: 2009.0908.2224.38429)
CCC Help Thai (Version: 2009.0908.2224.38429)
CCC Help Turkish (Version: 2009.0908.2224.38429)
ccc-core-static (Version: 2009.0908.2225.38429)
ccc-utility (Version: 2009.0908.2225.38429)
CCleaner (Version: 4.05)
Chuzzle Deluxe (Version: 2.2.0.82)
ClipConverter (Version: 1.0.0)
Corel WordPerfect Office - iFilter (Version: 1.00.000)
D3DX10 (Version: 15.4.2368.0902)
Direct DiscRecorder (Version: 1.00.0000)
Dropbox (HKCU Version: 2.0.22)
DVD MovieFactory for TOSHIBA (Version: 7.0.0)
EPSON SX100 Series Printer Uninstall
ESET NOD32 Antivirus (Version: 4.2.71.2)
FATE (Version: 2.2.0.82)
Free RAR Extract Frog (Version: 4.70)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.5.0.1037)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Mega Codec Pack 6.6.0 (Version: 6.6.0)
Magic Match - The Genie's Journey (Version: 2.2.0.82)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Go (Version: 1.4.269)
MediaWidget 6.0
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MixMeister BPM Analyzer 1.0
Monopoly (Version: 2.2.0.82)
Motorola Driver Installation 4.2.4 (Version: 4.2.4)
Mozilla Firefox 8.0 (x86 en-GB) (Version: 8.0)
Mozilla Maintenance Service (Version: 16.0.2)
Mozilla Thunderbird 16.0.2 (x86 en-US) (Version: 16.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PaperPort Image Printer (Version: 1.00.0001)
Peggle (Version: 2.2.0.82)
PlayReady PC Runtime x86 (Version: 1.3.0)
PlayStation®Network Downloader (Version: 2.02.00076)
PlayStation®Store (Version: 3.1.8.07881)
Polar Bowler (Version: 2.2.0.82)
Polar Golfer (Version: 2.2.0.82)
QuickTime (Version: 7.66.73.0)
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0011)
Realtek High Definition Audio Driver (Version: 6.0.1.5964)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30105)
Realtek WLAN Driver (Version: 2.00.0006)
Round Robin Calculator v2.01
Safari (Version: 5.34.51.22)
Scansoft PDF Professional
Scratch Live 2.4.1 (9) (Version: 2.4.1)
Skype™ 6.6 (Version: 6.6.106)
Smilebox (HKCU Version: 1.1.1.1)
Sony Ericsson PC Companion 2.02.002 (Version: 2.02.002)
Sony Ericsson Update Engine (Version: 2.11.12.9)
Synaptics Pointing Device Driver (Version: 14.0.11.0)
TOSHIBA ConfigFree (Version: 8.0.25)
TOSHIBA Disc Creator (Version: 2.1.0.2)
TOSHIBA DVD PLAYER (Version: 3.01.1.04-A)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.3.32)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C)
TOSHIBA Hardware Setup (Version: 1.63.0.16C)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.4)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4)
TOSHIBA ReelTime (Version: 1.5.07.32)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 1.63.0.7C)
TOSHIBA Value Added Package (Version: 1.2.32)
TOSHIBA Web Camera Application (Version: 1.1.1.9)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 1.0.50.27C)
uTorrentBar Toolbar
VeryPDF PDF Editor v2.6
Virtual DJ Pro Full - Atomix Productions
WildTangent Games (Version: 1.0.0.80)
WildTangent ORB Game Console
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordPerfect Lightning - IPM (Version: 1.0)
WordPerfect Lightning - Messages (Version: 1.0)
WordPerfect Lightning - MSOM (Version: 1.1)
WordPerfect Lightning (Version: 2.0)
WordPerfect Office eMail add-ons (Version: 1.0.0)
WordPerfect Office X5 - Common (Version: 15.0)
Wordperfect Office X5 - EN (Version: 15.0)
WordPerfect Office X5 - Filters (Version: 15.0)
WordPerfect Office X5 - Graphics (Version: 15.0)
WordPerfect Office X5 - IPM (Version: 15.0)
WordPerfect Office X5 - LegalTools (Version: 15.0)
WordPerfect Office X5 - Migration Manager (Version: 15.0)
WordPerfect Office X5 - Oxford (Version: 15.0)
WordPerfect Office X5 - PerfectExperts EN (Version: 15.0)
WordPerfect Office X5 - PR (Version: 15.0)
WordPerfect Office X5 - QP (Version: 15.0)
WordPerfect Office X5 - Setup Files (Version: 15.0)
WordPerfect Office X5 - Sharepoint (Version: 15.0)
WordPerfect Office X5 - Skins (Version: 15.0)
WordPerfect Office X5 - System EN (Version: 15.0)
WordPerfect Office X5 - Templates (Version: 15.0)
WordPerfect Office X5 - WP (Version: 15.0)
WordPerfect Office X5 - WT (Version: 15.0)
WordPerfect Office X5 (Version: 15.0)
WordPerfect Office X5 (Version: 15.0.0.357)
WordPerfect OfficeReady (Version: 1.0)
Zuma Deluxe (Version: 2.2.0.82)
==================== Restore Points  =========================
25-09-2013 21:05:28 Scheduled Checkpoint
==================== Hosts content: ==========================
2009-07-14 14:04 - 2013-09-24 22:38 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {3D57A5DA-2194-4B09-85F7-4FAE60599C40} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated)
Task: {470969B5-480E-41F7-B9D2-089E7D54E18C} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-29] (TOSHIBA CORPORATION)
Task: {4BB89EA7-2E9E-46EA-81CC-33C5CA9B3119} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-13] (Microsoft Corporation)
Task: {4DCE6089-7370-4F3F-8068-B3675B47074F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-22] (Piriform Ltd)
Task: {94F19F03-3876-49E4-AA40-2D43B412352E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E75CCF61-1E06-498C-A9C7-F7E227EB5070} - System32\Tasks\User_Feed_Synchronization-{B855E805-CBC3-4DC2-A2C6-92571533B031} => C:\windows\system32\msfeedssync.exe [2013-05-04] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\User_Feed_Synchronization-{B855E805-CBC3-4DC2-A2C6-92571533B031}.job => C:\windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2009-07-14 12:07 - 2009-07-14 13:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2013-09-25 08:24 - 2013-09-12 20:22 - 00095584 _____ (TeamViewer GmbH) C:\Users\user\AppData\Local\Temp\TeamViewer\Version8\tv_w32.dll
