Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted audio on start up


  • This topic is locked This topic is locked
22 replies to this topic

#1 joesta123

joesta123

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 10 January 2014 - 04:45 PM

Mod Edit; Moved to proper forum, ~~ boopme

When I turn my computer on it sounds like multiple videos are playing but there is nothing visible on my computer.  Nothing is running.  I have run spyware and virus checks that have found nothing.  When I first scan with Hijackthis it says it cannot scan the Hosts files.  Hijack this gave me this log. 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:44:48 PM, on 1/10/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16526)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10054 bytes

Edited by boopme, 10 January 2014 - 04:53 PM.


BC AdBot (Login to Remove)

 


#2 zingo156

zingo156

  • BC Advisor
  • 3,333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 10 January 2014 - 04:52 PM

Boot to safe mode and run a full malwarebytes scan. To boot to safe mode turn the computer off, power the computer on and begin tapping f8 continuously until you see the windows boot options menu, choose safe mode with networking.


If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

#3 joesta123

joesta123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 11 January 2014 - 02:11 PM

I did this and it found no spyware/malware.



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 12 January 2014 - 10:04 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 joesta123

joesta123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 18 January 2014 - 12:17 PM

I am replying so this thread stays open I am at work and will do as you instructed tomorrow.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 19 January 2014 - 10:05 AM

Thanks for letting me know.  I'll leave it open.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 joesta123

joesta123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 19 January 2014 - 03:35 PM

Here is the addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2014 04
Ran by Kelsey at 2014-01-19 15:31:37
Running from C:\Users\Kelsey\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (Version:  - )
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Camera Access Library (Version: 8.0.0.21 - Canon) Hidden
Camera Support Core Library (Version: 7.3.0.4 - Canon) Hidden
Camera Window DS (Version: 5.3.1 - Canon) Hidden
Camera Window DVC (Version: 5.4.4 - Canon) Hidden
Camera Window DVC (Version: 6.0 - Canon) Hidden
Camera Window MC (Version: 6.0 - Canon) Hidden
Canon Camera Access Library (Version: 8.0.0.21 - Canon)
Canon Camera Support Core Library (Version: 7.3.0.4 - Canon)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.4 - Canon)
Canon Camera Window DSLR 5 for ZoomBrowser EX (Version: 5.3.1 - Canon)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.0 - Canon)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.1.0.20 - Canon)
Canon MX330 series MP Drivers (Version:  - )
Canon PhotoRecord (Version: 02.02.03002 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.2 - Canon)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.16 - Canon)
Canon ZoomBrowser EX (E) (Version: 5.05.0000 - Canon)
Cisco EAP-FAST Module (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.0.12 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (Version:  - )
Dell Best of Web (Version: 1.00.0000 - Dell)
Dell DataSafe Online (Version: 1.0.21 - Dell, Inc.)
Dell Dock (Version: 1.0.0 - Dell)
Dell Getting Started Guide (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (Version: 2.2.09085 - Dell)
Dell Touchpad (Version: 7.1.103.4 - Alps Electric)
Dell Webcam Center (Version:  - )
Dell Webcam Manager (Version:  - )
Dell Wireless WLAN Card (Version: 4.170.25.12 - Dell Inc.)
eLecta Live Virtual Room 8.0 (Version: 8.0 - ELECTA COMMUNICATIONS LTD)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 5.5.0.1133 (HKCU Version: 5.5.0.1133 - CitrixOnline)
HiJackThis (Version: 1.0.0 - Trend Micro)
iCloud (Version: 2.1.2.8 - Apple Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java™ 6 Update 5 (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Laptop Integrated Webcam Driver (1.04.01.1011)   (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
MovieEdit Task (Version: 2.1.0.20 - Canon) Hidden
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PhotoStitch (Version: 3.1.16 - Canon) Hidden
QuickSet (Version: 8.2.20 - Dell Inc.)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RAW Image Task 2.2 (Version: 2.2 - Canon) Hidden
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (Version: 7.0 - Trend Micro Inc.)
TWS Latest (937.1) (HKCU Version:  - Interactive Brokers)
TWS Latest (942.2) (HKCU Version:  - Interactive Brokers)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)

