Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Mouse Clicks and Conduit Found with Antivirus


  • This topic is locked This topic is locked
36 replies to this topic

#1 matthew_andres

matthew_andres

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 20 January 2014 - 10:30 AM

The problem started yesterday. I will left click once with my mouse but then it acts like I clicked multiple times. I ran my Panda Cloud Antivirus and it also found Conduit Adware on my computer. Please help.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21364  BrowserJavaVersion: 10.17.2
Run by Matt at 7:19:41 on 2014-01-20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3325.1288 [GMT -8:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Matt\Application Data\Five9\Integrations\SalesforceAgent\SalesforceCTI.exe
C:\Program Files\Java\jre7\bin\java.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\OpenOffice.org 3\program\scalc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: YouTube to MP3 Converter: {A3EDD32E-7957-4F51-8BFD-A528BBBE5DE5} - c:\program files\youtube to mp3 converter\ytdl.dll
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
EB: Five9 Agent Desktop Toolkit: {929FB84E-73CA-400F-B3E0-5925B2BD2F80} - c:\documents and settings\matt\application data\five9\integrations\five9 toolbars\Five9Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
dRunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x0829 -f audio -m logitech -d 13.51.823.0
dRunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
dRunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f
dRunOnce: [panda4_1dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
dRunOnce: [panda4_1dn_XP] reg.exe delete "HKCU\Software\panda4_1dn" /f
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {180E29E3-5E94-4348-A5BD-FB2A24B8C46F} - {929FB84E-73CA-400F-B3E0-5925B2BD2F80}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1353520242296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353897784312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{99F03F3C-D115-4C1C-881B-621755EC4CE7} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\matt\application data\mozilla\firefox\profiles\5jl4cks4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN22294397731046123&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN22294397731046123&UM=2&q=
FF - plugin: c:\documents and settings\matt\application data\mozilla\firefox\profiles\5jl4cks4.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\firefox\profiles\5jl4cks4.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\matt\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\matt\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\glance27\npglance.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-28 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-28 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-28 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-28 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-28 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-28 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-28 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-28 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-28 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-28 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-28 93928]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2013-10-11 179944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-10-23 117920]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-1-21 12184]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-10-2 140768]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-10-17 145640]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-10-11 103528]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-10-11 115048]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-10-11 128232]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-10-18 37344]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-23 101904]
R3 glancedrv;glancedrv;c:\windows\system32\drivers\glancedrv.sys [2011-10-28 34080]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2013-11-28 47632]
S0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\bootdefragdriver.sys --> c:\windows\system32\drivers\BootDefragDriver.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-10-23 21992]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 notecable;NoteCable Driver (WDM);c:\windows\system32\drivers\notcable.sys --> c:\windows\system32\drivers\notcable.sys [?]
S3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-10-11 97896]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\totrec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 XFDriver;XFDriver;\??\c:\program files\xfire2\xfdriver.sys --> c:\program files\xfire2\XFDriver.sys [?]
S4 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2013-10-2 1384992]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2013-5-28 52328]
S4 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-4-20 4308320]
.
=============== Created Last 30 ================
.
2014-01-20 06:03:28    --------    d-----r-    c:\program files\Skype
2014-01-03 23:47:55    --------    d-----w-    c:\documents and settings\matt\application data\Xfire
2014-01-03 23:47:55    --------    d-----w-    c:\documents and settings\all users\application data\Xfire
2014-01-03 23:47:38    --------    d-----w-    c:\program files\Xfire2
2014-01-03 01:59:50    22304    ----a-w-    c:\windows\system32\RegBootDefrag.exe
2014-01-03 01:10:09    101664    ----a-w-    c:\windows\system32\BootDefrag.exe
2014-01-03 01:09:54    --------    d-----w-    c:\program files\Glary Utilities 4
2014-01-02 22:23:06    --------    d-----w-    c:\windows\system32\URTTemp
2013-12-27 06:22:36    --------    d-----w-    c:\documents and settings\matt\application data\Wayforward Technologies
2013-12-23 17:32:58    417792    ----a-w-    c:\windows\system32\FLVSplitter.ax
2013-12-23 17:32:56    1184984    ----a-w-    c:\windows\system32\wvc1dmod.dll
2013-12-23 06:36:42    --------    d-----w-    c:\documents and settings\matt\application data\VideoEditor
.
==================== Find3M  ====================
.
2013-12-11 10:24:28    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 10:24:28    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-27 20:21:06    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42    150528    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17    1879040    ----a-w-    c:\windows\system32\win32k.sys
2013-10-25 11:24:35    841216    ----a-w-    c:\windows\system32\wininet.dll
2013-10-25 11:24:34    78336    ----a-w-    c:\windows\system32\ieencode.dll
2013-10-25 11:24:34    1830912    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-25 11:24:34    17408    ----a-w-    c:\windows\system32\corpol.dll
2013-10-24 03:51:24    82488    ----a-w-    c:\windows\system32\mslvddsfilter2.ax
2013-10-23 23:45:49    172032    ----a-w-    c:\windows\system32\scrrun.dll
.
============= FINISH:  7:22:24.87 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 25 January 2014 - 10:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521442 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:19 PM

Posted 26 January 2014 - 02:45 PM

Hello matthew_andres,

 

My name is Cody and I'll be helping you clean up your computer. :)

 

What's below is very important information. Please take the time to read it before we get started.

 

I will reply as soon as possible (typically within 24 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

 

I am in Orlando, Florida at GMT-5 Hours (Eastern Standard Time). As previously stated, I normally respond within 24 hours, but I am a university student currently working part time. If I do not respond within 48 hours, feel free to send me a private message.

 

Some points for you to keep in mind:

Do NOT run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Do not attach logs or use code boxes, just copy and paste the text.

I cannot see your computer.

Periodically update me on the condition of your computer, and provide detail in every post.

Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

 

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Due to the amount of time that has passed from your initial DDS log posting and this post, please reply including a fresh DDS log.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#4 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 26 January 2014 - 10:15 PM

In the words of Strongbad...DELETED!

Attached Files


Edited by matthew_andres, 27 January 2014 - 12:05 AM.