2013-05-25 12:36 - 2013-05-25 12:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00106496 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3538.38499__90ba9c70f846762e\MOM.Implementation.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00032768 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00036864 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00065536 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3538.38498__90ba9c70f846762e\LOG.Foundation.Implementation.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00019456 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3538.38499__90ba9c70f846762e\CCC.Implementation.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00094208 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00057344 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3538.38414__90ba9c70f846762e\CLI.Component.SkinFactory.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00057344 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3538.38413__90ba9c70f846762e\CLI.Component.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00032768 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3538.38412__90ba9c70f846762e\AEM.Server.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3538.38510__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00045056 _____ (ATI Technologies Inc.) C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (ATI Technologies Inc.) C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00364544 _____ (Advanced Mirco Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3538.38415__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00135168 _____ (Advanced Mirco Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00065536 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3538.38467__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00077824 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3538.38485__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00032768 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00065536 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3538.38424__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3538.38440__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3538.38465__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00024576 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3538.38459__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00053248 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00032768 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3538.38466__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3538.38458__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3538.38459__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00049152 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00061440 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3538.38472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00053248 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00090112 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3538.38460__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00057344 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3538.38504__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3538.38411__90ba9c70f846762e\APM.Server.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00007168 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3538.38413__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00405504 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3538.38429__90ba9c70f846762e\CLI.Component.Wizard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00040960 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00024576 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3538.38429__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00491520 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3538.38505__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00094208 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3538.38472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00007168 _____ ( ) C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00409600 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3538.38480__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00307200 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3538.38440__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 01691648 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3538.38534__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00204800 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3538.38435__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 01212416 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3538.38420__90ba9c70f846762e\CLI.Component.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00024576 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