==================== Restore Points  =========================

11-12-2013 23:12:25 Scheduled Checkpoint
12-12-2013 08:00:20 Windows Update
17-12-2013 14:12:00 Windows Update
23-12-2013 21:38:52 Scheduled Checkpoint
24-12-2013 14:16:33 Scheduled Checkpoint
24-12-2013 14:19:15 Windows Update
26-12-2013 22:02:19 Scheduled Checkpoint
27-12-2013 13:45:22 Scheduled Checkpoint
31-12-2013 16:33:27 Windows Update
03-01-2014 19:54:07 Device Driver Package Install: Trend Micro Inc.
03-01-2014 19:55:52 Device Driver Package Install: Trend Micro Inc.
03-01-2014 19:57:07 Device Driver Package Install: Trend Micro Inc.
10-01-2014 14:17:13 Installed HiJackThis
16-01-2014 13:56:35 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0540D88D-4611-46EA-B3D2-C2A508142CE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-01] (Google Inc.)
Task: {0AE04910-45A6-4C86-8B1B-35BCF7EBD216} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0D16CF64-E9D0-48CE-95ED-4A90E48D6EDF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-01] (Google Inc.)
Task: {121B9120-4E2A-4BDD-AE77-8A5719D13ABC} - System32\Tasks\{EADE5918-457C-405E-97F4-0494D8722A3D} => C:\Program Files\Skype\Phone\Skype.exe
Task: {16BEE539-36E3-4397-AD88-0F338A4D8595} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4E8BD71E-54C8-49D5-89C1-32F5D3A649C6} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kelsey => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {536C1FA2-5F13-4246-B677-BE6D315CCB75} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2013-08-27] (Trend Micro Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {E11CE548-C5D3-432D-AF06-480BC61EC34B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2014 03:18:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2014 03:17:30 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/19/2014 03:11:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2014 08:49:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2014 08:48:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2014 08:48:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2014 08:56:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2014 05:00:30 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/13/2014 00:52:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2014 02:19:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/19/2014 03:18:29 PM) (Source: Service Control Manager) (User: )
Description: spldr
tmactmon
tmcomm
tmevtmgr
tmtdi
Wanarpv6

Error: (01/19/2014 03:18:29 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (01/19/2014 03:17:50 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (01/19/2014 03:17:37 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/19/2014 03:17:36 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/19/2014 03:17:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll21

Error: (01/19/2014 03:17:30 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/19/2014 03:17:22 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/19/2014 03:17:07 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:15:53 PM on 1/19/2014 was unexpected.

Error: (01/19/2014 03:11:56 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Microsoft Office Sessions:
=========================
Error: (01/19/2014 03:18:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2014 03:17:30 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/19/2014 03:11:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2014 08:49:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2014 08:48:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2014 08:48:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2014 08:56:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2014 05:00:30 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/13/2014 00:52:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2014 02:19:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-01-11 14:08:33.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-11 14:08:33.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-11 14:08:32.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-11 14:08:32.660
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-11 14:08:32.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-11 14:08:32.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-11 14:08:26.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-11 14:08:26.389
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-11 14:08:26.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-11 14:08:25.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 2037.31 MB
Available physical RAM: 747.21 MB
Total Pagefile: 4311.89 MB
Available Pagefile: 3232.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.22 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:99.48 GB) (Free:18.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.45 GB) NTFS
Drive e: (Untitled) (CDROM) (Total:0.18 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=99 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

