Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads, greatarcadehits, rundll. AdwCleaner scan results posted


  • This topic is locked This topic is locked
37 replies to this topic

#1 numbernine

numbernine

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kern County Mtns.
  • Local time:01:18 PM

Posted 20 January 2014 - 02:55 AM

really need some help here.  ads everywhere, powered by great arcade hits, 

when i shut down, show me a RUNDLL is running somewhere. 

keep getting a microsoft security client, scanned with microsoft security essentials results no threats

ran adw today three times, not sure why or what it did, this is the copied results of that.

what does all this mean? Thanks i think this is the one

 

# AdwCleaner v3.011 - Report created 05/11/2013 at 22:57:10
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - LAPTOP
# Running from : C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZKLKRQUI\AdwCleaner[1].exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\END
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma
Folder Found C:\DOCUME~1\User\LOCALS~1\Temp\apn
Folder Found C:\Documents and Settings\All Users\Application Data\apn
Folder Found C:\Documents and Settings\All Users\Application Data\Conduit
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\visualbeeexe
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Conduit
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Google\Chrome\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\visualbee
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287810
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\oiffmnkajgkhjjchngmajlomfdhfjdma
Key Found : HKLM\Software\InstalledThirdPartyPrograms
Key Found : HKLM\Software\visualbee
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3485 octets] - [05/11/2013 22:57:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3545 octets] ##########
 


BC AdBot (Login to Remove)

 


#2 numbernine

numbernine
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kern County Mtns.
  • Local time:01:18 PM

Posted 20 January 2014 - 03:34 AM

this is the DDS report, i hope this is right

 DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by User at 0:19:08 on 2014-01-20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.970 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre7\bin\jqs.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TBHostSupport] "c:\windows\system32\rundll32.exe" "c:\documents and settings\user\local settings\application data\tbhostsupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368552022703
TCP: NameServer = 184.63.128.68 184.63.128.69 192.168.1.1
TCP: Interfaces\{3A7C30BC-B1D3-46DB-A6B5-8B96E3818373} : DHCPNameServer = 184.63.128.68 184.63.128.69 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\stk02nw2.sys --> c:\windows\system32\drivers\STK02NW2.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-01-18 22:26:13 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03bc70cc-ba6c-4b11-87ea-c4953afdf824}\mpengine.dll
2014-01-18 04:46:56 275696 ----a-w- c:\windows\system32\mucltui.dll
2014-01-18 04:46:56 214256 ----a-w- c:\windows\system32\muweb.dll
2014-01-18 04:46:56 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2014-01-17 19:46:28 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-17 19:46:14 230048 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 19:42:19 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M  ====================
.
2013-12-11 20:00:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 20:00:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
.
============= FINISH:  0:19:53.90 ===============


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:18 PM

Posted 20 January 2014 - 03:16 PM

Greetings and  :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know. I am in training and an instructor will need to check my fixes so a little delay may happen at times.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now   :thumbup2:

 

--------------

 

Hi numbernine,

 

I will be handling your log to help you get cleaned up. Please give me some time to look it over, and I will get back to you as soon as possible. 

 

Also, DDS should have created a log named Attach.txt, and this should be located on the desktop. Please paste the contents of the log into your next reply. If you cannot find this then please re-run DDS and make sure the box for creating Attach.txt is selected.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 numbernine

numbernine
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kern County Mtns.
  • Local time:01:18 PM

Posted 20 January 2014 - 06:37 PM

Thanks for the help, be easy on me i'm just a cowboy in a e world. 

heres  the attach.  