2009-05-05 05:45 - 2009-05-05 05:45 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00073728 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3538.38424__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00045056 _____ (Advanced Mirco Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3538.38505__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00196608 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3538.38435__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 01011712 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3538.38530__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00094208 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3538.38465__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00393216 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3538.38459__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00315392 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3538.38466__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00360448 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3538.38454__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00331776 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3538.38472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00573440 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3538.38436__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00798720 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3538.38460__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2010-07-12 13:10 - 2010-07-12 13:10 - 00118784 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3538.38504__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
2009-10-19 10:20 - 2009-10-19 10:20 - 07980344 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-04 08:26 - 2009-11-04 08:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-03-13 14:08 - 2009-03-13 14:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-26 06:07 - 2009-07-26 06:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-30 10:35 - 2009-07-30 10:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2010-06-03 13:45 - 2010-06-03 13:45 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-14 11:32 - 2012-11-14 11:32 - 03558400 _____ (wxWidgets development team) C:\Users\user\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-14 08:48 - 2013-03-14 08:48 - 24978944 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-14 08:48 - 2013-03-14 08:48 - 09956864 _____ (The ICU Project) C:\Users\user\AppData\Roaming\Dropbox\bin\icudt.dll
2009-11-06 04:14 - 2009-11-06 04:14 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-25 08:24 - 2013-09-12 20:49 - 00273760 _____ (TeamViewer GmbH) C:\Users\user\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_en.dll
2013-09-25 08:24 - 2013-09-12 20:48 - 02679648 _____ (TeamViewer GmbH) C:\Users\user\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_StaticRes.dll
2013-09-21 14:26 - 2013-09-21 14:26 - 16244616 ____R (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\Flash32_11_8_800_175.ocx
2013-09-21 14:26 - 2013-09-21 14:26 - 00479112 _____ (Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/26/2013 00:41:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (09/25/2013 06:03:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: dbghelp.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7bc
Exception code: 0xc0000005
Fault offset: 0x0004c5df
Faulting process id: 0xa54
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (09/25/2013 01:45:44 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/25/2013 01:45:44 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/25/2013 01:45:44 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/25/2013 01:45:44 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Error: (09/25/2013 01:45:44 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/25/2013 01:45:44 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
Context: Windows Application, SystemIndex Catalog
Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
Error: (09/25/2013 01:45:44 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Error: (09/25/2013 01:45:44 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (09/26/2013 08:05:14 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 72 time(s).
Error: (09/26/2013 08:05:14 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
Error: (09/26/2013 08:05:14 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 71 time(s).
Error: (09/26/2013 08:05:14 AM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 34 time(s).
Error: (09/26/2013 08:04:53 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 70 time(s).
Error: (09/26/2013 08:04:52 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
Error: (09/26/2013 08:04:52 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 69 time(s).
Error: (09/26/2013 08:04:52 AM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 33 time(s).
Error: (09/26/2013 08:04:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 68 time(s).
Error: (09/26/2013 08:04:31 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3061.61 MB
Available physical RAM: 1572.29 MB
Total Pagefile: 6121.5 MB
Available Pagefile: 4820.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.37 MB
==================== Drives ================================
Drive c: (S3A8422D005) (Fixed) (Total:453.4 GB) (Free:86.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: CC0B5545)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=17)
==================== End Of Log ============================