Here is the frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 04
Ran by Kelsey (administrator) on KELSEY-PC on 19-01-2014 15:26:40
Running from C:\Users\Kelsey\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( )
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2008-03-04] (Creative Technology Ltd.)
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3444736 2008-05-19] (Dell Inc.)
HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [DellSupportCenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [DellSupportCenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKCU\...\Run: [MsnMsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [GameXN GO] - "C:\ProgramData\GameXN\GameXNGO.exe" /startup
MountPoints2: {9e044d10-6669-11dd-844d-001fe28c61bd} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\AppLaunch.exe AUTORUN=1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?ncid=customie9
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?ncid=customie9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080731
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-customie9-chromesbox-en-us&tb_uuid=20111106232144150&tb_oid=06-11-2011&tb_mrud=06-11-2011
SearchScopes: HKCU - {34B4A79A-49FA-496C-8151-E57F29B607EE} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-customie9-chromesbox-en-us&tb_uuid=20111106232144150&tb_oid=06-11-2011&tb_mrud=06-11-2011
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1

Chrome:
=======
CHR Extension: (Boroowsee2save) - C:\Users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneeknfbecocobdidnebjabhmieedjmn [2013-03-27]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx [2014-01-08]
CHR HKLM\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - C:\Program Files\Trend Micro\AMSP\module\20004\ChromeExt\chromeextension\TmNSCChromeExt.crx [2014-01-03]
CHR HKLM\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\chromeextension.crx [2014-01-03]