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/24/2013 7:48:51 AM
System Uptime: 1/19/2014 1:19:55 PM (11 hours ago)
.
Motherboard: Dell Inc. |  | 0TD761
Processor: Genuine Intel® CPU           T2300  @ 1.66GHz | Microprocessor | 1664/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 60.751 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP156: 10/22/2013 11:24:46 AM - System Checkpoint
RP157: 10/23/2013 12:14:08 PM - System Checkpoint
RP158: 10/24/2013 12:24:46 PM - System Checkpoint
RP159: 10/25/2013 12:47:33 PM - System Checkpoint
RP160: 10/25/2013 11:35:39 PM - Installed Java 7 Update 45
RP161: 10/26/2013 11:47:33 PM - System Checkpoint
RP162: 10/28/2013 6:23:20 AM - System Checkpoint
RP163: 10/29/2013 10:26:58 AM - System Checkpoint
RP164: 10/30/2013 12:35:03 PM - System Checkpoint
RP165: 10/30/2013 11:25:22 PM - Installed STK02N 2.3
RP166: 10/31/2013 7:52:28 AM - Removed STK02N 2.3
RP167: 10/31/2013 7:52:57 AM - Installed STK02N 2.3
RP168: 11/1/2013 7:55:03 AM - System Checkpoint
RP169: 11/2/2013 11:16:57 AM - System Checkpoint
RP170: 11/3/2013 10:45:26 AM - System Checkpoint
RP171: 11/4/2013 11:45:26 AM - System Checkpoint
RP172: 11/5/2013 4:38:43 AM - Removed STK02N 2.3
RP173: 11/5/2013 6:24:07 AM - Removed Ask Toolbar
RP174: 11/6/2013 8:12:09 AM - System Checkpoint
RP175: 11/7/2013 8:36:10 AM - System Checkpoint
RP176: 11/8/2013 9:50:44 AM - System Checkpoint
RP177: 11/9/2013 10:01:49 AM - System Checkpoint
RP178: 11/10/2013 10:28:21 AM - System Checkpoint
RP179: 11/11/2013 10:49:14 AM - System Checkpoint
RP180: 11/12/2013 10:49:48 PM - System Checkpoint
RP181: 11/13/2013 12:05:27 AM - Software Distribution Service 3.0
RP182: 11/14/2013 12:22:27 AM - System Checkpoint
RP183: 11/15/2013 12:27:53 AM - System Checkpoint
RP184: 11/16/2013 1:29:20 AM - System Checkpoint
RP185: 11/17/2013 1:50:46 AM - System Checkpoint
RP186: 11/18/2013 2:10:05 AM - System Checkpoint
RP187: 11/19/2013 2:41:50 AM - System Checkpoint
RP188: 11/20/2013 2:46:59 AM - System Checkpoint
RP189: 11/21/2013 3:46:59 AM - System Checkpoint
RP190: 11/22/2013 4:46:59 AM - System Checkpoint
RP191: 11/23/2013 4:59:29 AM - System Checkpoint
RP192: 11/24/2013 6:57:23 AM - System Checkpoint
RP193: 11/25/2013 7:46:59 AM - System Checkpoint
RP194: 11/26/2013 8:04:32 AM - System Checkpoint
RP195: 11/27/2013 8:51:26 AM - System Checkpoint
RP196: 11/28/2013 9:47:29 AM - System Checkpoint
RP197: 11/29/2013 10:19:26 AM - System Checkpoint
RP198: 11/30/2013 11:19:25 AM - System Checkpoint
RP199: 12/1/2013 12:28:28 PM - System Checkpoint
RP200: 12/2/2013 2:04:46 PM - System Checkpoint
RP201: 12/3/2013 2:22:02 PM - System Checkpoint
RP202: 12/4/2013 5:21:36 PM - System Checkpoint
RP203: 12/6/2013 6:04:08 AM - System Checkpoint
RP204: 12/7/2013 7:53:55 AM - System Checkpoint
RP205: 12/8/2013 8:20:16 AM - System Checkpoint
RP206: 12/9/2013 8:51:28 AM - System Checkpoint
RP207: 12/10/2013 10:05:10 AM - System Checkpoint
RP208: 12/11/2013 10:50:22 AM - System Checkpoint
RP209: 12/12/2013 10:51:35 AM - System Checkpoint
RP210: 12/13/2013 11:51:30 AM - System Checkpoint
RP211: 12/14/2013 12:50:30 PM - System Checkpoint
RP212: 12/15/2013 1:50:30 PM - System Checkpoint
RP213: 12/16/2013 2:50:30 PM - System Checkpoint
RP214: 12/17/2013 3:00:15 AM - Software Distribution Service 3.0
RP215: 12/18/2013 3:38:49 AM - System Checkpoint
RP216: 12/19/2013 3:39:07 AM - System Checkpoint
RP217: 12/20/2013 4:39:07 AM - System Checkpoint
RP218: 12/21/2013 7:37:24 AM - System Checkpoint
RP219: 12/22/2013 8:08:53 AM - System Checkpoint
RP220: 12/23/2013 8:15:50 AM - System Checkpoint
RP221: 12/24/2013 9:36:04 AM - System Checkpoint
RP222: 12/25/2013 10:42:13 AM - System Checkpoint
RP223: 12/26/2013 12:09:06 PM - System Checkpoint
RP224: 12/27/2013 12:44:04 PM - System Checkpoint
RP225: 12/28/2013 1:30:47 PM - System Checkpoint
RP226: 12/29/2013 5:26:10 PM - System Checkpoint
RP227: 12/30/2013 6:20:38 PM - System Checkpoint
RP228: 12/31/2013 11:23:06 PM - System Checkpoint
RP229: 1/2/2014 12:16:44 AM - System Checkpoint
RP230: 1/3/2014 1:16:44 AM - System Checkpoint
RP231: 1/4/2014 1:44:41 AM - System Checkpoint
RP232: 1/5/2014 1:56:49 AM - System Checkpoint
RP233: 1/6/2014 2:56:49 AM - System Checkpoint
RP234: 1/7/2014 3:56:49 AM - System Checkpoint
RP235: 1/8/2014 4:56:49 AM - System Checkpoint
RP236: 1/9/2014 5:56:49 AM - System Checkpoint
RP237: 1/10/2014 7:54:56 AM - System Checkpoint
RP238: 1/11/2014 8:13:14 AM - System Checkpoint
RP239: 1/12/2014 8:24:18 AM - System Checkpoint
RP240: 1/13/2014 9:05:05 AM - System Checkpoint
RP241: 1/14/2014 9:39:42 AM - System Checkpoint
RP242: 1/15/2014 10:39:42 AM - System Checkpoint
RP243: 1/16/2014 10:53:31 AM - System Checkpoint
RP244: 1/17/2014 10:44:24 AM - Software Distribution Service 3.0
RP245: 1/17/2014 11:46:13 AM - Software Distribution Service 3.0
RP246: 1/18/2014 1:27:08 PM - System Checkpoint
RP247: 1/18/2014 2:26:10 PM - Software Distribution Service 3.0
RP248: 1/19/2014 3:24:19 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.9)
ALPS Touch Pad Driver
Broadcom Gigabit Integrated Controller
Digital Line Detect
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
Java 7 Update 45
Java Auto Updater
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
NVIDIA Drivers
OZ776 SCR Driver V1.1.4.202
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
.
==== Event Viewer Messages From Past Week ========
.
1/17/2014 11:30:06 AM, error: DCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}  to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
1/17/2014 11:29:57 AM, error: Service Control Manager [7001]  - The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:18 PM

Posted 21 January 2014 - 11:59 AM

Hi numbernine,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. Please make sure to download and run the 32 bit version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 

--------------

 

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~

 


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 numbernine

numbernine
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kern County Mtns.
  • Local time:01:18 PM