#5 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 26 January 2014 - 10:15 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.21364  BrowserJavaVersion: 10.17.2
Run by Matt at 19:10:54 on 2014-01-26
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3325.1800 [GMT -8:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Logitech\LWS\Webcam Software\lws.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: YouTube to MP3 Converter: {A3EDD32E-7957-4F51-8BFD-A528BBBE5DE5} - c:\program files\youtube to mp3 converter\ytdl.dll
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
EB: Five9 Agent Desktop Toolkit: {929FB84E-73CA-400F-B3E0-5925B2BD2F80} - c:\documents and settings\matt\application data\five9\integrations\five9 toolbars\Five9Toolbar.dll
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
dRunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x0829 -f audio -m logitech -d 13.51.823.0
dRunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
dRunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f
dRunOnce: [panda4_1dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
dRunOnce: [panda4_1dn_XP] reg.exe delete "HKCU\Software\panda4_1dn" /f
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {180E29E3-5E94-4348-A5BD-FB2A24B8C46F} - {929FB84E-73CA-400F-B3E0-5925B2BD2F80}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1353520242296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353897784312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{99F03F3C-D115-4C1C-881B-621755EC4CE7} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\matt\application data\mozilla\firefox\profiles\5jl4cks4.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - plugin: c:\documents and settings\matt\application data\mozilla\firefox\profiles\5jl4cks4.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\firefox\profiles\5jl4cks4.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\matt\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\matt\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\glance27\npglance.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-28 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-28 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-28 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-28 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-28 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-28 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-28 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-28 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-28 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-28 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-28 93928]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2013-10-11 179944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-10-23 117920]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-1-21 12184]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-10-2 140768]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-10-17 145640]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-10-11 103528]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-10-11 115048]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-10-11 128232]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-10-18 37344]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-1-20 5341536]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-10-23 101904]
R3 glancedrv;glancedrv;c:\windows\system32\drivers\glancedrv.sys [2011-10-28 34080]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2013-11-28 47632]
S0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\bootdefragdriver.sys --> c:\windows\system32\drivers\BootDefragDriver.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-10-23 21992]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 notecable;NoteCable Driver (WDM);c:\windows\system32\drivers\notcable.sys --> c:\windows\system32\drivers\notcable.sys [?]
S3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-10-11 97896]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\totrec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 XFDriver;XFDriver;\??\c:\program files\xfire2\xfdriver.sys --> c:\program files\xfire2\XFDriver.sys [?]
S4 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2013-10-2 1384992]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2013-5-28 52328]
.
=============== Created Last 30 ================
.
2014-01-22 17:49:27 -------- d-----w- c:\windows\ERUNT
2014-01-22 17:34:07 -------- d-----w- C:\AdwCleaner
2014-01-20 06:03:28 -------- d-----r- c:\program files\Skype
2014-01-03 23:47:55 -------- d-----w- c:\documents and settings\matt\application data\Xfire
2014-01-03 23:47:55 -------- d-----w- c:\documents and settings\all users\application data\Xfire
2014-01-03 23:47:38 -------- d-----w- c:\program files\Xfire2
2014-01-03 01:59:50 22304 ----a-w- c:\windows\system32\RegBootDefrag.exe
2014-01-03 01:10:09 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-01-03 01:09:54 -------- d-----w- c:\program files\Glary Utilities 4
2014-01-02 22:23:06 -------- d-----w- c:\windows\system32\URTTemp
.
==================== Find3M  ====================
.
2014-01-23 02:23:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-23 02:23:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:12:24.22 ===============
 


#6 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 26 January 2014 - 10:16 PM

sorry about the duplicate post. :(



#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:19 PM

Posted 26 January 2014 - 11:42 PM

Please edit your second post and remove the content in it.

 

I will post your next instructions ASAP. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:19 PM