========================== Services (Whitelisted) =================

S2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-19] (Dell Inc.)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [x]
S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2007-10-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [28288 2009-12-02] ()
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [102904 2013-09-04] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [288840 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83352 2013-09-04] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 Nmea; system32\DRIVERS\pctnullport.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x]
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-19 15:26 - 2014-01-19 15:27 - 00012441 _____ C:\Users\Kelsey\Downloads\FRST.txt
2014-01-19 15:26 - 2014-01-19 15:26 - 01221120 _____ (Farbar) C:\Users\Kelsey\Downloads\FRST.exe
2014-01-19 15:26 - 2014-01-19 15:26 - 00000000 ____D C:\FRST
2014-01-19 15:24 - 2014-01-19 15:24 - 02076672 _____ (Farbar) C:\Users\Kelsey\Downloads\FRST64 (1).exe
2014-01-19 15:23 - 2014-01-19 15:23 - 02076672 _____ (Farbar) C:\Users\Kelsey\Downloads\FRST64.exe
2014-01-10 16:56 - 2014-01-10 16:56 - 00000868 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-10 16:56 - 2014-01-10 16:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-10 16:56 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-10 09:19 - 2014-01-10 16:39 - 00002485 _____ C:\Users\Kelsey\Desktop\HiJackThis.lnk
2014-01-10 09:19 - 2014-01-10 09:19 - 00000000 ____D C:\Users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-01-10 09:16 - 2014-01-10 09:16 - 01402880 _____ C:\Users\Kelsey\Downloads\HijackThis.msi
2014-01-03 14:59 - 2014-01-03 14:59 - 00001109 _____ C:\Users\Kelsey\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-01-03 14:59 - 2014-01-03 14:59 - 00000000 ____D C:\Users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-01-03 14:58 - 2014-01-03 14:58 - 00000000 ___HD C:\TMRescueDisk
2014-01-03 14:57 - 2013-06-13 01:35 - 00085280 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
2014-01-03 14:57 - 2013-05-22 10:37 - 00282272 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
2014-01-03 14:57 - 2012-05-02 14:27 - 00092304 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmtdi.sys
2014-01-03 14:54 - 2013-09-04 01:23 - 00102904 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2014-01-03 14:54 - 2013-09-04 01:20 - 00083352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
2014-01-03 14:54 - 2013-09-04 01:12 - 00288840 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-01-03 14:54 - 2013-07-01 08:08 - 00040736 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC32.sys
2014-01-03 14:51 - 2014-01-03 14:51 - 00000059 _____ C:\Windows\system32\SupportTool.exe.bat
2014-01-03 14:50 - 2014-01-06 09:10 - 00000000 ____D C:\ProgramData\Trend Micro
2014-01-03 14:48 - 2014-01-10 09:19 - 00000000 ____D C:\Program Files\Trend Micro
2014-01-03 14:46 - 2014-01-03 14:46 - 00000036 _____ C:\Users\Kelsey\AppData\Local\housecall.guid.cache
2014-01-03 14:44 - 2014-01-06 09:10 - 00000000 ____D C:\Users\Kelsey\AppData\Local\Trend Micro
2014-01-03 14:37 - 2014-01-03 14:41 - 85411408 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-01-03 14:36 - 2014-01-03 14:36 - 06631120 _____ (Trend Micro Inc.) C:\Users\Kelsey\Downloads\TrendMicro_TTi_7.0_TMAX_Downloader.exe
2014-01-03 09:54 - 2014-01-03 09:54 - 00000000 ____D C:\Users\Kelsey\AppData\Roaming\Malwarebytes
2014-01-03 09:53 - 2014-01-03 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-03 09:52 - 2014-01-03 09:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kelsey\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-01-03 09:50 - 2014-01-03 09:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kelsey\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-03 09:30 - 2014-01-03 09:30 - 00000000 ____D C:\Windows\Sun
2014-01-03 09:25 - 2014-01-03 09:25 - 00000000 __SHD C:\found.000
2014-01-03 09:02 - 2014-01-03 09:02 - 00028672 _____ C:\Windows\system32\bvie.jgp
2014-01-03 08:52 - 2014-01-19 15:12 - 00000085 _____ C:\Windows\system32\emmle.crg
2014-01-03 08:49 - 2014-01-03 09:02 - 00000095 _____ C:\Windows\system32\hsvzem.wyh