Posted 21 January 2014 - 02:25 PM

Toffee, thanks kid, 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014
Ran by User (administrator) on LAPTOP on 21-01-2014 11:18:24
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [13537280 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] - C:\WINDOWS\system32\nvHotkey.dll [90112 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [86016 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-29] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [TBHostSupport] - "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\User\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
MountPoints2: {c5d512aa-82a9-11e3-a7e0-00164190cc89} - E:\iLinker.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA453B31A2F45CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {D6032CA2-3C54-4628-8665-F74F7B917149} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287810&CUI=UN19987267581878423&UM=2
SearchScopes: HKCU - {1B9F47CF-7B14-4837-9743-393CAF2D340A} URL = http://search.aol.com/aol/search?invocationType=searchbox.webhome&query={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 184.63.128.68 184.63.128.69 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.ebay.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-02]
CHR Extension: (__MSG_buttonTitle__) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\clikkblliffbbkffahjehcdeknmedelg [2013-07-22]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-02]
CHR Extension: (RealDownloader) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (GreatArcadeHits) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2014-01-18]
CHR Extension: (Outlook.com) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-09-30]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-02]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
========================== Services (Whitelisted) =================
 
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel® Corporation)
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-13] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-13] (Microsoft Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S0 cerc6; No ImagePath
S3 DCamUSBSTK02N; system32\DRIVERS\STK02NW2.sys [x]
S4 IntelIde; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-21 11:18 - 2014-01-21 11:18 - 00014432 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2014-01-21 11:15 - 2014-01-21 11:15 - 00000000 ____D C:\FRST
2014-01-21 11:14 - 2014-01-21 11:14 - 01222144 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-01-20 00:19 - 2014-01-20 00:27 - 00018257 _____ C:\Documents and Settings\User\Desktop\attach.txt
2014-01-20 00:19 - 2014-01-20 00:23 - 00008994 _____ C:\Documents and Settings\User\Desktop\dds.txt
2014-01-20 00:17 - 2014-01-20 00:17 - 00688992 ____R (Swearware) C:\Documents and Settings\User\Desktop\dds.com
2014-01-19 11:38 - 2014-01-19 11:39 - 01236282 _____ C:\Documents and Settings\User\Desktop\adwcleaner (2).exe
2014-01-17 23:06 - 2014-01-17 23:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-01-17 20:46 - 2012-06-02 15:18 - 00275696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll
2014-01-17 20:46 - 2012-06-02 15:18 - 00214256 _____ (Microsoft Corporation) C:\WINDOWS\system32\muweb.dll
2014-01-17 20:46 - 2012-06-02 15:18 - 00017136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll.mui
2014-01-17 11:52 - 2014-01-21 03:30 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-01-17 11:46 - 2014-01-18 23:32 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-17 11:43 - 2014-01-17 11:43 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2014-01-17 11:42 - 2014-01-17 11:42 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-01-17 11:42 - 2014-01-17 11:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-17 10:45 - 2014-01-17 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-17 10:44 - 2014-01-17 10:45 - 00004323 _____ C:\WINDOWS\KB2914368.log
 
==================== One Month Modified Files and Folders =======
 
2014-01-21 11:18 - 2014-01-21 11:18 - 00014432 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2014-01-21 11:17 - 2013-11-12 23:55 - 03973146 _____ C:\WINDOWS\pfirewall.log
2014-01-21 11:15 - 2014-01-21 11:15 - 00000000 ____D C:\FRST
2014-01-21 11:14 - 2014-01-21 11:14 - 01222144 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-01-21 10:38 - 2013-05-16 04:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-21 10:33 - 2013-05-02 02:08 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 09:33 - 2013-05-02 02:08 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 06:44 - 2012-04-17 00:21 - 00003640 _____ C:\WINDOWS\wiadebug.log
2014-01-21 06:44 - 2012-04-17 00:21 - 00000046 _____ C:\WINDOWS\wiaservc.log
2014-01-21 06:39 - 2012-04-17 00:18 - 00734057 _____ C:\WINDOWS\setupapi.log
2014-01-21 03:33 - 2012-04-17 05:27 - 01560707 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-21 03:30 - 2014-01-17 11:52 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-01-21 03:25 - 2012-04-17 00:19 - 00602158 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-21 03:21 - 2013-09-29 10:33 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2962148673-1486544706-282409267-1006.job
2014-01-21 03:20 - 2012-04-17 05:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-21 03:20 - 2008-04-13 23:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-21 00:00 - 2013-04-24 07:58 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini
2014-01-21 00:00 - 2012-04-17 05:34 - 00032518 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-20 22:29 - 2012-04-17 05:24 - 00000000 ____D C:\WINDOWS\Registration
2014-01-20 00:27 - 2014-01-20 00:19 - 00018257 _____ C:\Documents and Settings\User\Desktop\attach.txt
2014-01-20 00:23 - 2014-01-20 00:19 - 00008994 _____ C:\Documents and Settings\User\Desktop\dds.txt
2014-01-20 00:17 - 2014-01-20 00:17 - 00688992 ____R (Swearware) C:\Documents and Settings\User\Desktop\dds.com
2014-01-19 11:50 - 2013-11-05 22:55 - 00000000 ____D C:\AdwCleaner
2014-01-19 11:49 - 2013-11-12 23:55 - 04085897 _____ C:\WINDOWS\pfirewall.log.old
2014-01-19 11:39 - 2014-01-19 11:38 - 01236282 _____ C:\Documents and Settings\User\Desktop\adwcleaner (2).exe
2014-01-18 23:32 - 2014-01-17 11:46 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-18 15:50 - 2013-06-03 05:05 - 00033792 _____ C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-18 11:33 - 2012-04-17 00:19 - 01984671 _____ C:\WINDOWS\iis6.log
2014-01-18 11:33 - 2012-04-17 00:19 - 01418642 _____ C:\WINDOWS\FaxSetup.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00800083 _____ C:\WINDOWS\ocgen.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00697068 _____ C:\WINDOWS\tsoc.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00496572 _____ C:\WINDOWS\comsetup.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00313276 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00253673 _____ C:\WINDOWS\netfxocm.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00104747 _____ C:\WINDOWS\MedCtrOC.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00082230 _____ C:\WINDOWS\ocmsn.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00075534 _____ C:\WINDOWS\msgsocm.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00069403 _____ C:\WINDOWS\tabletoc.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00001917 _____ C:\WINDOWS\imsins.log
2014-01-18 11:31 - 2012-04-17 00:19 - 00516542 _____ C:\WINDOWS\msmqinst.log
2014-01-17 23:06 - 2014-01-17 23:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-01-17 11:43 - 2014-01-17 11:43 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2014-01-17 11:42 - 2014-01-17 11:42 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-01-17 11:42 - 2014-01-17 11:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-17 11:34 - 2013-07-17 05:17 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-01-17 11:33 - 2013-07-17 05:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-17 10:47 - 2013-07-23 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-17 10:45 - 2014-01-17 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-17 10:45 - 2014-01-17 10:44 - 00004323 _____ C:\WINDOWS\KB2914368.log
2014-01-17 10:45 - 2012-04-17 07:19 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-17 10:45 - 2012-04-17 00:19 - 00001374 _____ C:\WINDOWS\imsins.BAK
2014-01-15 17:38 - 2013-05-02 02:12 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-12 06:08 - 2012-04-17 00:17 - 00177272 _____ C:\WINDOWS\setupact.log
2014-01-08 19:11 - 2013-09-29 10:33 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2962148673-1486544706-282409267-1006.job
2013-12-23 01:11 - 2013-11-21 13:03 - 00000000 ____D C:\Documents and Settings\User\Desktop\ERO Fundraiser Flyer
 