Posted 27 January 2014 - 01:16 AM

Hi matthew_andres,

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 27 January 2014 - 10:44 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014
Ran by Matt (administrator) on OLD-REPUBLIC on 27-01-2014 07:39:22
Running from C:\Documents and Settings\Matt\desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(IDT, Inc.) C:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Salesforce.com) C:\Documents and Settings\Matt\Application Data\Five9\Integrations\SalesforceAgent\SalesforceCTI.exe
(Google Inc.) C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\java.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483422 2009-03-12] (IDT, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-04-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Panda Security URL Filtering] - C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-09-26] (Visicom Media Inc.)
HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [Carbonite Backup] - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-18] (Panda Security, S.L.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [SF Adapter] - C:\WINDOWS\system32\javaws.exe [262560 2013-03-07] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: YouTube to MP3 Converter - {A3EDD32E-7957-4F51-8BFD-A528BBBE5DE5} - C:\Program Files\YouTube to MP3 Converter\ytdl.dll (YouTube to MP3 Converter)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1353520242296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\5jl4cks4.default
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @glance.net/GlanceClient - C:\Program Files\Glance27\npglance.dll (Glance Networks, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Matt\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Matt\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Matt\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Matt\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPFxViewer.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Matt\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Matt\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Matt\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\pandasecuritytb.xml
FF Extension: Five9 Agent Desktop Toolkit - C:\Documents and Settings\Matt\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\f9adt@five9.com [2013-07-14]
FF Extension: ActiveGS - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\5jl4cks4.default\Extensions\activegs@freetoolsassociation.com [2013-09-26]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\5jl4cks4.default\Extensions\LogMeInClient@logmein.com [2013-06-25]
FF Extension: No Name - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\5jl4cks4.default\Extensions\trash [2013-12-10]
FF Extension: Panda Security Toolbar - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\5jl4cks4.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2013-11-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [ytdl@ytdl.com] - C:\Program Files\YouTube to MP3 Converter\ytdl@ytdl.com
FF Extension: YTDL - C:\Program Files\YouTube to MP3 Converter\ytdl@ytdl.com [2013-12-08]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN16194885332166715&UM=2&sspv=TB_TT
CHR RestoreOnStartup: "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Triscape FxFoto Control and Plugin) - C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll ()
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Matt\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Matt\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Matt\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Matt\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Glance™) - C:\Program Files\Glance27\npglance.dll (Glance Networks, Inc.)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-17]
CHR Extension: (Google Search) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-17]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-17]
CHR HKLM\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Documents and Settings\Matt\Local Settings\Application Data\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2012-06-17]
CHR HKCU\...\Chrome\Extension: [dpbjglmkcdbkbclmdonbkcgeiebaibkf] - C:\Documents and Settings\Matt\Application Data\Five9\Integrations\Five9 Toolbars\f9adt__V8.1.000.crx [2013-07-14]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Documents and Settings\Matt\Local Settings\Application Data\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-27] (SUPERAntiSpyware.com)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5049352 2013-10-10] (Carbonite, Inc. (www.carbonite.com))
S4 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [117920 2011-08-15] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-03-07] (Oracle Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-02] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-18] (Panda Security, S.L.)
R2 STacSV; c:\program files\idt\intelxpv_v103\wdm\STacSV.exe [254036 2009-03-12] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101904 2010-11-17] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
R3 glancedrv; C:\WINDOWS\System32\DRIVERS\glancedrv.sys [34080 2009-05-13] (Glance Networks, Inc)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-07] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-07] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-07] (HP)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-28] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [126184 2013-05-28] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [107752 2013-05-28] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [124648 2013-05-28] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [95464 2013-05-28] (Panda Security, S.L.)
S4 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52328 2013-05-28] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [106344 2013-05-28] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [287336 2013-05-28] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [161384 2013-05-28] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-28] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [230376 2013-05-28] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-28] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103528 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [179944 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [115048 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [128232 2013-10-11] (Panda Security, S.L.)
S3 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [97896 2013-10-11] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [47632 2013-04-28] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 Si3114r5; C:\Windows\System32\Drivers\Si3114r5.sys [202032 2011-10-23] (Silicon Image, Inc)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1550613 2009-03-12] (IDT, Inc.)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
U3 catchme; \??\C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
S3 notecable; system32\drivers\notcable.sys [x]
S3 TotRec8; \??\C:\WINDOWS\system32\drivers\TotRec8.sys [x]
S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [x]
U3 mbr; \??\C:\DOCUME~1\Matt\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-27 07:39 - 2014-01-27 07:39 - 00022085 _____ C:\Documents and Settings\Matt\desktop\FRST.txt
2014-01-27 07:12 - 2014-01-27 07:12 - 00000000 ____D C:\FRST
2014-01-27 07:11 - 2014-01-27 07:12 - 01223168 _____ (Farbar) C:\Documents and Settings\Matt\desktop\FRST.exe
2014-01-26 18:15 - 2014-01-27 07:37 - 00000000 ____D C:\Documents and Settings\Matt\desktop\Portland Comic Con 2014
2014-01-22 10:15 - 2014-01-22 10:15 - 00023862 _____ C:\ComboFix.txt
2014-01-22 10:00 - 2014-01-22 10:00 - 00001422 _____ C:\Documents and Settings\Matt\desktop\JRT.txt
2014-01-22 09:49 - 2014-01-22 09:49 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-22 09:34 - 2014-01-22 09:38 - 00000000 ____D C:\AdwCleaner
2014-01-20 19:10 - 2014-01-20 19:10 - 00000815 _____ C:\Documents and Settings\All Users\desktop\TeamViewer 9.lnk
2014-01-20 19:10 - 2014-01-20 19:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
2014-01-20 07:22 - 2014-01-26 19:12 - 00025820 _____ C:\Documents and Settings\Matt\desktop\attach.txt
2014-01-20 07:22 - 2014-01-26 19:12 - 00014867 _____ C:\Documents and Settings\Matt\desktop\dds.txt
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ___RD C:\Program Files\Skype
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-01-15 00:03 - 2014-01-15 00:03 - 00006468 _____ C:\WINDOWS\iis6.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00006183 _____ C:\WINDOWS\FaxSetup.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00003146 _____ C:\WINDOWS\ocgen.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00002821 _____ C:\WINDOWS\tsoc.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00001994 _____ C:\WINDOWS\comsetup.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00001822 _____ C:\WINDOWS\msmqinst.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00001212 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00001083 _____ C:\WINDOWS\netfxocm.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00000425 _____ C:\WINDOWS\MedCtrOC.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00000342 _____ C:\WINDOWS\ocmsn.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00000311 _____ C:\WINDOWS\tabletoc.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00000309 _____ C:\WINDOWS\msgsocm.log
2014-01-15 00:02 - 2014-01-15 00:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 00:01 - 2014-01-15 00:03 - 00005997 _____ C:\WINDOWS\KB2914368.log
2014-01-03 15:47 - 2014-01-03 15:58 - 00000000 ____D C:\Program Files\Xfire2
2014-01-03 15:47 - 2014-01-03 15:58 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\Xfire
2014-01-03 15:47 - 2014-01-03 15:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Xfire
2014-01-02 18:02 - 2014-01-02 18:02 - 00061440 _____ C:\WINDOWS\system32\config\SECURITY.gu
2014-01-02 18:02 - 2014-01-02 18:02 - 00028672 _____ C:\WINDOWS\system32\config\SAM.gu
2014-01-02 18:02 - 2014-01-02 18:02 - 00016384 ____H C:\WINDOWS\system32\config\software.gu.LOG
2014-01-02 18:02 - 2014-01-02 18:02 - 00001024 ____H C:\WINDOWS\system32\config\system.gu.LOG
2014-01-02 18:02 - 2014-01-02 18:02 - 00000000 ____H C:\WINDOWS\system32\config\default.gu.LOG
2014-01-02 17:59 - 2013-12-23 18:06 - 00022304 _____ (Glarysoft Ltd) C:\WINDOWS\system32\RegBootDefrag.exe
2014-01-02 17:10 - 2014-01-02 17:10 - 00000761 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities 4.lnk
2014-01-02 17:10 - 2013-12-23 18:06 - 00101664 _____ (Glarysoft Ltd) C:\WINDOWS\system32\BootDefrag.exe
2014-01-02 17:09 - 2014-01-02 18:06 - 00000000 ____D C:\Program Files\Glary Utilities 4
2014-01-02 15:56 - 2014-01-02 15:56 - 00001442 _____ C:\WINDOWS\COM+.log
2014-01-02 11:02 - 2014-01-02 11:02 - 00000075 _____ C:\WINDOWS\setupact.log
2014-01-02 11:02 - 2014-01-02 11:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-02 11:01 - 2014-01-26 18:09 - 00006029 _____ C:\WINDOWS\setupapi.log