2014-01-03 08:49 - 2014-01-03 08:49 - 00000064 _____ C:\Windows\system32\mrsoe.liq
2014-01-02 09:35 - 2014-01-02 09:35 - 00101213 ____S C:\Windows\system32\bsnh.ddj
2013-12-26 09:12 - 2014-01-03 14:32 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-19 15:27 - 2014-01-19 15:26 - 00012441 _____ C:\Users\Kelsey\Downloads\FRST.txt
2014-01-19 15:26 - 2014-01-19 15:26 - 01221120 _____ (Farbar) C:\Users\Kelsey\Downloads\FRST.exe
2014-01-19 15:26 - 2014-01-19 15:26 - 00000000 ____D C:\FRST
2014-01-19 15:24 - 2014-01-19 15:24 - 02076672 _____ (Farbar) C:\Users\Kelsey\Downloads\FRST64 (1).exe
2014-01-19 15:23 - 2014-01-19 15:23 - 02076672 _____ (Farbar) C:\Users\Kelsey\Downloads\FRST64.exe
2014-01-19 15:12 - 2014-01-03 08:52 - 00000085 _____ C:\Windows\system32\emmle.crg
2014-01-19 15:11 - 2010-03-01 23:25 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 15:11 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 15:11 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 15:11 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 16:04 - 2006-11-02 08:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-17 16:03 - 2008-07-30 15:32 - 01822692 _____ C:\Windows\WindowsUpdate.log
2014-01-17 15:27 - 2010-03-01 23:25 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 15:08 - 2013-11-21 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-16 09:05 - 2013-07-19 02:08 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 08:59 - 2006-11-02 05:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-10 16:56 - 2014-01-10 16:56 - 00000868 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-10 16:56 - 2014-01-10 16:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-10 16:39 - 2014-01-10 09:19 - 00002485 _____ C:\Users\Kelsey\Desktop\HiJackThis.lnk
2014-01-10 09:19 - 2014-01-10 09:19 - 00000000 ____D C:\Users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-01-10 09:19 - 2014-01-03 14:48 - 00000000 ____D C:\Program Files\Trend Micro
2014-01-10 09:16 - 2014-01-10 09:16 - 01402880 _____ C:\Users\Kelsey\Downloads\HijackThis.msi
2014-01-06 09:10 - 2014-01-03 14:50 - 00000000 ____D C:\ProgramData\Trend Micro
2014-01-06 09:10 - 2014-01-03 14:44 - 00000000 ____D C:\Users\Kelsey\AppData\Local\Trend Micro
2014-01-03 14:59 - 2014-01-03 14:59 - 00001109 _____ C:\Users\Kelsey\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-01-03 14:59 - 2014-01-03 14:59 - 00000000 ____D C:\Users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-01-03 14:58 - 2014-01-03 14:58 - 00000000 ___HD C:\TMRescueDisk
2014-01-03 14:51 - 2014-01-03 14:51 - 00000059 _____ C:\Windows\system32\SupportTool.exe.bat
2014-01-03 14:51 - 2009-08-17 11:53 - 00000258 __RSH C:\ProgramData\ntuser.pol
2014-01-03 14:46 - 2014-01-03 14:46 - 00000036 _____ C:\Users\Kelsey\AppData\Local\housecall.guid.cache
2014-01-03 14:46 - 2008-01-20 21:47 - 00124158 _____ C:\Windows\PFRO.log
2014-01-03 14:41 - 2014-01-03 14:37 - 85411408 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-01-03 14:36 - 2014-01-03 14:36 - 06631120 _____ (Trend Micro Inc.) C:\Users\Kelsey\Downloads\TrendMicro_TTi_7.0_TMAX_Downloader.exe
2014-01-03 14:32 - 2013-12-26 09:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 14:19 - 2013-03-27 13:20 - 00000000 ____D C:\ProgramData\Boroowsee2save
2014-01-03 09:54 - 2014-01-03 09:54 - 00000000 ____D C:\Users\Kelsey\AppData\Roaming\Malwarebytes
2014-01-03 09:53 - 2014-01-03 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-03 09:52 - 2014-01-03 09:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kelsey\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-01-03 09:50 - 2014-01-03 09:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kelsey\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-03 09:30 - 2014-01-03 09:30 - 00000000 ____D C:\Windows\Sun
2014-01-03 09:25 - 2014-01-03 09:25 - 00000000 __SHD C:\found.000
2014-01-03 09:02 - 2014-01-03 09:02 - 00028672 _____ C:\Windows\system32\bvie.jgp
2014-01-03 09:02 - 2014-01-03 08:49 - 00000095 _____ C:\Windows\system32\hsvzem.wyh
2014-01-03 08:49 - 2014-01-03 08:49 - 00000064 _____ C:\Windows\system32\mrsoe.liq
2014-01-02 09:35 - 2014-01-02 09:35 - 00101213 ____S C:\Windows\system32\bsnh.ddj
2014-01-02 09:12 - 2006-11-02 05:33 - 00755906 _____ C:\Windows\system32\PerfStringBackup.INI