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 supersain

supersain
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 September 2013 - 05:14 PM

Also ran TDSS killer... and it came back with no threats found...



#3 supersain

supersain
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 September 2013 - 05:23 PM

Attached logfile nod32.. old to new...

 

Attached File  OldNodLogFile.txt   402.84KB   3 downloads

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 25 September 2013 - 05:41 PM

Hello supersain

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!
  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


I need you to download this script I have made for you --> Attached File  fixlist.txt   267bytes   5 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 supersain

supersain
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 September 2013 - 06:24 PM

Hi Gringo, and thank you for your help.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2013
Ran by user at 2013-09-26 11:21:42 Run:1
Running from C:\Users\user\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S1 jbgeorvx; \??\C:\windows\system32\drivers\jbgeorvx.sys [x]
C:\Program Files\Google\Desktop\Install

*****************

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
jbgeorvx => Service deleted successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 25 September 2013 - 07:08 PM



Hello supersain

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 supersain

supersain
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 September 2013 - 07:53 PM

Adwcleaner log

 

# AdwCleaner v3.005 - Report created 26/09/2013 at 12:13:12
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\VIRUS\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\users\user\AppData\Local\PackageAware
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\Conduit
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\ConduitCommon
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\jetpack
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\CT2786678
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\Extensions\gophoto@gophoto.it.xpi
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\Extensions\hdvc@hdvc.com.xpi
File Deleted : C:\Uninstall.exe
File Deleted : C:\users\user\Desktop\HDVidCodec.lnk
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v8.0 (en-GB)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\prefs.js ]

Line Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Wed Aug 10 2011 18:26:11 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129575151151403741", true);
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_3976808699496931956", true);
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "17-8-2011");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Wed Aug 17 2011 21:30:23 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Thu Aug 18 2011 00:10:17 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 550);
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun May 15 2011 23:26:19 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Thu Aug 18 2011 00:09:55 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Thu Aug 18 2011 00:09:55 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Thu Aug 18 2011 00:09:54 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Thu Aug 18 2011 00:09:54 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Thu Aug 18 2011 00:09:55 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Thu Aug 18 2011 00:09:55 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Thu Aug 18 2011 00:09:54 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Thu Aug 18 2011 00:09:55 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Thu Aug 18 2011 00:09:55 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Thu Aug 18 2011 00:09:55 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Thu Aug 18 2011 00:09:55 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "6-12-2010");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Mon Dec 06 2010 18:11:30 GMT+1300 (New Zealand Daylight Time)");
Line Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Wed Aug 17 2011 21:30:23 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_3.2.3.3", "Sun May 08 2011 19:46:22 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Tue Jul 26 2011 22:43:49 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.5.0.12", "Wed Aug 17 2011 21:30:23 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.6.0.10", "Wed Aug 17 2011 23:01:23 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.6.0.10");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2786678.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2786678.SearchBoxWidth", 150);
Line Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Wed Aug 17 2011 21:30:22 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Aug 17 2011 21:30:22 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Wed Aug 17 2011 21:30:22 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1313448551");
Line Deleted : user_pref("CT2786678.SuggestWindowWidth", "136");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sat Jul 30 2011 11:40:27 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2786678.UserID", "UN75703624854955640");
Line Deleted : user_pref("CT2786678.ValidationData_Search", 2);
Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Thu Aug 18 2011 00:02:18 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "C");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e+x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e,x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e-x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e.x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e/x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el8:", "6E6D706F71737072736F");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737675777976787975242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e0x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e1x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e2x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e3x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e4x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e5x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e6x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e7x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e8x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e9x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e:x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e;x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e<x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e=x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e>x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e?x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7e@x305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7eax305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D337D56545138505C");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7ebx305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7ecx305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7edx305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b+7etx305", "2423");
Line Deleted : user_pref("CT2786678.backendstorage./9b-0?3g>d", "6B3E3E694072426D7A7544447A2078787C7D2523237B202A522257542C595C5C2F302F2C");
Line Deleted : user_pref("CT2786678.backendstorage./9b-0?3g@6:5;", "");
Line Deleted : user_pref("CT2786678.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Deleted : user_pref("CT2786678.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Line Deleted : user_pref("CT2786678.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Line Deleted : user_pref("CT2786678.backendstorage./9b5ba==9cjag", "6E67683E416F73747A45784778487A7C4E7A4C4F4E");
Line Deleted : user_pref("CT2786678.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706F6F7475766F6F717475");
Line Deleted : user_pref("CT2786678.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT2786678.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT2786678.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT2786678.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT2786678.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT2786678.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Line Deleted : user_pref("CT2786678.backendstorage.for_aoi", "31333036343030373032");
Line Deleted : user_pref("CT2786678.backendstorage.for_ccid", "4175636B6C616E64");
Line Deleted : user_pref("CT2786678.backendstorage.for_cdtr", "31333036343030373032");
Line Deleted : user_pref("CT2786678.backendstorage.for_cid", "4E5A");
Line Deleted : user_pref("CT2786678.backendstorage.for_ip", "36302E3233342E3232322E323339");
Line Deleted : user_pref("CT2786678.backendstorage.for_lcut", "31333133353733343237");
Line Deleted : user_pref("CT2786678.backendstorage.for_rid", "4537");
Line Deleted : user_pref("CT2786678.backendstorage.for_zoneid", "37383138");
Line Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F70726F66696C652E7068703F69643D313030303030353639333532363933");
Line Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333133353833313438333831");
Line Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Wed Aug 17 2011 21:30:23 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.initDone", true);
Line Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,111,1000234,129295698017012804,1000034,129526967958500204,129309489763975460,5690698542593514850,129309485163350924,1293154114[...]
Line Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Wed Aug 17 2011 21:30:22 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Aug 10 2011 18:17:35 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1061742/1057446/NZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/NZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/NZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1313448428\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:10c2\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"8028f138140cc1:1066\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"80161a5ed5ccc1:10c2\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"634485749189530000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634402944764300000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634248284990000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634335443890000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/2010 3:54:59 PM", "634285417620000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2010 3:22:42 PM", "634285417620000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2010 12:43:05 PM", "634293235860000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634339976460000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=CT2786678", "\"1313448551\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1311168866\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634461627320900000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634485059431430000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\user\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\651tkx8b.default\\conduitCommon\\modules\\3.6.0.10");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 08 2011 20:02:34 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jul 26 2011 22:55:28 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jul 26 2011 23:55:49 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "f1af1c66-a769-4b7e-995e-1f2218ca3ef7");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 17 2011 21:30:22 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "2f3adc43-d28d-4a31-93e3-0d8fca3e4560");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.killedEngine", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Aug 17 2011 21:30:25 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Aug 17 2011 21:30:30 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Aug 17 2011 21:30:22 GMT+1200 (New Zealand Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "d3df6045-00f8-4981-b473-36fe1e07f266");
Line Deleted : user_pref("CommunityToolbar.undefined", "");
Line Deleted : user_pref("extensions.enabledItems", "{22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1161,toolbar@ask.com:3.11.3.15590,engine@conduit.com:3.2.3.3,{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.3.3,{972ce4c6[...]