==================== One Month Modified Files and Folders =======

2014-01-27 07:39 - 2014-01-27 07:39 - 00022085 _____ C:\Documents and Settings\Matt\desktop\FRST.txt
2014-01-27 07:39 - 2011-10-28 07:15 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\Skype
2014-01-27 07:37 - 2014-01-26 18:15 - 00000000 ____D C:\Documents and Settings\Matt\desktop\Portland Comic Con 2014
2014-01-27 07:32 - 2011-10-23 07:34 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-27 07:24 - 2012-04-11 06:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-27 07:12 - 2014-01-27 07:12 - 00000000 ____D C:\FRST
2014-01-27 07:12 - 2014-01-27 07:11 - 01223168 _____ (Farbar) C:\Documents and Settings\Matt\desktop\FRST.exe
2014-01-27 06:40 - 2012-08-03 12:59 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003UA.job
2014-01-27 06:00 - 2011-10-23 23:28 - 00000000 ____D C:\Program Files\Steam
2014-01-27 05:40 - 2011-10-23 07:22 - 00032510 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-27 05:03 - 2012-06-21 09:53 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003UA.job
2014-01-27 03:13 - 2012-02-17 18:02 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-26 21:19 - 2011-10-23 07:16 - 01296220 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-26 19:13 - 2012-11-25 16:16 - 00000000 ____D C:\Documents and Settings\Matt\desktop\Matt's Utilities
2014-01-26 19:12 - 2014-01-20 07:22 - 00025820 _____ C:\Documents and Settings\Matt\desktop\attach.txt
2014-01-26 19:12 - 2014-01-20 07:22 - 00014867 _____ C:\Documents and Settings\Matt\desktop\dds.txt
2014-01-26 18:09 - 2014-01-02 11:01 - 00006029 _____ C:\WINDOWS\setupapi.log
2014-01-26 16:40 - 2012-08-03 12:58 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003Core.job
2014-01-26 14:03 - 2012-06-21 09:53 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003Core.job
2014-01-25 16:05 - 2011-11-06 16:24 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-24 21:41 - 2011-10-23 22:46 - 06291456 _____ C:\WINDOWS\system32\config\Nano.evt
2014-01-24 21:22 - 2011-12-01 16:51 - 00165376 _____ C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-23 18:09 - 2011-10-23 18:59 - 00000211 ____C C:\WINDOWS\wiadebug.log
2014-01-23 10:55 - 2012-03-14 04:22 - 00188453 _____ C:\Documents and Settings\All Users\Documents\Budget the New Beginning.ods
2014-01-23 06:01 - 2013-04-10 22:59 - 00000000 ____D C:\Documents and Settings\Matt\Start Menu\Programs\Five9
2014-01-22 18:50 - 2011-10-28 07:15 - 00002265 _____ C:\Documents and Settings\All Users\desktop\Skype.lnk
2014-01-22 18:23 - 2012-04-11 06:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-22 18:23 - 2011-10-25 18:48 - 00000000 ____D C:\Documents and Settings\Matt\Local Settings\Application Data\Adobe
2014-01-22 18:23 - 2011-10-23 23:07 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-22 10:15 - 2014-01-22 10:15 - 00023862 _____ C:\ComboFix.txt
2014-01-22 10:15 - 2012-11-25 16:28 - 00000000 ____D C:\Qoobox
2014-01-22 10:15 - 2011-10-23 07:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-22 10:13 - 2006-02-28 04:00 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-22 10:02 - 2013-09-05 08:57 - 00002280 _____ C:\Documents and Settings\Matt\desktop\Rkill.txt
2014-01-22 10:00 - 2014-01-22 10:00 - 00001422 _____ C:\Documents and Settings\Matt\desktop\JRT.txt
2014-01-22 09:49 - 2014-01-22 09:49 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-22 09:46 - 2011-10-23 07:14 - 00000000 ____D C:\WINDOWS\Registration
2014-01-22 09:43 - 2011-10-23 07:34 - 00059496 _____ C:\Documents and Settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-22 09:42 - 2013-11-21 19:27 - 00000318 _____ C:\WINDOWS\Tasks\GlaryInitialize 4.job
2014-01-22 09:42 - 2006-02-28 04:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-22 09:41 - 2011-10-23 18:59 - 00000049 ____C C:\WINDOWS\wiaservc.log
2014-01-22 09:40 - 2011-10-23 18:55 - 00263024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-22 09:38 - 2014-01-22 09:34 - 00000000 ____D C:\AdwCleaner
2014-01-22 09:38 - 2011-10-23 07:23 - 00000278 ___SH C:\Documents and Settings\Matt\ntuser.ini
2014-01-22 09:38 - 2011-10-23 07:23 - 00000000 ____D C:\Documents and Settings\Matt
