Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet connection after startup


  • This topic is locked This topic is locked
10 replies to this topic

#1 Dcalc

Dcalc

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 20 January 2014 - 09:46 PM

Internet connection drops after full system startup. Internet works during startup.

 

Internet works while in Safe Mode with Networking.

 

Ran Avast and Malwarebytes to no avail.

 

Connected via ethernet cable, Wifi works.

 

Boot, start up and safe mode scan come back clean, 

 

Please assist.

 

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 1.6.0_33
Run by Fonseca Family at 20:38:30 on 2014-01-20
Microsoft Windows 7 Ultimate   
 
6.1.7600.0.1252.1.1033.18.2942.2193 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-
 
7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-
 
4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k 
 
LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k 
 
LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k 
 
NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Fonseca Family\AppData\Local\Google\Chrome
 
\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome
 
\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome
 
\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome
 
\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome
 
\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome
 
\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome
 
\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome
 
\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome
 
\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome
 
\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://search.coupons.com/
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-
 
8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com
 
\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-
 
CDF273CFD578} - C:\Program Files (x86)\Common Files
 
\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-
 
0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office
 
\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-
 
D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-
 
D17F00898D06} - C:\Program Files\Alwil Software
 
\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-
 
5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft 
 
Shared\Windows Live\WindowsLiveLogin.dll
BHO: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-
 
4243D8127440} - C:\Program Files (x86)\Ask.com
 
\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-
 
9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} 
 
- C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - 
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} 
 
- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-
 
98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar
 
\tbcore3.dll
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} 
 
- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-
 
C9B1D7A0C02F} - C:\Program Files\Alwil Software
 
\Avast5\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools 
 
Lite\DTLite.exe" -autorun
uRun: [AdobeBridge] <no file>
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office
 
\Office12\GrooveMonitor.exe"
mRun: [avast5] "C:\Program Files\Alwil Software
 
\Avast5\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe
 
\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common 
 
Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -
 
launchedbylogin
mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips
 
\Philips Songbird Resources\Autolauncher
 
\PhilipsDeviceListener.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple
 
\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe
 
\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes
 
\iTunesHelper.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater
 
\Updater.exe"
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software
 
\Avast5\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-
 
4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft 
 
Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-
 
4E2E-BF3B-96E929D65503}
Trusted Zone: mhhs.org
Trusted Zone: newphysicianlink.org
DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - 
 
file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - 
 
file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - 
 
file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - 
 
file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - file://C:/Program 
 
Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - 
 
file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - 
 
file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - file://C:/Program 
 
Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - 
 
hxxps://activestaffer.mhhs.org/myActiveStaffer/MsrsReportProcess
 
.aspx?apirs:Command=GetRSClientPrintCab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - file://C:/Program 
 
Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab 
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - file://C:/Program 
 
Files (x86)/F5 VPN/F5_TMP/msrdp.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - file://C:/Program 
 
Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - 
 
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-
 
i586.cab
DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - file://C:/Program 
 
Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - 
 
hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoC
 
enter_ActiveX_Control.cab
DPF: {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} - 
 
hxxps://insite.mhhs.org/MHHS_Portal_Login_09.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - 
 
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-
 
i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - 
 
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-
 
i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - 
 
file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - 
 
hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installe
 
r/ATTInternetInstaller64.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - file://C:/Program 
 
Files (x86)/F5 VPN/F5_TMP/urxhost.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - 
 
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - 
 
file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - 
 
file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{6C3238E7-ADD0-4065-BB2E-5A214A119091} : 
 
DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-
 
3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office
 
\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:
 
\Program Files (x86)\Windows Live\Photo Gallery
 
\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-
 
B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office
 
\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:
 