*************************

AdwCleaner[R0].txt - [27519 octets] - [26/09/2013 12:12:02]
AdwCleaner[S0].txt - [27993 octets] - [26/09/2013 12:13:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28054 octets] ##########



#8 supersain

supersain
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 September 2013 - 08:01 PM

Junkware Removal Tool

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by user on Thu 26/09/2013 at 12:56:01.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbar

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\utorrentbar"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{17B64749-E78C-4599-9AB8-3B8E265B1C59}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2F052051-7C04-45C3-A152-BC6AEB2909DC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{30F1C4DC-C0EF-4325-96FA-CFE93AFB1C83}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{52CF058F-1F4C-47CC-862C-2CA3C32CEBA9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{62C8C207-1D9D-499D-B840-3FBAB1EC794D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{62F15331-C51D-481C-86F4-99B082233E81}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{701F39B7-8DDE-4F3C-B7D9-916260D47CA2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{73E8D797-FCA1-4CE3-8B41-1BA53E826216}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{74CC69E8-3AD0-402A-89DE-CF5A231D0E52}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9630E851-8034-45A0-B777-7CA43D1E28D8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9F3EB0CC-C11A-4814-8CB3-6E890BF47024}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A5620933-41E9-4428-A98B-BD13F46E3C6E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{AB07F4E4-E799-484C-952A-BEFE48C2DD7C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{AC9D19B9-DFAD-4389-BDDA-71A80CF82C8B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B7C40651-0557-493E-8E8B-974FFD4FD86D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B9FFD428-17ED-4ECE-8157-5368A60559C6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C34330C1-F0B0-4316-B443-6812A584F022}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C6F2D7D7-6566-4020-A1AF-7877A4D00C20}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CBFE3F51-97C3-4D5B-9793-3C7A641BB8B0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D447FB34-46A8-4E33-B7F7-21D5FB499879}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E4026A75-3407-4C5E-BD95-B74693CC5DB4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EE572957-1F3F-4AC6-9FB5-4E7286299432}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FCCA43B6-16BE-43A6-963E-F72DC2CC20E5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FF75A86B-8757-4CA3-8F6D-363CA96C1825}