2014-01-21 19:52 - 2012-06-17 13:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-20 19:10 - 2014-01-20 19:10 - 00000815 _____ C:\Documents and Settings\All Users\desktop\TeamViewer 9.lnk
2014-01-20 19:10 - 2014-01-20 19:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
2014-01-20 19:09 - 2013-04-20 10:22 - 00000000 ____D C:\Program Files\TeamViewer
2014-01-20 07:40 - 2011-11-12 16:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Coupons.com
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ___RD C:\Program Files\Skype
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-01-19 22:03 - 2011-10-28 07:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2014-01-15 00:06 - 2013-08-13 21:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 00:03 - 2014-01-15 00:03 - 00006468 _____ C:\WINDOWS\iis6.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00006183 _____ C:\WINDOWS\FaxSetup.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00003146 _____ C:\WINDOWS\ocgen.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00002821 _____ C:\WINDOWS\tsoc.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00001994 _____ C:\WINDOWS\comsetup.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00001822 _____ C:\WINDOWS\msmqinst.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00001212 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00001083 _____ C:\WINDOWS\netfxocm.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00000425 _____ C:\WINDOWS\MedCtrOC.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00000342 _____ C:\WINDOWS\ocmsn.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00000311 _____ C:\WINDOWS\tabletoc.log
2014-01-15 00:03 - 2014-01-15 00:03 - 00000309 _____ C:\WINDOWS\msgsocm.log
2014-01-15 00:03 - 2014-01-15 00:01 - 00005997 _____ C:\WINDOWS\KB2914368.log
2014-01-15 00:03 - 2011-10-24 09:11 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 00:02 - 2014-01-15 00:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 13:36 - 2011-10-25 18:54 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-01-14 13:35 - 2011-10-25 18:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-07 14:01 - 2012-12-02 21:04 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\vlc
2014-01-03 15:58 - 2014-01-03 15:47 - 00000000 ____D C:\Program Files\Xfire2
2014-01-03 15:58 - 2014-01-03 15:47 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\Xfire
2014-01-03 15:56 - 2014-01-03 15:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Xfire
2014-01-02 18:06 - 2014-01-02 17:09 - 00000000 ____D C:\Program Files\Glary Utilities 4
2014-01-02 18:02 - 2014-01-02 18:02 - 00061440 _____ C:\WINDOWS\system32\config\SECURITY.gu
2014-01-02 18:02 - 2014-01-02 18:02 - 00028672 _____ C:\WINDOWS\system32\config\SAM.gu
2014-01-02 18:02 - 2014-01-02 18:02 - 00016384 ____H C:\WINDOWS\system32\config\software.gu.LOG
2014-01-02 18:02 - 2014-01-02 18:02 - 00001024 ____H C:\WINDOWS\system32\config\system.gu.LOG
2014-01-02 18:02 - 2014-01-02 18:02 - 00000000 ____H C:\WINDOWS\system32\config\default.gu.LOG
2014-01-02 18:02 - 2011-10-23 18:54 - 42467328 _____ C:\WINDOWS\system32\config\software.gu.bak
2014-01-02 18:02 - 2011-10-23 18:54 - 06291456 _____ C:\WINDOWS\system32\config\system.gu.bak
2014-01-02 18:00 - 2011-10-23 18:54 - 00524288 _____ C:\WINDOWS\system32\config\default.gu.bak
2014-01-02 17:19 - 2013-07-05 20:26 - 00000000 ____D C:\Documents and Settings\All Users\GlarySoft
2014-01-02 17:10 - 2014-01-02 17:10 - 00000761 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities 4.lnk
2014-01-02 16:56 - 2011-10-23 18:54 - 00000339 __RSH C:\boot.ini
2014-01-02 16:56 - 2006-02-28 04:00 - 00000679 _____ C:\WINDOWS\win.ini
2014-01-02 15:56 - 2014-01-02 15:56 - 00001442 _____ C:\WINDOWS\COM+.log
2014-01-02 15:54 - 2011-10-23 18:56 - 00596332 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-02 15:03 - 2011-10-23 07:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2014-01-02 14:46 - 2011-10-24 10:48 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2014-01-02 11:02 - 2014-01-02 11:02 - 00000075 _____ C:\WINDOWS\setupact.log
2014-01-02 11:02 - 2014-01-02 11:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-29 18:31 - 2012-10-10 07:24 - 00000000 ____D C:\Program Files\CCleaner