\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-
 
7F8F10CA4CF5} - C:\Program Files\Alwil Software
 
\Avast5\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-
 
D17F00898D06} - C:\Program Files\Alwil Software
 
\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-
 
8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft 
 
Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-
 
7F8F10CA4CF5} - C:\Program Files\Alwil Software
 
\Avast5\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-
 
C9B1D7A0C02F} - C:\Program Files\Alwil Software
 
\Avast5\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common 
 
Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter
 
\BJMyPrt.exe /logon
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-
 
3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - 
 
<orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows
 
\System32\drivers\covpnv64.sys [2010-1-25 41232]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers
 
\aswRvrt.sys [2013-3-2 65776]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers
 
\aswVmm.sys [2013-3-2 207904]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011
 
-5-23 1034464]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2010-1-
 
26 422216]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers
 
\aswMonFlt.sys [2010-1-26 78648]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil 
 
Software\Avast5\AvastSvc.exe [2013-12-25 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN 
 
v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework
 
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN 
 
v4.0.30319_X64;C:\Windows\Microsoft.NET
 
\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 F5 Networks Component Installer;F5 Networks Component 
 
Installer;C:\Windows\SysWOW64\F5InstallerService.exe [2010-8-19 
 
246400]
S2 HsfXAudioService;HsfXAudioService;C:\Windows
 
\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
S2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys 
 
[2011-7-27 14952]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files 
 
(x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-20 
 
418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' 
 
Anti-Malware\mbamservice.exe [2010-1-24 701512]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update
 
\NASvc.exe [2012-7-13 769432]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files 
 
(x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 
 
80896]
S2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files
 
\Motive\pcCMService.exe [2012-8-7 368640]
S2 pcCMService64;pcCMService64;C:\Program Files\Common Files
 
\Motive\pcCMService.exe [2012-8-7 460288]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files 
 
(x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 
 
92632]
S2 Updater Service for StartNow Toolbar;Updater Service for 
 
StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar
 
\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow 
 
Toolbar\ToolbarUpdaterService.exe [?]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys 
 
[2013-12-25 82744]
S3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers
 
\CAXHWBS2.sys [2009-2-13 411136]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows
 
\System32\drivers\urfltv64.sys [2011-2-1 18448]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers
 
\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows
 
\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers
 
\mbam.sys [2010-1-24 25928]
S3 rockusb;Driver for rockusb Device;C:\Windows
 
\System32\drivers\rockusb.sys [2011-8-27 66088]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common 
 
Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows
 
\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers
 
\VSTDPV6.SYS [2009-7-13 1485312]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers
 
\VSTBS26.SYS [2009-7-13 411136]
.
=============== Created Last 30 ================
.
2014-01-21 01:52:10 -------- d-----w- C:\Users\Fonseca 
 
Family\AppData\Local\Programs
2014-01-21 01:23:19 388096 ----a-r- C:\Users\Fonseca 
 
Family\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-
 
466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-21 01:23:19 -------- d-----w- C:\Program Files 
 
(x86)\Trend Micro
2014-01-12 17:30:02 -------- d-----w- C:\NVIDIA
2013-12-25 23:00:13 82744 ----a-w- C:\Windows
 
\System32\drivers\aswstm.sys
.
==================== Find3M  ====================
.
2013-12-25 22:59:56 78648 ----a-w- C:\Windows
 
\System32\drivers\aswMonFlt.sys
2013-12-25 22:59:56 207904 ----a-w- C:\Windows
 
\System32\drivers\aswVmm.sys
2013-12-25 22:59:56 1034464 ----a-w- C:\Windows
 
\System32\drivers\aswSnx.sys
2013-12-25 22:59:55 43152 ----a-w- C:\Windows
 
\avastSS.scr
2013-12-11 13:43:11 71048 ----a-w- C:\Windows
 
\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 13:43:11 692616 ----a-w- C:\Windows
 
\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 20:40:30.23 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 25 January 2014 - 09:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521522 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Dcalc

Dcalc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 26 January 2014 - 01:03 PM

I am still having issues. I have a new DDS log and I am also attaching a HiJackTis log as well. Please Assist. I do have a Windows CD available. Thank You

 

 Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:34:58 PM, on 1/20/2014
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Safe mode with network support
 
Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (file missing)
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Fonseca Family\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} (F5 Networks Certificate Checker) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} (OPSWAT FireWalls Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} (OPSWAT ProcessesScanner Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} (RSClientPrint 2008 Class) - https://activestaffer.mhhs.org/myActiveStaffer/MsrsReportProcess.aspx?apirs:Command=GetRSClientPrintCab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab 
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redistributable) - version 4) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
O16 - DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} (F5 Networks Group Policy Control) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} (MHHS_Login Control 2009) - https://insite.mhhs.org/MHHS_Portal_Login_09.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} (F5 Networks OPSWAT Helper Control) - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: F5 Networks Component Installer - F5 Networks - C:\Windows\SysWOW64\F5InstallerService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Fonseca Family\AppData\Local\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 14222 bytes
 
 
DDS LOG
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 1.6.0_33
Run by Fonseca Family at 12:00:19 on 2014-01-26
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2942.2211 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://search.coupons.com/
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - 
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AdobeBridge] <no file>
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: mhhs.org
Trusted Zone: newphysicianlink.org
DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://activestaffer.mhhs.org/myActiveStaffer/MsrsReportProcess.aspx?apirs:Command=GetRSClientPrintCab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab 
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} - hxxps://insite.mhhs.org/MHHS_Portal_Login_09.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{6C3238E7-ADD0-4065-BB2E-5A214A119091} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2010-1-25 41232]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-2 65776]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-2 207904]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-5-23 1034464]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2010-1-26 422216]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-1-26 78648]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-12-25 50344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 F5 Networks Component Installer;F5 Networks Component Installer;C:\Windows\SysWOW64\F5InstallerService.exe [2010-8-19 246400]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
S2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-20 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-1-24 701512]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
S2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-8-7 368640]
S2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-8-7 460288]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-25 82744]
S3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-2-13 411136]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2011-2-1 18448]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-1-24 25928]
S3 rockusb;Driver for rockusb Device;C:\Windows\System32\drivers\rockusb.sys [2011-8-27 66088]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
.
=============== Created Last 30 ================
.
2014-01-21 01:52:10 -------- d-----w- C:\Users\Fonseca Family\AppData\Local\Programs
2014-01-21 01:23:19 388096 ----a-r- C:\Users\Fonseca Family\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-21 01:23:19 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-01-12 17:30:02 -------- d-----w- C:\NVIDIA
.
==================== Find3M  ====================
.
2013-12-25 22:59:56 82744 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-25 22:59:56 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-25 22:59:56 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-25 22:59:56 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-25 22:59:55 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-11 13:43:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 13:43:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 12:02:38.79 ===============
 


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:08 PM

Posted 27 January 2014 - 05:35 PM

Dcalc,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.
 
 
FRST
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator"
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:08 PM

Posted 01 February 2014 - 07:08 PM

Dcalc,
 
It has been five days since my last post. Do you still need help?

If you do, please follow my previous instructions. 
:thumbup2:


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 Dcalc

Dcalc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 01 February 2014 - 10:46 PM

Yes I still need help, Sorry about the lapse in posting, have been working alot. Thank you for your assistance.

 