 

~~~ FireFox

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\651tkx8b.default\minidumps [2 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 26/09/2013 at 12:58:05.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 25 September 2013 - 08:06 PM


Hello supersain

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 supersain

supersain
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 September 2013 - 11:29 PM

Hi Gringo sorry for the delay.

 

Combo Fix Log

 

ComboFix 13-09-24.02 - user 26/09/2013  13:29:07.3.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.3062.1979 [GMT 12:00]
Running from: C:\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-26 to 2013-09-26  )))))))))))))))))))))))))))))))
.
.
2013-09-26 01:38 . 2013-09-26 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-26 00:55 . 2013-09-26 00:55 -------- d-----w- c:\windows\ERUNT
2013-09-26 00:11 . 2013-09-26 00:13 -------- d-----w- C:\AdwCleaner
2013-09-25 21:36 . 2013-09-25 21:36 -------- d-----w- C:\FRST
2013-09-25 05:06 . 2013-09-25 05:06 1898112 ----a-w- C:\rkill.com
2013-09-24 20:24 . 2013-09-24 22:05 -------- d-----w- c:\users\user\AppData\Roaming\TeamViewer
2013-09-24 20:02 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-24 20:02 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-09-24 20:02 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-09-24 20:02 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-24 20:02 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-09-24 20:02 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-24 20:02 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-09-24 20:02 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-09-24 20:02 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-24 20:02 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-24 20:00 . 2013-08-02 01:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-24 20:00 . 2013-08-02 01:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-24 20:00 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-24 19:40 . 2013-09-24 19:40 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-09-24 19:40 . 2013-09-24 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-24 19:40 . 2013-04-04 02:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-24 19:40 . 2013-09-24 19:40 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-09-24 11:26 . 2013-09-24 11:26 -------- d-----w- c:\programdata\Malwarebytes
2013-09-24 11:26 . 2013-09-24 11:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-24 11:25 . 2013-09-24 11:25 -------- d-----w- C:\temp
2013-09-24 10:40 . 2013-09-26 01:38 -------- d-----w- c:\users\user\AppData\Local\temp
2013-09-24 09:04 . 2013-09-25 04:14 -------- d-----w- c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-21 02:26 . 2012-04-19 06:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-21 02:26 . 2011-05-17 11:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 02:11 . 2011-05-08 08:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-22 7858720]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-10-29 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-10-26 742712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-16 1586472]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-20 2454840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2010-09-07 08:19 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2009-10-02 20:26 284696 ----a-w- c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-02-17 21:33 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-02-17 21:37 29984 ----a-w- c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-02-08 06:31 62752 ----a-w- c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-02-08 06:32 636192 ----a-w- c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort12reminder]
2010-02-09 01:42 328992 ----a-w- c:\program files\Nuance\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2010-03-11 09:46 136600 ----a-w- c:\program files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-20 21:58 19875432 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2013-09-03 07:19 309544 ----a-w- c:\users\user\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 01:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-16 23:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosReelTimeMonitor]
2009-10-29 03:02 29528 ----a-w- c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
R2 BackupService;BackupService;c:\users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-06-30 83512]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-20 162408]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-12-03 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 MFE_RR;MFE_RR;c:\users\user\AppData\Local\Temp\mfe_rr.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 174592]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-13 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-12-03 105856]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2011-04-08 193536]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-09 172032]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-10-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2009-12-14 92928]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-02-17 144672]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-06 230912]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1011232]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ    HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 02:26]