Files to move or delete:
====================
C:\Documents and Settings\All Users\Application Data\Ts_infos.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-01-2014
Ran by Matt at 2014-01-27 07:39:59
Running from C:\Documents and Settings\Matt\desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Panda Cloud Antivirus (Disabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}

==================== Installed Programs ======================

3100_3200_3300_Help (Version: 50.0.214.000 - Hewlett-Packard) Hidden
3100_3200_3300trb (Version: 50.0.214.000 - Hewlett-Packard) Hidden
3300 (Version: 50.0.214.000 - Hewlett-Packard) Hidden
Adobe AIR (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.5.0.600 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
AiO_Scan_CDA (Version: 50.0.214.000 - Hewlett-Packard) Hidden
AiOSoftwareNPI (Version: 50.0.214.000 - Hewlett-Packard) Hidden
AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.821.0 - ATI Technologies) Hidden
Audacity 2.0.3 (Version: 2.0.3 - Audacity Team)
AudibleManager (Version: 1244056.1312632.1244652.2089871648 - Audible, Inc.)
AviSynth 2.5 (Version:  - )
Awesome Duplicate Photo Finder v. 1.0.1 (Version:  - Duplicate-Finder.com)
Batman: Arkham City™ GOTY (Version: 1.0.0000.133 - WB Games)
Batman: Arkham City™ GOTY (Version: 1.0.0000.133 - WB Games) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Call Graph (Version:  - Sedna Wireless Pvt. Ltd.)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
Carbonite (Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (Version: 2011.0405.2154.37420 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.0405.2154.37420 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2011.0405.2154.37420 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2011.0405.2154.37420 - ATI) Hidden
CCC Help Chinese Standard (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Czech (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Danish (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Dutch (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help English (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Finnish (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help French (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help German (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Greek (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Hungarian (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Italian (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Japanese (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Korean (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Norwegian (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Polish (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Portuguese (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Russian (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Spanish (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Swedish (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Thai (Version: 2011.0405.2153.37420 - ATI) Hidden
CCC Help Turkish (Version: 2011.0405.2153.37420 - ATI) Hidden
ccc-utility (Version: 2011.0405.2154.37420 - ATI) Hidden
CCleaner (Version: 4.09 - Piriform)
Cisco Connect (Version: 1.4.11350.0 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
CP_AtenaShokunin1Config (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CPUID CPU-Z 1.58 (Version:  - )
CPUID HWMonitor 1.19 (Version:  - )
CueTour (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Defraggler (Version: 2.15 - Piriform)
Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dual-Core Optimizer (Version: 1.1.4.0169 - AMD)
DuckTales Remastered (Version:  - WayForward)
eFax Messenger (Version: 4.4.2.533 - j2 Global)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited)
Fax_CDA (Version: 50.0.214.000 - Hewlett-Packard) Hidden
ffdshow v1.1.3572 [2010-09-13] (Version: 1.1.3572.0 - )
FileZilla Client 3.7.0.1 (Version: 3.7.0.1 - FileZilla Project)
Fitbit Connect (Version: 1.0.0.4065 - Fitbit Inc.)
Five9 Adapter for Salesforce 4.0 (HKCU Version:  - Five9)
Free M4a to MP3 Converter 7.0 (Version:  - ManiacTools.com)
Free MTS Converter (Version:  - )
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GameFly (Version: 1.2.378 - GameFly, Inc.)
Glance 2.7 (Version:  - Glance Networks, Inc.)
Glary Utilities 4.3 (Version: 4.3.0.80 - Glarysoft Ltd)
Google Chrome (HKCU Version: 29.0.1547.76 - Google Inc.)
Google Talk Plugin (Version: 4.7.0.15362 - Google)
GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880 - CitrixOnline)
Haali Media Splitter (Version:  - )
Half-Life: Source (Version:  - Valve)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Document Viewer 5.3 (Version: 5.3 - HP)
HP Extended Capabilities 5.3 (Version: 5.3 - HP)
HP Image Zone 5.3 (Version: 5.3 - HP)
HP Imaging Device Functions 5.3 (Version: 5.3 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Product Detection (Version: 11.14.0001 - HP)
HP PSC & OfficeJet 5.3.A (Version:  - HP)
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3 - HP)
HP Update (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
IDT Audio (Version: 1.0.20001.0 - IDT)
ImgBurn (Version: 2.5.8.0 - LIGHTNING UK!)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevices (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Intel® Network Connections 16.6.126.0 (Version: 16.6.126.0 - Intel)
IrfanView (remove only) (Version: 4.30 - Irfan Skiljan)
iTunes (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 17 (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 35 (Version: 6.0.350 - Oracle)
LAME v3.99.3 (for Windows) (Version:  - )
League of Legends (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
Logitech Webcam Software (Version: 2.51 - Logitech Inc.)
LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
MacroMaker (Version: 1.0.44 - ARM Software)
MAGIX Slideshow Maker 2 (Version: 2.0.0.8 - MAGIX AG)
MAGIX Slideshow Maker 2 (Version: 2.0.0.8 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100 - Malwarebytes Corporation)
MarketResearch (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (Version: 6.00.3883.15 - Microsoft Corporation)
Mumble 1.2.4 (Version: 1.2.4 - Thorvald Natvig)
NewCopy_CDA (Version: 50.0.214.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org)
Origin (Version: 9.1.13.85 - Electronic Arts, Inc.)
Panda Cloud Antivirus (Version: 2.1.0 - Panda Security)
Panda Cloud Antivirus (Version: 6.06.00.0000 - Panda Security) Hidden
Panda Security Toolbar (Version: 4.1.0.5 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (Version: 2.0.0.14 - Panda Security)
Pando Media Booster (Version: 2.6.0.7 - Pando Networks Inc.)
PanoStandAlone (Version: 53.0.13.000 - Hewlett-Packard) Hidden
PhotoGallery (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Pivotal CRM 6.0 Prerequisites for Lotus Notes(v6.0.0900) (Version: 6.0.0900 - CDC Software)
Pivotal Packaged Client 6.0 (v6.0.0701) (Version: 6.0.0701 - CDC Software)
Portal (Version:  - Valve)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5 - Nitro PDF Software)
ProductContextNPI (Version: 50.0.214.000 - Hewlett-Packard) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RandMap (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Readme (Version: 50.0.214.000 - Hewlett-Packard) Hidden
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
SimCity™ (Version: 1.0.0.0 - Electronic Arts)
SkinsHP1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
Sonic_PrimoSDK (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Sothink Movie DVD Maker (Version: 3.8 - SourceTec Software Co., LTD)
Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Steam (Version: 1.0.0.0 - Valve Corporation)
STM TPM Driver 1.0.4.15 - 32 bits (Version:  - STMicroelectronics)
SUPERAntiSpyware (Version: 5.1.1002 - SUPERAntiSpyware.com)
System Requirements Lab CYRI (Version: 5.0.6.0 - Husdawg, LLC)
System Requirements Lab for Intel (Version: 4.4.24.0 - Husdawg, LLC)
Tango (HKCU Version: 1.6.14117 - TangoMe, Inc.)
TCRE Installer (HKCU Version:  - VoiceCurve)
TeamViewer 9 (Version: 9.0.24951 - TeamViewer)
TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Unload (Version: 5.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
VC90_CRT_x86 (Version: 1.00.0000 - Intel Corporation) Hidden
Verint Multimedia Support Package (Version: 1.0.27 - Verint)
VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN)
VSDC Free Video Editor version 1.3.3.22 (Version: 1.3.3.22 - Flash-Integro LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (Version: 2 - Microsoft Corporation)
Xul Installer (HKCU Version:  - VoiceCurve)
YouTube to MP3 Converter (Version: 1.0.0 - YouTube to MP3 Converter)