Attached is the FRST file 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Fonseca Family (administrator) on FONSECAFAMILY on 01-02-2014 21:39:24
Running from C:\Users\Fonseca Family\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F5 Networks) C:\Windows\SysWOW64\F5InstallerService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Users\Fonseca Family\AppData\Local\TVersity\Media Server\MediaServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Google Inc.) C:\Users\Fonseca Family\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\Setup\New\instup.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [3764024 2013-12-25] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Philips Device Listener] - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2011-06-26] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-12-05] (Ask)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024 2013-12-25] (AVAST Software)
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\Run: [AdobeBridge] - [x]
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\Run: [Google Update] - C:\Users\Fonseca Family\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-01] (Google Inc.)
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-12-05] (TomTom)
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\MountPoints2: I - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\MountPoints2: L - L:\InnoTabSetup.exe
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\MountPoints2: {0afa855b-2c76-11df-aa1c-001bb985a13b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\MountPoints2: {3792af86-7b21-11e3-a556-463500000031} - L:\InnoTabSetup.exe
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\MountPoints2: {387887a7-0b6c-11df-b921-001bb985a13b} - L:\LaunchU3.exe -a
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\MountPoints2: {a8871da9-1a8a-11e2-8266-463500000031} - M:\LaunchU3.exe -a
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\MountPoints2: {d9959b30-07a9-11df-af1a-001bb985a13b} - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4201078045-3611494322-3505696443-1001\...\MountPoints2: {f7bb3bc7-07b8-11df-915d-806e6f6e6963} - D:\Autorun.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
Toolbar: HKLM-x32 - FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: HKLM-x32 {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
DPF: HKLM-x32 {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: HKLM-x32 {49EC7987-E331-44E3-B170-748B58A268B9} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab 
DPF: HKLM-x32 {7584c670-2274-4efb-b00b-d6aaba6d3850} file://C:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab
DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: HKLM-x32 {8F6AFB67-F834-4227-94A7-A51377E0678E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: HKLM-x32 {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} https://insite.mhhs.org/MHHS_Portal_Login_09.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
DPF: HKLM-x32 {EBDC91CB-F23F-477D-B152-3F7243760D04} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Fonseca Family\AppData\Roaming\Mozilla\Firefox\Profiles\yptaz7zp.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.ask.com/?l=dis&o=14196
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=6832948a-1505-4bd7-9b64-1af3d7fa244c&apn_ptnrs=%5EFM&apn_sauid=B32524E0-1226-41B6-ADA0-AE455C605C52&apn_dtid=%5Epfm014%5EYY%5EUS&&q=
FF Homepage: hxxp://xfinity.comcast.net/?cid=insDate09012012|hxxp://www.comcast.net/xfinity/?cid=insdate09012012&cid=ffpintab|hxxp://xfinitytv.comcast.net/?cid=xfactiv_tv&cid=ffpintab|hxxp://www.comcast.net/qry/goto?app=mail&cid=xfactiv_email&cid=ffpin
FF SelectedSearchEngine: XFINITY
FF DefaultSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Fonseca Family\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Fonseca Family\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\FONSEC~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Fonseca Family\AppData\Roaming\Mozilla\Firefox\Profiles\yptaz7zp.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Fonseca Family\AppData\Roaming\Mozilla\Firefox\Profiles\yptaz7zp.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Users\Fonseca Family\AppData\Roaming\Mozilla\Firefox\Profiles\yptaz7zp.default\searchplugins\startnow.xml
FF SearchPlugin: C:\Users\Fonseca Family\AppData\Roaming\Mozilla\Firefox\Profiles\yptaz7zp.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml
FF Extension: Default Tab - C:\Users\Fonseca Family\AppData\Roaming\Mozilla\Firefox\Profiles\yptaz7zp.default\Extensions\addon@defaulttab.com [2012-08-03]
FF Extension: Ask Toolbar - C:\Users\Fonseca Family\AppData\Roaming\Mozilla\Firefox\Profiles\yptaz7zp.default\Extensions\toolbar@ask.com [2013-01-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF Extension: Coupons.com CouponBar - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-29]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://xfinity.comcast.net/?cid=insDate04182013", "hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ch"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Harmony Firefox Plugin) - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Fonseca Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Fonseca Family\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Fonseca Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google Search) - C:\Users\Fonseca Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Google Wallet) - C:\Users\Fonseca Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Fonseca Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaaooaijelonlmbcbjkocdnicdfmo] - C:\Users\Fonseca Family\AppData\Local\APN\GoogleCRXs\aaaaaaooaijelonlmbcbjkocdnicdfmo_7.15.12.0.crx [2013-01-04]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2012-11-19]
CHR StartMenuInternet: Google Chrome - C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-25] (AVAST Software)
R2 F5 Networks Component Installer; C:\Windows\SysWOW64\F5InstallerService.exe [246400 2010-08-19] (F5 Networks)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-08-08] (Alcatel-Lucent)
R2 TVersityMediaServer; C:\Users\Fonseca Family\AppData\Local\TVersity\Media Server\MediaServer.exe [856064 2010-02-25] ()
S2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-25] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [82744 2013-12-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-25] ()
S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [18448 2010-01-25] (F5 Networks)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-07-15] (GEAR Software Inc.)
R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-11] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-06-11] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-11] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-06-11] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66088 2009-10-21] (Fuzhou Rockchip Electronics Co,Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-07-20] ()
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [41232 2010-01-25] (F5 Networks, Inc.)
S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
U3 a2p4rzq9; C:\Windows\System32\Drivers\a2p4rzq9.sys [0 ] (Microsoft Corporation)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 nmwcdnsucx64; system32\drivers\nmwcdnsucx64.sys [x]
S3 nmwcdnsux64; system32\drivers\nmwcdnsux64.sys [x]
S3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-01 21:39 - 2014-02-01 21:39 - 00028501 _____ () C:\Users\Fonseca Family\Desktop\FRST.txt
2014-02-01 21:29 - 2014-02-01 21:30 - 00035108 _____ () C:\Users\Fonseca Family\Desktop\Addition.txt
2014-02-01 21:28 - 2014-02-01 21:39 - 00000000 ____D () C:\FRST
2014-02-01 21:28 - 2014-02-01 21:28 - 02080256 _____ (Farbar) C:\Users\Fonseca Family\Desktop\FRST64.exe
2014-01-20 20:38 - 2014-01-20 20:38 - 00688992 ____R (Swearware) C:\Users\Fonseca Family\Downloads\dds.com
2014-01-20 19:52 - 2014-01-20 19:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fonseca Family\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 19:23 - 2014-01-20 19:23 - 00003015 _____ () C:\Users\Fonseca Family\Desktop\HiJackThis.lnk
2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____D () C:\Users\Fonseca Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-01-12 11:30 - 2014-01-12 11:30 - 00000000 ____D () C:\NVIDIA
2014-01-12 11:10 - 2014-01-12 11:10 - 00000428 _____ () C:\Users\Fonseca Family\Desktop\Router Settings.txt
 