.
2013-09-25 c:\windows\Tasks\User_Feed_Synchronization-{B855E805-CBC3-4DC2-A2C6-92571533B031}.job
- c:\windows\system32\msfeedssync.exe [2013-05-04 02:33]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.nz/
uInternet Settings,ProxyOverride = *.local
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
Trusted Zone: gvi.co.nz\remote
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B71504B0-1960-452B-85B9-DE44EC45C73B}: NameServer = 203.118.191.1 203.109.191.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4632)
c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
Completion time: 2013-09-26  13:45:40
ComboFix-quarantined-files.txt  2013-09-26 01:45
ComboFix2.txt  2013-09-24 08:39
.
Pre-Run: 91,119,067,136 bytes free
Post-Run: 90,978,328,576 bytes free
.
- - End Of File - - D6BEEE9BF4E5912FE083F9E888B06431
5B5E648D12FCADC244C1EC30318E1EB9
 



#11 supersain

supersain
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 26 September 2013 - 02:57 PM

bump



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 26 September 2013 - 07:53 PM


Hello supersain

You don't need to bump so quick - I have a job and even have a family and do get some sleep once in a while

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 supersain

supersain
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 27 September 2013 - 03:34 AM

Hi Gringo,

 

Please accept my deepest apologies for bumping, I've never been on a forum that has such a large workload! and I applaud all your time for everyone you help, I understand where your coming from with family etc... I just wasn't sure if the little ole New Zealander would be remembered in so many posts after our choking effort in the Americas Cup! haha.. but again thank you for all your help.. please find below the logfile..

 

 

ComboFix 13-09-26.03 - user 27/09/2013  19:39:50.4.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.3062.1639 [GMT 12:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\wshtcpip.dll was found and disinfected
Restored copy from - c:\windows\erdnt\cache\WSHTCPIP.DLL
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-27 to 2013-09-27  )))))))))))))))))))))))))))))))
.
.
2013-09-27 07:48 . 2013-09-27 07:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-26 00:55 . 2013-09-26 00:55 -------- d-----w- c:\windows\ERUNT
2013-09-26 00:11 . 2013-09-26 00:13 -------- d-----w- C:\AdwCleaner
2013-09-25 21:36 . 2013-09-25 21:36 -------- d-----w- C:\FRST
2013-09-25 05:06 . 2013-09-25 05:06 1898112 ----a-w- C:\rkill.com
2013-09-24 20:24 . 2013-09-24 22:05 -------- d-----w- c:\users\user\AppData\Roaming\TeamViewer
2013-09-24 20:02 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-24 20:02 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-09-24 20:02 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-09-24 20:02 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-24 20:02 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-09-24 20:02 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-24 20:02 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-09-24 20:02 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-09-24 20:02 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-24 20:02 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-24 20:00 . 2013-08-02 01:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-24 20:00 . 2013-08-02 01:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-24 20:00 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-24 19:40 . 2013-09-24 19:40 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-09-24 19:40 . 2013-09-24 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-24 19:40 . 2013-04-04 02:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-24 19:40 . 2013-09-24 19:40 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-09-24 11:26 . 2013-09-24 11:26 -------- d-----w- c:\programdata\Malwarebytes
2013-09-24 11:26 . 2013-09-24 11:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-24 11:25 . 2013-09-24 11:25 -------- d-----w- C:\temp
2013-09-24 10:40 . 2013-09-27 07:50 -------- d-----w- c:\users\user\AppData\Local\temp
2013-09-24 09:04 . 2013-09-25 04:14 -------- d-----w- c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-21 02:26 . 2012-04-19 06:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-21 02:26 . 2011-05-17 11:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 02:11 . 2011-05-08 08:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-22 7858720]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-10-29 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-10-26 742712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-16 1586472]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-20 2454840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2010-09-07 08:19 1660232 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2009-10-02 20:26 284696 ----a-w- c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-02-17 21:33 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-02-17 21:37 29984 ----a-w- c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-02-08 06:31 62752 ----a-w- c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-02-08 06:32 636192 ----a-w- c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort12reminder]