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 
and the other report 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-01-2014
Ran by User at 2014-01-21 11:19:21
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (Version:  - )
Broadcom Gigabit Integrated Controller (Version: 8.22.11 - Broadcom Corporation)
Digital Line Detect (Version: 1.15 - BVRP Software, Inc)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Graphics Media Accelerator Driver (Version:  - )
Intel® PROSet/Wireless WiFi Software (Version: 12.04.4000 - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
NVIDIA Drivers (Version:  - )
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202 - O2Micro)
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202 - O2Micro) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SigmaTel Audio (Version: 5.10.5210.0 - SigmaTel)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (Version:  - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
23-10-2013 19:14:08 System Checkpoint
24-10-2013 19:24:46 System Checkpoint
25-10-2013 19:47:33 System Checkpoint
26-10-2013 06:35:39 Installed Java 7 Update 45
27-10-2013 06:47:33 System Checkpoint
28-10-2013 13:23:20 System Checkpoint
29-10-2013 17:26:58 System Checkpoint
30-10-2013 19:35:03 System Checkpoint
31-10-2013 06:25:22 Installed STK02N 2.3
31-10-2013 14:52:28 Removed STK02N 2.3
31-10-2013 14:52:57 Installed STK02N 2.3
01-11-2013 14:55:03 System Checkpoint
02-11-2013 18:16:57 System Checkpoint
03-11-2013 18:45:26 System Checkpoint
04-11-2013 19:45:26 System Checkpoint
05-11-2013 12:38:43 Removed STK02N 2.3
05-11-2013 14:24:07 Removed Ask Toolbar
06-11-2013 16:12:09 System Checkpoint
07-11-2013 16:36:10 System Checkpoint
08-11-2013 17:50:44 System Checkpoint
09-11-2013 18:01:49 System Checkpoint
10-11-2013 18:28:21 System Checkpoint
11-11-2013 18:49:14 System Checkpoint
13-11-2013 06:49:48 System Checkpoint
13-11-2013 08:05:27 Software Distribution Service 3.0
14-11-2013 08:22:27 System Checkpoint
15-11-2013 08:27:53 System Checkpoint
16-11-2013 09:29:20 System Checkpoint
17-11-2013 09:50:46 System Checkpoint
18-11-2013 10:10:05 System Checkpoint
19-11-2013 10:41:50 System Checkpoint
20-11-2013 10:46:59 System Checkpoint
21-11-2013 11:46:59 System Checkpoint
22-11-2013 12:46:59 System Checkpoint
23-11-2013 12:59:29 System Checkpoint
24-11-2013 14:57:23 System Checkpoint
25-11-2013 15:46:59 System Checkpoint
26-11-2013 16:04:32 System Checkpoint
27-11-2013 16:51:26 System Checkpoint
28-11-2013 17:47:29 System Checkpoint
29-11-2013 18:19:26 System Checkpoint
30-11-2013 19:19:25 System Checkpoint
01-12-2013 20:28:28 System Checkpoint
02-12-2013 22:04:46 System Checkpoint
03-12-2013 22:22:02 System Checkpoint
05-12-2013 01:21:36 System Checkpoint
06-12-2013 14:04:08 System Checkpoint
07-12-2013 15:53:55 System Checkpoint
08-12-2013 16:20:16 System Checkpoint
09-12-2013 16:51:28 System Checkpoint
10-12-2013 18:05:10 System Checkpoint
11-12-2013 18:50:22 System Checkpoint
12-12-2013 18:51:35 System Checkpoint
13-12-2013 19:51:30 System Checkpoint
14-12-2013 20:50:30 System Checkpoint
15-12-2013 21:50:30 System Checkpoint
16-12-2013 22:50:30 System Checkpoint
17-12-2013 11:00:15 Software Distribution Service 3.0
18-12-2013 11:38:49 System Checkpoint
19-12-2013 11:39:07 System Checkpoint
20-12-2013 12:39:07 System Checkpoint
21-12-2013 15:37:24 System Checkpoint
22-12-2013 16:08:53 System Checkpoint
23-12-2013 16:15:50 System Checkpoint
24-12-2013 17:36:04 System Checkpoint
25-12-2013 18:42:13 System Checkpoint
26-12-2013 20:09:06 System Checkpoint
27-12-2013 20:44:04 System Checkpoint
28-12-2013 21:30:47 System Checkpoint
30-12-2013 01:26:10 System Checkpoint
31-12-2013 02:20:38 System Checkpoint
01-01-2014 07:23:06 System Checkpoint
02-01-2014 08:16:44 System Checkpoint
03-01-2014 09:16:44 System Checkpoint
04-01-2014 09:44:41 System Checkpoint
05-01-2014 09:56:49 System Checkpoint
06-01-2014 10:56:49 System Checkpoint
07-01-2014 11:56:49 System Checkpoint
08-01-2014 12:56:49 System Checkpoint
09-01-2014 13:56:49 System Checkpoint
10-01-2014 15:54:56 System Checkpoint
11-01-2014 16:13:14 System Checkpoint
12-01-2014 16:24:18 System Checkpoint
13-01-2014 17:05:05 System Checkpoint
14-01-2014 17:39:42 System Checkpoint
15-01-2014 18:39:42 System Checkpoint
16-01-2014 18:53:31 System Checkpoint
17-01-2014 18:44:24 Software Distribution Service 3.0
17-01-2014 19:46:13 Software Distribution Service 3.0
18-01-2014 21:27:08 System Checkpoint
18-01-2014 22:26:10 Software Distribution Service 3.0
19-01-2014 23:24:19 System Checkpoint
20-01-2014 13:54:43 Software Distribution Service 3.0
21-01-2014 17:55:26 System Checkpoint
 