==================== One Month Modified Files and Folders =======
 
2014-02-01 21:39 - 2014-02-01 21:39 - 00028501 _____ () C:\Users\Fonseca Family\Desktop\FRST.txt
2014-02-01 21:39 - 2014-02-01 21:28 - 00000000 ____D () C:\FRST
2014-02-01 21:38 - 2012-11-21 16:59 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-01 21:38 - 2009-07-13 23:13 - 00727916 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-01 21:37 - 2011-02-01 16:09 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201078045-3611494322-3505696443-1001UA.job
2014-02-01 21:31 - 2013-01-02 08:45 - 00008628 _____ () C:\Windows\setupact.log
2014-02-01 21:31 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-01 21:30 - 2014-02-01 21:29 - 00035108 _____ () C:\Users\Fonseca Family\Desktop\Addition.txt
2014-02-01 21:28 - 2014-02-01 21:28 - 02080256 _____ (Farbar) C:\Users\Fonseca Family\Desktop\FRST64.exe
2014-02-01 21:25 - 2009-07-13 22:45 - 00010416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-01 21:25 - 2009-07-13 22:45 - 00010416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-01 21:24 - 2010-01-22 18:51 - 01915068 _____ () C:\Windows\WindowsUpdate.log
2014-01-20 20:38 - 2014-01-20 20:38 - 00688992 ____R (Swearware) C:\Users\Fonseca Family\Downloads\dds.com
2014-01-20 20:24 - 2010-05-22 12:29 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1CDD1620-9D42-4973-B299-EB7E821C52E1}
2014-01-20 20:15 - 2010-01-27 11:48 - 00172366 _____ () C:\Windows\PFRO.log
2014-01-20 19:52 - 2014-01-20 19:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fonseca Family\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 19:52 - 2010-01-24 22:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-20 19:23 - 2014-01-20 19:23 - 00003015 _____ () C:\Users\Fonseca Family\Desktop\HiJackThis.lnk
2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____D () C:\Users\Fonseca Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-01-20 18:32 - 2013-12-25 17:00 - 00002264 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-20 17:43 - 2012-04-08 04:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-20 05:37 - 2011-02-01 16:09 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201078045-3611494322-3505696443-1001Core.job
2014-01-12 11:30 - 2014-01-12 11:30 - 00000000 ____D () C:\NVIDIA
2014-01-12 11:29 - 2010-01-29 19:12 - 00000000 ____D () C:\Users\Fonseca Family\AppData\Roaming\U3
2014-01-12 11:10 - 2014-01-12 11:10 - 00000428 _____ () C:\Users\Fonseca Family\Desktop\Router Settings.txt
2014-01-11 23:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-11 18:38 - 2012-03-09 22:12 - 00000000 ____D () C:\Users\Fonseca Family\.frostwire5
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-19 00:14
 