Files to move or delete:
====================
C:\Users\Kelsey\AppData\Roaming\desktop.ini

Some content of TEMP:
====================
C:\Users\Kelsey\AppData\Local\Temp\ezGameXN.dll
C:\Users\Kelsey\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Kelsey\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Kelsey\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Kelsey\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Kelsey\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Kelsey\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Kelsey\AppData\Local\Temp\GameXNGO.exe
C:\Users\Kelsey\AppData\Local\Temp\mv84D58.exe
C:\Users\Kelsey\AppData\Local\Temp\progupd.dll
C:\Users\Kelsey\AppData\Local\Temp\Refresh.exe
C:\Users\Kelsey\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Kelsey\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kelsey\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Kelsey\AppData\Local\Temp\_is39F5.exe
C:\Users\Kelsey\AppData\Local\Temp\_is7EF2.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-20 18:29] - [2009-04-11 01:28] - 0550912 ____A (Microsoft Corporation) FB443E1745296998270949163BFA8FD0

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-19 15:32

==================== End Of Log ============================



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 19 January 2014 - 03:48 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

2014-01-03 09:02 - 2014-01-03 09:02 - 00028672 _____ C:\Windows\system32\bvie.jgp
2014-01-03 08:52 - 2014-01-19 15:12 - 00000085 _____ C:\Windows\system32\emmle.crg
2014-01-03 08:49 - 2014-01-03 09:02 - 00000095 _____ C:\Windows\system32\hsvzem.wyh
2014-01-03 08:49 - 2014-01-03 08:49 - 00000064 _____ C:\Windows\system32\mrsoe.liq
2014-01-02 09:35 - 2014-01-02 09:35 - 00101213 ____S C:\Windows\system32\bsnh.ddj
C:\Users\Kelsey\AppData\Roaming\desktop.ini
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 joesta123

joesta123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 20 January 2014 - 11:04 AM

Here is the new log after doing your instructions.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2014 04
Ran by Kelsey at 2014-01-19 16:08:15 Run:1
Running from C:\Users\Kelsey\Downloads
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
2014-01-03 09:02 - 2014-01-03 09:02 - 00028672 _____ C:\Windows\system32\bvie.jgp
2014-01-03 08:52 - 2014-01-19 15:12 - 00000085 _____ C:\Windows\system32\emmle.crg
2014-01-03 08:49 - 2014-01-03 09:02 - 00000095 _____ C:\Windows\system32\hsvzem.wyh
2014-01-03 08:49 - 2014-01-03 08:49 - 00000064 _____ C:\Windows\system32\mrsoe.liq
2014-01-02 09:35 - 2014-01-02 09:35 - 00101213 ____S C:\Windows\system32\bsnh.ddj
C:\Users\Kelsey\AppData\Roaming\desktop.ini
*****************

C:\Windows\system32\bvie.jgp => Moved successfully.
C:\Windows\system32\emmle.crg => Moved successfully.
Could not move "C:\Windows\system32\hsvzem.wyh" => Scheduled to move on reboot.
C:\Windows\system32\mrsoe.liq => Moved successfully.
Could not move "C:\Windows\system32\bsnh.ddj" => Scheduled to move on reboot.
C:\Users\Kelsey\AppData\Roaming\desktop.ini => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 2014-01-20 10:59:25)<=

"C:\Windows\system32\hsvzem.wyh" => File could not move.
"C:\Windows\system32\bsnh.ddj" => File could not move.

==== End of Fixlog ====



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 20 January 2014 - 12:07 PM

Please do this next:

 

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 joesta123

joesta123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 20 January 2014 - 01:43 PM

Combofix Log

 