==================== Hosts content: ==========================
 
2008-04-13 23:00 - 2008-04-13 23:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2962148673-1486544706-282409267-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2962148673-1486544706-282409267-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-11-03 11:35 - 2009-11-03 11:35 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2008-04-13 23:00 - 2008-04-13 23:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-13 23:00 - 2008-04-13 23:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-01-15 17:38 - 2014-01-11 02:29 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-15 17:38 - 2014-01-11 02:29 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-15 17:38 - 2014-01-11 02:28 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2014-01-15 17:38 - 2014-01-11 02:29 - 13615896 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:14FFC1B9
AlternateDataStreams: C:\Documents and Settings\User\Desktop\Fundraiser-Contribution Letter:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\User\Desktop\Fundraiser-Contribution Letter:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/17/2014 11:06:05 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.10201.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (01/17/2014 11:42:39 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (12/27/2013 07:56:30 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/27/2013 07:55:39 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.
 
Error: (12/27/2013 07:55:30 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/22/2013 02:54:38 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/14/2013 10:24:51 AM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 31.0.1650.48, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/13/2013 03:42:42 AM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 30.0.1599.101, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/13/2013 00:03:52 AM) (Source: Application Hang) (User: )
Description: Hanging application iFrmewrk.exe, version 12.4.4.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/05/2013 04:58:19 AM) (Source: Application Hang) (User: )
Description: Hanging application Au_.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (01/21/2014 03:21:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/21/2014 03:21:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/21/2014 03:21:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/21/2014 03:20:49 AM) (Source: Service Control Manager) (User: )
Description: The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error: 
%%1058
 
Error: (01/20/2014 10:24:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/20/2014 10:24:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/20/2014 10:24:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/20/2014 10:23:52 PM) (Source: Service Control Manager) (User: )
Description: The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error: 
%%1058
 
Error: (01/20/2014 05:43:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/20/2014 05:43:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
 
Microsoft Office Sessions:
=========================
Error: (01/17/2014 11:06:05 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.4.304.0timeout1.1.10201.0fixed2 _ 20485 _ not bootNILNILNIL
 
Error: (01/17/2014 11:42:39 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (12/27/2013 07:56:30 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (12/27/2013 07:55:39 PM) (Source: Application Hang)(User: )
Description: 1180947459
 
Error: (12/27/2013 07:55:30 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (12/22/2013 02:54:38 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (11/14/2013 10:24:51 AM) (Source: Application Hang)(User: )
Description: chrome.exe31.0.1650.48hungapp0.0.0.000000000
 
Error: (11/13/2013 03:42:42 AM) (Source: Application Hang)(User: )
Description: chrome.exe30.0.1599.101hungapp0.0.0.000000000
 
Error: (11/13/2013 00:03:52 AM) (Source: Application Hang)(User: )
Description: iFrmewrk.exe12.4.4.1hungapp0.0.0.000000000
 
Error: (11/05/2013 04:58:19 AM) (Source: Application Hang)(User: )
Description: Au_.exe0.0.0.0hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 46%
Total physical RAM: 2038.05 MB
Available physical RAM: 1097.33 MB
Total Pagefile: 3931 MB
Available Pagefile: 2970.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.48 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.53 GB) (Free:60.67 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: D2F0D2F0)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:18 PM

Posted 22 January 2014 - 12:20 PM

Hi numbernine,
 
Uninstalling an extension in chrome:
  1. Click the Chrome menu on the browser toolbar.
  2. Click Tools.
  3. Select Extensions.
  4. Click the recycle bin icon by GreatArcadeHits to completely remove it.
  5. A confirmation dialogue appears, click Remove.
 
--------------
 
We need to run a fix with FRST:
  • Press ctrl + R and type notepad into the run box which appears. Press enter.
  • Copy and paste the script below in the notepad document:​
HKCU\...\Run: [TBHostSupport] - "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\User\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
SearchScopes: HKCU - DefaultScope {D6032CA2-3C54-4628-8665-F74F7B917149} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287810&CUI=UN19987267581878423&UM=2
SearchScopes: HKCU - {D6032CA2-3C54-4628-8665-F74F7B917149} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287810&CUI=UN19987267581878423&UM=2
SearchScopes: HKLM - DefaultScope value is missing.
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:14FFC1B9

Note: If you have changed your user account name for any reason, please make sure you change it back in the script. Otherwise some of the lines will not be able to be fixed by FRST.

  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

 

--------------

 

How is your computer running now? Any popups or rundll errors?

 

--------------

 

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • How your computer is running

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 numbernine

numbernine
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kern County Mtns.
  • Local time:01:18 PM

Posted 22 January 2014 - 02:41 PM

Hi T, where do i run the FRST from? another tab or ??  press Ctrl and then R where

 

so far i have typed and clicked so many different places that i should have a whole new set of problems.

what am i doing wrong. 