==================== Restore Points  =========================

25-10-2013 10:00:16 Software Distribution Service 3.0
26-10-2013 10:00:18 Software Distribution Service 3.0
27-10-2013 10:00:14 Software Distribution Service 3.0
28-10-2013 10:00:17 Software Distribution Service 3.0
29-10-2013 10:00:15 Software Distribution Service 3.0
30-10-2013 10:00:19 Software Distribution Service 3.0
31-10-2013 10:00:14 Software Distribution Service 3.0
01-11-2013 10:00:17 Software Distribution Service 3.0
02-11-2013 10:00:17 Software Distribution Service 3.0
03-11-2013 10:00:14 Software Distribution Service 3.0
03-11-2013 11:00:14 Software Distribution Service 3.0
04-11-2013 11:00:14 Software Distribution Service 3.0
05-11-2013 11:00:18 Software Distribution Service 3.0
06-11-2013 08:00:48 Software Distribution Service 3.0
07-11-2013 08:43:47 System Checkpoint
07-11-2013 11:00:16 Software Distribution Service 3.0
07-11-2013 22:55:04 Software Distribution Service 3.0
13-11-2013 02:53:37 System Checkpoint
13-11-2013 11:00:15 Software Distribution Service 3.0
14-11-2013 11:00:17 Software Distribution Service 3.0
15-11-2013 11:00:15 Software Distribution Service 3.0
16-11-2013 11:00:18 Software Distribution Service 3.0
17-11-2013 11:00:14 Software Distribution Service 3.0
18-11-2013 11:00:18 Software Distribution Service 3.0
19-11-2013 11:00:15 Software Distribution Service 3.0
19-11-2013 16:49:09 Software Distribution Service 3.0
20-11-2013 11:00:18 Software Distribution Service 3.0
21-11-2013 11:00:18 Software Distribution Service 3.0
21-11-2013 17:10:16 Software Distribution Service 3.0
22-11-2013 11:00:24 Software Distribution Service 3.0
23-11-2013 11:00:16 Software Distribution Service 3.0
24-11-2013 05:42:15 Installed Fitbit Connect
24-11-2013 11:00:16 Software Distribution Service 3.0
25-11-2013 11:00:17 Software Distribution Service 3.0
26-11-2013 11:00:17 Software Distribution Service 3.0
27-11-2013 11:00:17 Software Distribution Service 3.0
28-11-2013 11:00:18 Software Distribution Service 3.0
28-11-2013 17:37:17 Software Distribution Service 3.0
29-11-2013 11:00:16 Software Distribution Service 3.0
30-11-2013 11:00:14 Software Distribution Service 3.0
01-12-2013 11:00:14 Software Distribution Service 3.0
02-12-2013 11:00:14 Software Distribution Service 3.0
03-12-2013 11:00:17 Software Distribution Service 3.0
04-12-2013 11:00:20 Software Distribution Service 3.0
05-12-2013 11:00:18 Software Distribution Service 3.0
06-12-2013 11:00:16 Software Distribution Service 3.0
07-12-2013 11:00:17 Software Distribution Service 3.0
08-12-2013 11:00:16 Software Distribution Service 3.0
09-12-2013 04:00:08 Software Distribution Service 3.0
09-12-2013 11:00:17 Software Distribution Service 3.0
10-12-2013 11:00:17 Software Distribution Service 3.0
11-12-2013 11:00:19 Software Distribution Service 3.0
12-12-2013 11:00:17 Software Distribution Service 3.0
13-12-2013 11:00:16 Software Distribution Service 3.0
14-12-2013 11:00:14 Software Distribution Service 3.0
15-12-2013 11:00:17 Software Distribution Service 3.0
16-12-2013 11:00:17 Software Distribution Service 3.0
17-12-2013 11:00:16 Software Distribution Service 3.0
18-12-2013 11:00:18 Software Distribution Service 3.0
19-12-2013 11:00:18 Software Distribution Service 3.0
20-12-2013 11:00:17 Software Distribution Service 3.0
21-12-2013 11:00:16 Software Distribution Service 3.0
22-12-2013 11:00:14 Software Distribution Service 3.0
23-12-2013 08:03:34 Software Distribution Service 3.0
23-12-2013 11:00:14 Software Distribution Service 3.0
23-12-2013 19:05:26 Software Distribution Service 3.0
24-12-2013 11:00:16 Software Distribution Service 3.0
25-12-2013 11:00:16 Software Distribution Service 3.0
26-12-2013 11:00:16 Software Distribution Service 3.0
27-12-2013 06:19:41 Installed DirectX
27-12-2013 11:00:14 Software Distribution Service 3.0
28-12-2013 11:00:14 Software Distribution Service 3.0
29-12-2013 11:00:19 Software Distribution Service 3.0
30-12-2013 11:00:15 Software Distribution Service 3.0
31-12-2013 11:00:15 Software Distribution Service 3.0
01-01-2014 11:00:17 Software Distribution Service 3.0
02-01-2014 05:29:39 Software Distribution Service 3.0
02-01-2014 21:58:27 Software Distribution Service 3.0
02-01-2014 22:13:22 Removed Microsoft .NET Framework 1.1
02-01-2014 22:23:03 Installed Microsoft .NET Framework 1.1
02-01-2014 23:53:36 Software Distribution Service 3.0
03-01-2014 00:27:10 Software Distribution Service 3.0
04-01-2014 01:35:10 System Checkpoint
05-01-2014 02:27:37 System Checkpoint
06-01-2014 02:43:13 System Checkpoint
07-01-2014 03:19:16 System Checkpoint
08-01-2014 05:54:04 System Checkpoint
09-01-2014 06:35:18 System Checkpoint
10-01-2014 07:28:41 System Checkpoint
11-01-2014 08:45:22 System Checkpoint
12-01-2014 09:27:36 System Checkpoint
13-01-2014 10:27:35 System Checkpoint
14-01-2014 11:00:17 Software Distribution Service 3.0
15-01-2014 08:01:47 Software Distribution Service 3.0
16-01-2014 08:14:41 System Checkpoint
17-01-2014 08:16:27 System Checkpoint
18-01-2014 09:14:40 System Checkpoint
19-01-2014 10:14:41 System Checkpoint
20-01-2014 11:14:44 System Checkpoint
21-01-2014 12:14:42 System Checkpoint
22-01-2014 12:19:13 System Checkpoint

==================== Hosts content: ==========================

2006-02-28 04:00 - 2013-09-05 09:11 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003Core.job => C:\Documents and Settings\Matt\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003UA.job => C:\Documents and Settings\Matt\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 4.job => C:\Program Files\Glary Utilities 4\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003Core.job => C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003UA.job => C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-03 05:12 - 2011-02-28 14:37 - 00180624 _____ () C:\WINDOWS\system32\Primomonnt.dll
2013-05-10 10:56 - 2013-05-10 10:56 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2008-04-14 04:42 - 2013-01-01 22:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2010-03-16 11:22 - 2010-03-16 11:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2011-04-05 20:53 - 2011-04-05 20:53 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-04-25 16:13 - 2010-09-13 22:27 - 03849728 _____ () C:\Program Files\ffdshow\ffdshow.ax
2008-04-14 04:41 - 2008-04-14 04:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 04:42 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 04:42 - 2008-04-14 04:42 - 00192512 ____C () C:\WINDOWS\system32\qcap.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-10-03 19:09 - 2013-09-16 19:20 - 00709584 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-10-03 19:09 - 2013-09-16 19:20 - 00099792 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-10-03 19:09 - 2013-09-16 19:21 - 04053456 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-10-03 19:09 - 2013-09-16 19:21 - 00410576 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-10-03 19:09 - 2013-09-16 19:20 - 01604560 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
2013-11-17 20:51 - 2013-11-17 20:51 - 00065536 _____ () C:\Documents and Settings\Matt\Application Data\Five9\UAL\windowsNatives-1.0.0.jar\ICE_JNIRegistry.dll
2013-07-18 04:39 - 2013-07-18 04:39 - 00069632 _____ () C:\Documents and Settings\Matt\Application Data\Five9\Softphone8.0.7\G722AsDLL.dll
2013-07-18 04:39 - 2013-07-18 04:39 - 00061440 _____ () C:\Documents and Settings\Matt\Application Data\Five9\Softphone8.0.7\AEC_PC_DLL.dll
2013-07-18 04:39 - 2013-07-18 04:39 - 00069632 _____ () C:\Documents and Settings\Matt\Application Data\Five9\Softphone8.0.7\bv32.dll
2013-07-18 04:39 - 2013-07-18 04:39 - 00245760 _____ () C:\Documents and Settings\Matt\Application Data\Five9\Softphone8.0.7\g729asdll.dll
2013-12-10 11:01 - 2013-12-10 11:01 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-01-22 18:23 - 2014-01-22 18:23 - 16287624 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: PCI Device
Description: PCI Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2014 06:15:08 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).