2010-02-09 01:42 328992 ----a-w- c:\program files\Nuance\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2010-03-11 09:46 136600 ----a-w- c:\program files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-20 21:58 19875432 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2013-09-03 07:19 309544 ----a-w- c:\users\user\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 01:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-16 23:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosReelTimeMonitor]
2009-10-29 03:02 29528 ----a-w- c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-20 162408]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-12-03 9216]
R3 MFE_RR;MFE_RR;c:\users\user\AppData\Local\Temp\mfe_rr.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 174592]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-13 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-12-03 105856]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2011-04-08 193536]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-09 172032]
S2 BackupService;BackupService;c:\users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-06-30 83512]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-10-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2009-12-14 92928]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-02-17 144672]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-06 230912]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1011232]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ    HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.nz/
uInternet Settings,ProxyOverride = *.local
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
Trusted Zone: gvi.co.nz\remote
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B71504B0-1960-452B-85B9-DE44EC45C73B}: NameServer = 203.118.191.1 203.109.191.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\651tkx8b.default\


.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5772)
c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\sppsvc.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2013-09-27  19:56:03 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-27 07:56
ComboFix2.txt  2013-09-24 08:39
.
Pre-Run: 90,716,237,824 bytes free
Post-Run: 90,558,263,296 bytes free
.
- - End Of File - - 0021BAB91A54BFD99F2EDDB3615D31B9
5B5E648D12FCADC244C1EC30318E1EB9

 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:21 PM

Posted 27 September 2013 - 11:48 AM


Hello supersain

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 supersain

supersain
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 27 September 2013 - 02:02 PM

 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bejeweled 2 Deluxe
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
ClipConverter
Corel WordPerfect Office - iFilter
D3DX10
Direct DiscRecorder
Dropbox
DVD MovieFactory for TOSHIBA
EPSON SX100 Series Printer Uninstall
ESET NOD32 Antivirus
FATE
Free RAR Extract Frog
HDAUDIO Soft Data Fax Modem with SmartCP
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java™ 6 Update 37
Junk Mail filter update
K-Lite Mega Codec Pack 6.6.0
Magic Match - The Genie's Journey
Malwarebytes Anti-Malware version 1.75.0.1300
Media Go
MediaWidget 6.0
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MixMeister BPM Analyzer 1.0
Monopoly
Motorola Driver Installation 4.2.4
Mozilla Firefox 8.0 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Nuance PaperPort 12
Nuance PDF Viewer Plus
OGA Notifier 2.0.0048.0
PaperPort Image Printer
Peggle
PlayReady PC Runtime x86
PlayStation®Network Downloader
PlayStation®Store
Polar Bowler
Polar Golfer
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Round Robin Calculator v2.01
Safari
Scansoft PDF Professional
Scratch Live 2.4.1 (9)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Skype™ 6.6
Smilebox
Sony Ericsson PC Companion 2.02.002
Sony Ericsson Update Engine
Synaptics Pointing Device Driver
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
VeryPDF PDF Editor v2.6
Virtual DJ Pro Full - Atomix Productions
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WordPerfect Lightning
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office eMail add-ons
WordPerfect Office X5
WordPerfect Office X5 - Common
Wordperfect Office X5 - EN
WordPerfect Office X5 - Filters
WordPerfect Office X5 - Graphics
WordPerfect Office X5 - IPM
WordPerfect Office X5 - LegalTools
WordPerfect Office X5 - Migration Manager
WordPerfect Office X5 - Oxford
WordPerfect Office X5 - PerfectExperts EN
WordPerfect Office X5 - PR
WordPerfect Office X5 - QP
WordPerfect Office X5 - Setup Files
WordPerfect Office X5 - Sharepoint
WordPerfect Office X5 - Skins
WordPerfect Office X5 - System EN
WordPerfect Office X5 - Templates
WordPerfect Office X5 - WP
WordPerfect Office X5 - WT
WordPerfect OfficeReady
Zuma Deluxe
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users