 

the uninstall went good, i think.  

 

Then i have to run a "Fix" with "FRST".  i missed something, what is a frst and where do i get one to run?

 

now i get the "bleeping" part of this computer, been bleeping since i read your post. 

 

i'll be back, gone hunting a frst for me. 


Edited by numbernine, 22 January 2014 - 04:07 PM.


#9 numbernine

numbernine
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kern County Mtns.
  • Local time:01:18 PM

Posted 22 January 2014 - 04:25 PM

have a clue as what to do, this dumb------  can't seem to figure it out. tired of trying things. 



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:18 PM

Posted 22 January 2014 - 04:38 PM

Hi numbernine,

Follow the steps one by one. First of all, these steps will help you create the script for FRST to run. Then they will help tell you how to run FRST and the script.
The Ctrl + R bit is to create the script, and you will run FRST from your desktop (you should have an icon there named FRST) after creating the script.

Note: FRST stands for Farbar Recovery Scan Tool.

Feel free to take your time on this and go through it slowly. I know this can be confusing, but please stick with me on this :) This is probably my fault for not being clear, my sincere apologies for this.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 numbernine

numbernine
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kern County Mtns.
  • Local time:01:18 PM

Posted 22 January 2014 - 07:44 PM

ok, i never typed the ctrl thing, what i did was open frst and i get a search window. tried to tye that and hit fix but nothing. then just now, i opened from desk top frst, in the search window i pasted the script that i copied into the search, then i hit fix. does any of this sound right.   heres what i ended up with Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-01-2014 02

Ran by User at 2014-01-22 16:34:28 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
R notepad
HKCU\...\Run: [TBHostSupport] - "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\User\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
SearchScopes: HKCU - DefaultScope {D6032CA2-3C54-4628-8665-F74F7B917149} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287810&CUI=UN19987267581878423&UM=2
SearchScopes: HKLM - DefaultScope value is missing.
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:14FFC1B9
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D6032CA2-3C54-4628-8665-F74F7B917149} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D6032CA2-3C54-4628-8665-F74F7B917149} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":14FFC1B9" ADS removed successfully.
 
==== End of Fixlog ====


#12 numbernine

numbernine
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kern County Mtns.
  • Local time:01:18 PM

Posted 22 January 2014 - 07:50 PM

computer is so much faster and them no good ads are gone, thank you.see anymore problems other than me? i'm sorry i have to step out, 2 horses just arrived that we rescued from a abuse. once i get them settled, i'll get back on. seems fast. Thanks Al



#13 numbernine

numbernine
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kern County Mtns.
  • Local time:01:18 PM

Posted 23 January 2014 - 01:45 AM

Toffee, no ads computer is loading faster and this is a good thing here in the mountains working off a router. 

 

this training thing was eating me up, but all is well and i am pleased with your help. the horses we rescued today are pretty cool, they will get soome groceries in them and we will find them a new loving home, they will never be abused again. good day all the way around.. 

let me know what's next. HAPPY,HAPPY,HAPPY



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:18 PM

Posted 23 January 2014 - 02:43 PM

Hi numbernine,

 
Nice to hear you look after horses which have been abandoned. Yes, you provided what I wanted, thank you. I am very glad to hear your computer is running well, we have a little more to do before we are completely finished though.
 
Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
 
--------------
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

--------------
 
Please run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop, please copy and paste the contents into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Malwarebytes log
  • ESET log
  • FRST.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 numbernine

numbernine
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kern County Mtns.
  • Local time:01:18 PM

Posted 24 January 2014 - 05:36 AM

i hope this is right, i had to do it a couple of times. 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.24.03
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: LAPTOP [administrator]
 
Protection: Enabled
 
1/23/2014 11:44:50 PM
mbam-log-2014-01-23 (23-44-50).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256616
Time elapsed: 32 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Documents and Settings\User\Local Settings\Application Data\ElectroLyrics-22 (PUP.Optional.AdLyrics.A) -> Quarantined and deleted successfully.
 
Files Detected: 28
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP254\A0016168.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010213.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010319.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010314.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010315.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010316.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010317.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010318.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010320.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010321.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010322.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010323.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010324.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010325.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010326.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010327.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010328.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010329.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010330.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010331.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP171\A0010332.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP172\A0010386.exe (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP172\A0010387.exe (PUP.Optional.TubeSing.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP172\A0010396.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP172\A0010402.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP173\A0010510.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F35CF95E-C3E9-4664-BDDC-E8A92E85DF35}\RP178\A0010675.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
 
(end)
 
 
est log thing
C:\Documents and Settings\User\Desktop\Photoscape.exe a variant of Win32/AdWare.iBryte.J.gen application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\FreeFileViewerSetup.exe a variant of Win32/InstallCore.CU application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\Regwhiz_Installer.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\WINDOWS\Installer\MSIC0.tmp a variant of Win32/Bundled.Toolbar.Ask.F application cleaned by deleting - quarantined
 
access denied in to note pad after FRST. a copy is stored where FRST was run from, clicked ok and warning came up the read "access denied and the a blank notepad. no log  
scaned again and stll access denied
 
tried it again and this is what it gave me 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2014 02
Ran by User (administrator) on LAPTOP on 24-01-2014 02:33:17
Running from C:\Documents and Settings\User\Desktop\FRST-OlderVersion
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [13537280 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] - C:\WINDOWS\system32\nvHotkey.dll [90112 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [86016 2008-06-09] (NVIDIA Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-29] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
MountPoints2: {c5d512aa-82a9-11e3-a7e0-00164190cc89} - E:\iLinker.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA453B31A2F45CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {1B9F47CF-7B14-4837-9743-393CAF2D340A} URL = http://search.aol.com/aol/search?invocationType=searchbox.webhome&query={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 184.63.128.68 184.63.128.69 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.ebay.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-02]
CHR Extension: (Go to AOL.com) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\clikkblliffbbkffahjehcdeknmedelg [2013-07-22]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-02]
CHR Extension: (RealDownloader) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Outlook.com) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-09-30]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-02]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
========================== Services (Whitelisted) =================
 