ComboFix 14-01-16.03 - Kelsey 01/20/2014  13:31:12.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.1566 [GMT -5:00]
Running from: c:\users\Kelsey\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneeknfbecocobdidnebjabhmieedjmn
c:\users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneeknfbecocobdidnebjabhmieedjmn\1\5153381c063575.65295131.js
c:\users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneeknfbecocobdidnebjabhmieedjmn\1\background.html
c:\users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneeknfbecocobdidnebjabhmieedjmn\1\content.js
c:\users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneeknfbecocobdidnebjabhmieedjmn\1\lsdb.js
c:\users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneeknfbecocobdidnebjabhmieedjmn\1\manifest.json
c:\users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneeknfbecocobdidnebjabhmieedjmn\1\sqlite.js
c:\users\Kelsey\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-20 to 2014-01-20  )))))))))))))))))))))))))))))))
.
.
2014-01-20 18:40 . 2014-01-20 18:40 -------- d-----w- c:\users\Kelsey\AppData\Local\temp
2014-01-20 18:40 . 2014-01-20 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-19 20:26 . 2014-01-20 15:59 -------- d-----w- C:\FRST
2014-01-17 21:01 . 2014-01-17 21:01 -------- d-----w- C:\eLectaTemp
2014-01-10 21:56 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-10 21:56 . 2014-01-10 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-10 14:19 . 2014-01-10 14:19 388096 ----a-r- c:\users\Kelsey\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-03 19:58 . 2014-01-03 19:58 -------- d-----w- C:\TMRescueDisk
2014-01-03 19:57 . 2013-06-13 06:35 85280 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2014-01-03 19:57 . 2013-05-22 15:37 282272 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2014-01-03 19:57 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2014-01-03 19:54 . 2013-09-04 06:20 83352 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2014-01-03 19:54 . 2013-09-04 06:23 102904 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2014-01-03 19:54 . 2013-09-04 06:12 288840 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-01-03 19:54 . 2013-07-01 13:08 40736 ----a-w- c:\windows\system32\drivers\TMEBC32.sys
2014-01-03 19:51 . 2014-01-03 19:51 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2014-01-03 19:50 . 2014-01-06 14:10 -------- d-----w- c:\programdata\Trend Micro
2014-01-03 19:48 . 2014-01-10 14:19 -------- d-----w- c:\program files\Trend Micro
2014-01-03 19:44 . 2014-01-06 14:10 -------- d-----w- c:\users\Kelsey\AppData\Local\Trend Micro
2014-01-03 19:37 . 2014-01-03 19:41 -------- d-----w- c:\programdata\Trend Micro Installer
2014-01-03 14:54 . 2014-01-03 14:54 -------- d-----w- c:\users\Kelsey\AppData\Roaming\Malwarebytes
2014-01-03 14:53 . 2014-01-03 14:53 -------- d-----w- c:\programdata\Malwarebytes
2014-01-03 14:30 . 2014-01-03 14:30 -------- d-----w- c:\windows\Sun
2014-01-03 14:25 . 2014-01-03 14:25 -------- d-----w- C:\found.000
2014-01-03 13:59 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA859EAE-48A3-4A87-BAB9-73AF4A996D92}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 20:08 . 2013-02-28 17:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 20:08 . 2013-02-28 17:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 08:33 . 2013-02-28 17:55 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50 . 2013-12-12 08:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42 . 2013-12-12 08:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42 . 2013-12-12 08:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38 . 2013-12-12 08:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38 . 2013-12-12 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35 . 2013-12-12 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12 . 2013-12-11 19:34 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43 . 2013-12-11 19:34 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43 . 2013-12-11 19:34 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35 . 2013-12-11 19:35 2050560 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . FB443E1745296998270949163BFA8FD0 . 550912 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll
[7] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[7] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[7] 2009-03-03 . 4DFCBDEF3CCAA98F99038DED78945253 . 551424 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[7] 2009-03-03 . 7B981222A257D076885BFFB66F19B7CE . 549888 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[7] 2009-03-03 . B1BB45E24717A7F790B4411C4446EF5E . 550400 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[7] 2008-01-21 . 33FB1F0193EE2051067441492D56113C . 547328 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-10-09 143792]
.
c:\users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 20:08]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 04:24]
.
2014-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?ncid=customie9
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 192.168.200.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-GameXN GO - c:\programdata\GameXN\GameXNGO.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-20 13:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2012)
c:\program files\Common Files\Apple\Internet Services\ShellStreams.dll
.
Completion time: 2014-01-20  13:42:42
ComboFix-quarantined-files.txt  2014-01-20 18:42
.
Pre-Run: 24,038,948,864 bytes free
Post-Run: 26,368,086,016 bytes free
.
- - End Of File - - AB437F648408686D21FE0030EA332777
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 20 January 2014 - 02:27 PM

Please do this next:

icon11.gif  Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above FCopy::

FCopy::[131]
c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll | c:\windows\System32\rpcss.dll
ClearJavaCache::

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 joesta123

joesta123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 20 January 2014 - 03:01 PM