Error: (01/23/2014 09:15:21 PM) (Source: Application Error) (User: )
Description: Faulting application ducktales.exe, version 0.0.0.0, faulting module ducktales.exe, version 0.0.0.0, fault address 0x00196f5c.
Processing media-specific event for [ducktales.exe!ws!]

Error: (01/10/2014 08:03:25 PM) (Source: Google Update) (User: OLD-REPUBLIC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/08/2014 08:03:25 PM) (Source: Google Update) (User: OLD-REPUBLIC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/05/2014 11:14:30 PM) (Source: Application Error) (User: )
Description: Faulting application ducktales.exe, version 0.0.0.0, faulting module ducktales.exe, version 0.0.0.0, fault address 0x00196dbc.
Processing media-specific event for [ducktales.exe!ws!]

Error: (01/04/2014 03:12:13 PM) (Source: Application Error) (User: )
Description: Faulting application ducktales.exe, version 0.0.0.0, faulting module ducktales.exe, version 0.0.0.0, fault address 0x00196dbc.
Processing media-specific event for [ducktales.exe!ws!]

Error: (01/04/2014 03:08:36 PM) (Source: Application Error) (User: )
Description: Faulting application ducktales.exe, version 0.0.0.0, faulting module ducktales.exe, version 0.0.0.0, fault address 0x00196dbc.
Processing media-specific event for [ducktales.exe!ws!]

Error: (01/03/2014 03:34:09 PM) (Source: Application Error) (User: )
Description: Faulting application ducktales.exe, version 0.0.0.0, faulting module ducktales.exe, version 0.0.0.0, fault address 0x00196dbc.
Processing media-specific event for [ducktales.exe!ws!]

Error: (01/03/2014 08:06:36 AM) (Source: Google Update) (User: OLD-REPUBLIC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/02/2014 03:59:41 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (01/27/2014 07:11:06 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Documents and Settings\Matt\Desktop\FRST.exe.
Reference error message: The operation completed successfully.
.

Error: (01/27/2014 07:11:06 AM) (Source: SideBySide) (User: )
Description: Syntax error in manifest or policy file "Access is denied.
1" on line Access is denied.
2.

Error: (01/22/2014 10:40:38 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Documents and Settings\Matt\My Documents\Downloads\SecurityCheck.exe.
Reference error message: The operation completed successfully.
.

Error: (01/22/2014 10:40:38 AM) (Source: SideBySide) (User: )
Description: Syntax error in manifest or policy file "Access is denied.
1" on line Access is denied.
2.

Error: (01/22/2014 09:37:37 AM) (Source: Service Control Manager) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (01/26/2014 06:15:08 PM) (Source: VSS)(User: )
Description: 0x800700150x800423f3RemovableStorageManagerOpenNtmsSessionW

Error: (01/23/2014 09:15:21 PM) (Source: Application Error)(User: )
Description: ducktales.exe0.0.0.0ducktales.exe0.0.0.000196f5c

Error: (01/10/2014 08:03:25 PM) (Source: Google Update)(User: OLD-REPUBLIC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/08/2014 08:03:25 PM) (Source: Google Update)(User: OLD-REPUBLIC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/05/2014 11:14:30 PM) (Source: Application Error)(User: )
Description: ducktales.exe0.0.0.0ducktales.exe0.0.0.000196dbc

Error: (01/04/2014 03:12:13 PM) (Source: Application Error)(User: )
Description: ducktales.exe0.0.0.0ducktales.exe0.0.0.000196dbc

Error: (01/04/2014 03:08:36 PM) (Source: Application Error)(User: )
Description: ducktales.exe0.0.0.0ducktales.exe0.0.0.000196dbc

Error: (01/03/2014 03:34:09 PM) (Source: Application Error)(User: )
Description: ducktales.exe0.0.0.0ducktales.exe0.0.0.000196dbc

Error: (01/03/2014 08:06:36 AM) (Source: Google Update)(User: OLD-REPUBLIC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (01/02/2014 03:59:41 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 3325.49 MB
Available physical RAM: 1409.41 MB
Total Pagefile: 5209.38 MB
Available Pagefile: 3178.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:301.67 GB) (Free:87.87 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 302 GB) (Disk ID: 1C551C54)
Partition 1: (Active) - (Size=302 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:19 PM

Posted 27 January 2014 - 03:43 PM

Hi matthew_andres,

 

Are you familiar with Five9 Agent Desktop Toolkit?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 27 January 2014 - 05:07 PM

Yes it is for my job. I work from home. Same with SalesForce. I also have to have a specific Java version to work with these 2. For that reason I do not update Java.



#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:19 PM

Posted 27 January 2014 - 05:36 PM

Hello matthew_andres,

 

Thanks for the information, that helps a lot. :)

 

-------------------------------------------------------------------------------------------

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    txt.gif  fixlist.txt   185bytes   1 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 27 January 2014 - 07:48 PM

When trying to download the file in the previous post, I get this message from the website:

Sorry, you don't have permission for that!

#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:19 PM

Posted 27 January 2014 - 10:50 PM

Try downloading it again, please.

 

 

 

-------------------------------------------------------------------------

 

If it does not work, do the following:

 

Open Notepad.

 

Copy and paste the following text into notepad:

CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN16194885332166715&UM=2&sspv=TB_TT
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Click File - Save As...

 

Name the file "fixlist.txt" and click "Save".

 

Make sure the save the file in the save directory FRST is located.

 

Then proceed with the directions given in post #12.


Edited by TheShooter93, 27 January 2014 - 10:52 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 PM

Posted 27 January 2014 - 11:39 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2014
Ran by Matt at 2014-01-27 20:39:06 Run:1
Running from C:\Documents and Settings\Matt\desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN16194885332166715&UM=2&sspv=TB_TT
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN16194885332166715&UM=2&sspv=TB_TT ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users