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel® Corporation)
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-13] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-13] (Microsoft Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S0 cerc6; No ImagePath
S3 DCamUSBSTK02N; system32\DRIVERS\STK02NW2.sys [x]
S4 IntelIde; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-23 23:40 - 2014-01-23 23:40 - 00000000 ____D C:\Malwarebytes
2014-01-23 23:39 - 2014-01-23 23:39 - 00000727 _____ C:\Documents and Settings\User\Desktop\eest report 4 toffee.txt
2014-01-23 22:33 - 2014-01-23 22:33 - 00000000 ____D C:\Program Files\ESET
2014-01-23 22:32 - 2014-01-23 22:32 - 02347384 _____ (ESET) C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
2014-01-23 21:34 - 2014-01-23 23:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware second run
2014-01-23 21:31 - 2014-01-23 21:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\User\Desktop\second time run for toffee.exe
2014-01-23 21:03 - 2014-01-23 23:41 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-23 21:03 - 2014-01-23 23:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-23 21:03 - 2014-01-23 21:03 - 00000000 ____D C:\Documents and Settings\User\Application Data\Malwarebytes
2014-01-23 21:03 - 2014-01-23 21:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-23 21:03 - 2014-01-23 21:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-23 21:03 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-23 20:59 - 2014-01-23 20:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\User\Desktop\nine2toffee.exe
2014-01-23 07:50 - 2014-01-23 07:55 - 273874944 _____ C:\Documents and Settings\User\Desktop\PICT0005.AVI
2014-01-23 06:52 - 2014-01-23 06:52 - 00000467 _____ C:\Documents and Settings\User\Desktop\MDPlayer_en.lnk
2014-01-23 06:52 - 2014-01-23 06:52 - 00000453 _____ C:\Documents and Settings\User\Desktop\MDCap_en.lnk
2014-01-23 06:48 - 2014-01-23 06:49 - 00000000 ____D C:\Documents and Settings\User\Desktop\Drivers and Software+Muvi Micro Camcorder+VCC-003 Muvi Pro+Muvi Pro
2014-01-23 06:38 - 2014-01-23 06:38 - 26679357 _____ C:\Documents and Settings\User\Desktop\Drivers and Software+Muvi Micro Camcorder+VCC-003 Muvi Pro+Muvi Pro.ZIP
2014-01-22 11:44 - 2014-01-24 02:33 - 00000000 ____D C:\Documents and Settings\User\Desktop\FRST-OlderVersion
2014-01-21 11:19 - 2014-01-21 11:20 - 00020196 _____ C:\Documents and Settings\User\Desktop\Addition.txt
2014-01-21 11:18 - 2014-01-21 11:20 - 00022262 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2014-01-21 11:15 - 2014-01-22 13:12 - 00000000 ____D C:\FRST
2014-01-21 11:14 - 2014-01-22 12:17 - 01222144 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-01-20 00:19 - 2014-01-20 00:27 - 00018257 _____ C:\Documents and Settings\User\Desktop\attach.txt
2014-01-20 00:19 - 2014-01-20 00:23 - 00008994 _____ C:\Documents and Settings\User\Desktop\dds.txt
2014-01-20 00:17 - 2014-01-20 00:17 - 00688992 ____R (Swearware) C:\Documents and Settings\User\Desktop\dds.com
2014-01-19 11:38 - 2014-01-19 11:39 - 01236282 _____ C:\Documents and Settings\User\Desktop\adwcleaner (2).exe
2014-01-17 23:06 - 2014-01-17 23:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-01-17 20:46 - 2012-06-02 15:18 - 00275696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll
2014-01-17 20:46 - 2012-06-02 15:18 - 00214256 _____ (Microsoft Corporation) C:\WINDOWS\system32\muweb.dll
2014-01-17 20:46 - 2012-06-02 15:18 - 00017136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll.mui
2014-01-17 11:52 - 2014-01-24 00:32 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-01-17 11:46 - 2014-01-18 23:32 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-17 11:43 - 2014-01-17 11:43 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2014-01-17 11:42 - 2014-01-17 11:42 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-01-17 11:42 - 2014-01-17 11:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-17 10:45 - 2014-01-17 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-17 10:44 - 2014-01-17 10:45 - 00004323 _____ C:\WINDOWS\KB2914368.log
 