ComboFix 14-01-16.03 - Kelsey 01/20/2014  14:55:33.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.1362 [GMT -5:00]
Running from: c:\users\Kelsey\Desktop\ComboFix.exe
Command switches used :: c:\users\Kelsey\Desktop\CFScript.txt
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll --> c:\windows\System32\rpcss.dll
.
(((((((((((((((((((((((((   Files Created from 2013-12-20 to 2014-01-20  )))))))))))))))))))))))))))))))
.
.
2014-01-20 19:58 . 2014-01-20 19:58 -------- d-----w- c:\users\Kelsey\AppData\Local\temp
2014-01-20 19:58 . 2014-01-20 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-19 20:26 . 2014-01-20 15:59 -------- d-----w- C:\FRST
2014-01-17 21:01 . 2014-01-17 21:01 -------- d-----w- C:\eLectaTemp
2014-01-10 21:56 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-10 21:56 . 2014-01-10 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-10 14:19 . 2014-01-10 14:19 388096 ----a-r- c:\users\Kelsey\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-03 19:58 . 2014-01-03 19:58 -------- d-----w- C:\TMRescueDisk
2014-01-03 19:57 . 2013-06-13 06:35 85280 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2014-01-03 19:57 . 2013-05-22 15:37 282272 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2014-01-03 19:57 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2014-01-03 19:54 . 2013-09-04 06:20 83352 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2014-01-03 19:54 . 2013-09-04 06:23 102904 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2014-01-03 19:54 . 2013-09-04 06:12 288840 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-01-03 19:54 . 2013-07-01 13:08 40736 ----a-w- c:\windows\system32\drivers\TMEBC32.sys
2014-01-03 19:51 . 2014-01-03 19:51 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2014-01-03 19:50 . 2014-01-06 14:10 -------- d-----w- c:\programdata\Trend Micro
2014-01-03 19:48 . 2014-01-10 14:19 -------- d-----w- c:\program files\Trend Micro
2014-01-03 19:44 . 2014-01-06 14:10 -------- d-----w- c:\users\Kelsey\AppData\Local\Trend Micro
2014-01-03 19:37 . 2014-01-03 19:41 -------- d-----w- c:\programdata\Trend Micro Installer
2014-01-03 14:54 . 2014-01-03 14:54 -------- d-----w- c:\users\Kelsey\AppData\Roaming\Malwarebytes
2014-01-03 14:53 . 2014-01-03 14:53 -------- d-----w- c:\programdata\Malwarebytes
2014-01-03 14:30 . 2014-01-03 14:30 -------- d-----w- c:\windows\Sun
2014-01-03 14:25 . 2014-01-03 14:25 -------- d-----w- C:\found.000
2014-01-03 13:59 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA859EAE-48A3-4A87-BAB9-73AF4A996D92}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 20:08 . 2013-02-28 17:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 20:08 . 2013-02-28 17:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 08:33 . 2013-02-28 17:55 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50 . 2013-12-12 08:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42 . 2013-12-12 08:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42 . 2013-12-12 08:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38 . 2013-12-12 08:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38 . 2013-12-12 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35 . 2013-12-12 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12 . 2013-12-11 19:34 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43 . 2013-12-11 19:34 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43 . 2013-12-11 19:34 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35 . 2013-12-11 19:35 2050560 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-10-09 143792]
.
c:\users\Kelsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 20:08]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 04:24]
.
2014-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?ncid=customie9
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 192.168.200.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-20 14:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-01-20  14:59:54
ComboFix-quarantined-files.txt  2014-01-20 19:59
ComboFix2.txt  2014-01-20 18:42
.
Pre-Run: 26,380,857,344 bytes free
Post-Run: 26,400,370,688 bytes free
.
- - End Of File - - A1073855CE823BD21FBE6992BC102117
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 20 January 2014 - 04:57 PM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 joesta123

joesta123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 21 January 2014 - 12:07 PM

Here is the MBAM log.  When I run AdwClean it seems to stop and says "Pending, please uncheck elements you don't want to remove.  The problem is I see there is nothing listed for me to uncheck.  Perhaps I am doing something wrong?

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.21.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Kelsey :: KELSEY-PC [administrator]

Protection: Disabled

1/21/2014 10:28:32 AM
mbam-log-2014-01-21 (10-28-32).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 389325
Time elapsed: 1 hour(s), 13 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users