==================== One Month Modified Files and Folders =======
 
2014-01-24 02:33 - 2014-01-22 11:44 - 00000000 ____D C:\Documents and Settings\User\Desktop\FRST-OlderVersion
2014-01-24 02:33 - 2013-11-12 23:55 - 03503361 _____ C:\WINDOWS\pfirewall.log
2014-01-24 02:33 - 2013-05-02 02:08 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-24 01:38 - 2013-05-16 04:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-24 00:32 - 2014-01-17 11:52 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-01-24 00:27 - 2012-04-17 00:19 - 00602158 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-24 00:23 - 2013-09-29 10:33 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2962148673-1486544706-282409267-1006.job
2014-01-24 00:23 - 2013-05-02 02:08 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-24 00:23 - 2012-04-17 05:27 - 01671329 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-24 00:23 - 2008-04-13 23:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-24 00:22 - 2012-04-17 05:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-24 00:22 - 2012-04-17 00:21 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-24 00:22 - 2012-04-17 00:21 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-24 00:21 - 2013-04-24 07:58 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini
2014-01-24 00:21 - 2012-04-17 07:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981322$
2014-01-24 00:21 - 2012-04-17 05:34 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-23 23:41 - 2014-01-23 21:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware second run
2014-01-23 23:41 - 2014-01-23 21:03 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-23 23:41 - 2014-01-23 21:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-23 23:40 - 2014-01-23 23:40 - 00000000 ____D C:\Malwarebytes
2014-01-23 23:39 - 2014-01-23 23:39 - 00000727 _____ C:\Documents and Settings\User\Desktop\eest report 4 toffee.txt
2014-01-23 22:33 - 2014-01-23 22:33 - 00000000 ____D C:\Program Files\ESET
2014-01-23 22:32 - 2014-01-23 22:32 - 02347384 _____ (ESET) C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
2014-01-23 21:31 - 2014-01-23 21:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\User\Desktop\second time run for toffee.exe
2014-01-23 21:03 - 2014-01-23 21:03 - 00000000 ____D C:\Documents and Settings\User\Application Data\Malwarebytes
2014-01-23 21:03 - 2014-01-23 21:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-23 21:03 - 2014-01-23 21:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-23 20:59 - 2014-01-23 20:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\User\Desktop\nine2toffee.exe
2014-01-23 10:59 - 2012-04-17 05:24 - 00028263 ____C C:\WINDOWS\wmsetup.log
2014-01-23 10:46 - 2013-06-03 05:05 - 00036352 _____ C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-23 07:56 - 2013-09-29 10:33 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2962148673-1486544706-282409267-1006.job
2014-01-23 07:55 - 2014-01-23 07:50 - 273874944 _____ C:\Documents and Settings\User\Desktop\PICT0005.AVI
2014-01-23 07:14 - 2012-04-17 00:18 - 00735645 _____ C:\WINDOWS\setupapi.log
2014-01-23 06:53 - 2012-04-17 00:09 - 00000000 ____D C:\WINDOWS\twain_32
2014-01-23 06:52 - 2014-01-23 06:52 - 00000467 _____ C:\Documents and Settings\User\Desktop\MDPlayer_en.lnk
2014-01-23 06:52 - 2014-01-23 06:52 - 00000453 _____ C:\Documents and Settings\User\Desktop\MDCap_en.lnk
2014-01-23 06:52 - 2013-10-31 06:52 - 00000447 _____ C:\Documents and Settings\User\Desktop\SetTime.lnk
2014-01-23 06:50 - 2012-04-17 06:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-23 06:49 - 2014-01-23 06:48 - 00000000 ____D C:\Documents and Settings\User\Desktop\Drivers and Software+Muvi Micro Camcorder+VCC-003 Muvi Pro+Muvi Pro
2014-01-23 06:38 - 2014-01-23 06:38 - 26679357 _____ C:\Documents and Settings\User\Desktop\Drivers and Software+Muvi Micro Camcorder+VCC-003 Muvi Pro+Muvi Pro.ZIP
2014-01-22 13:12 - 2014-01-21 11:15 - 00000000 ____D C:\FRST
2014-01-22 12:17 - 2014-01-21 11:14 - 01222144 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-01-21 16:08 - 2013-11-12 23:55 - 04195926 _____ C:\WINDOWS\pfirewall.log.old
2014-01-21 11:20 - 2014-01-21 11:19 - 00020196 _____ C:\Documents and Settings\User\Desktop\Addition.txt
2014-01-21 11:20 - 2014-01-21 11:18 - 00022262 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2014-01-20 22:29 - 2012-04-17 05:24 - 00000000 ____D C:\WINDOWS\Registration
2014-01-20 00:27 - 2014-01-20 00:19 - 00018257 _____ C:\Documents and Settings\User\Desktop\attach.txt
2014-01-20 00:23 - 2014-01-20 00:19 - 00008994 _____ C:\Documents and Settings\User\Desktop\dds.txt
2014-01-20 00:17 - 2014-01-20 00:17 - 00688992 ____R (Swearware) C:\Documents and Settings\User\Desktop\dds.com
2014-01-19 11:50 - 2013-11-05 22:55 - 00000000 ____D C:\AdwCleaner
2014-01-19 11:39 - 2014-01-19 11:38 - 01236282 _____ C:\Documents and Settings\User\Desktop\adwcleaner (2).exe
2014-01-18 23:32 - 2014-01-17 11:46 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-18 11:33 - 2012-04-17 00:19 - 01984671 _____ C:\WINDOWS\iis6.log
2014-01-18 11:33 - 2012-04-17 00:19 - 01418642 _____ C:\WINDOWS\FaxSetup.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00800083 _____ C:\WINDOWS\ocgen.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00697068 _____ C:\WINDOWS\tsoc.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00496572 _____ C:\WINDOWS\comsetup.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00313276 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00253673 _____ C:\WINDOWS\netfxocm.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00104747 _____ C:\WINDOWS\MedCtrOC.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00082230 _____ C:\WINDOWS\ocmsn.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00075534 _____ C:\WINDOWS\msgsocm.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00069403 _____ C:\WINDOWS\tabletoc.log
2014-01-18 11:33 - 2012-04-17 00:19 - 00001917 _____ C:\WINDOWS\imsins.log
2014-01-18 11:31 - 2012-04-17 00:19 - 00516542 _____ C:\WINDOWS\msmqinst.log
2014-01-17 23:06 - 2014-01-17 23:06 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-01-17 11:43 - 2014-01-17 11:43 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2014-01-17 11:42 - 2014-01-17 11:42 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-01-17 11:42 - 2014-01-17 11:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-17 11:34 - 2013-07-17 05:17 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-01-17 11:33 - 2013-07-17 05:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-17 10:47 - 2013-07-23 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-17 10:45 - 2014-01-17 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-17 10:45 - 2014-01-17 10:44 - 00004323 _____ C:\WINDOWS\KB2914368.log
2014-01-17 10:45 - 2012-04-17 07:19 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-17 10:45 - 2012-04-17 00:19 - 00001374 _____ C:\WINDOWS\imsins.BAK
2014-01-15 17:38 - 2013-05-02 02:12 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-12 06:08 - 2012-04-17 00:17 - 00177272 _____ C:\WINDOWS\setupact.log
 
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users