==================== End Of Log ============================
 
Addition File
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Fonseca Family at 2014-02-01 21:29:56
Running from C:\Users\Fonseca Family\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
µTorrent (x32 Version: 2.0.0 - )
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (x32 Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (x32 Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (x32 Version: 1.15.12.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU Version: 1.2.3.33066 - Ask.com) <==== ATTENTION
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
calibre (x32 Version: 0.8.40 - Kovid Goyal)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version:  - ) Hidden
Canon Easy-PhotoPrint EX (x32 Version:  - )
Canon MP Navigator EX 4.0 (x32 Version:  - )
Canon MP280 series MP Drivers (Version:  - )
Canon My Printer (x32 Version:  - )
Catalina Savings Printer (x32 Version: 1.0.0 - Catalina Marketing Corp)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (x32 Version: 5.0.0.2 - Coupons.com Incorporated) <==== ATTENTION
CouponBar (x32 Version: 5.0.0.5 - Coupons.com Incorporated) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
doubleTwist (x32 Version: 3.2.1.14961 - doubleTwist Corporation)
DVD Creator3 (x32 Version: 3.0.26.0323 - Xilisoft)
DVD Shrink 3.2 (x32 Version:  - DVD Shrink)
Enhanced Multimedia Keyboard Solution (x32 Version:  - )
F5 Networks VPN Client for Windows (x32 Version: 60.2010.0408.1513 - F5 Networks)
FrostWire 5.6.3 (x32 Version: 5.6.3.5 - FrostWire Team)
GoGear SA3MXX Device Manager (x32 Version: 0.1 - Philips) Hidden
Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
HTC Driver Installer (x32 Version: 3.0.0.007 - HTC Corporation)
ImgBurn (x32 Version: 2.5.1.0 - LIGHTNING UK!)
iTunes (Version: 11.0.1.12 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 33 (x32 Version: 6.0.330 - Oracle)
LightScribe System Software (x32 Version: 1.18.22.2 - LightScribe)
Logitech Harmony Remote Software (x32 Version: 1.0.110307 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 (x32 Version: 12.5.01200 - Nero AG)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.1000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.5001 - Nero AG) Hidden
Nero Burning ROM 10 (x32 Version: 10.5.10300 - Nero AG)
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurningROM 10 Help (CHM) (x32 Version: 10.5.10100 - Nero AG) Hidden
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.2.10600.0.6 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.17400.8.2 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.5002 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.10002 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.2001 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Drivers (Version: 1.7 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
RAR Password Cracker 4.12 (x32 Version:  - dnSoft Research Group)
RAR Password Recovery v1.1 RC16 (remove only) (x32 Version:  - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (x32 Version:  - Punk Software)
Soft Data Fax Modem with SmartCP (Version: 7.80.4.50 - Conexant Systems)
TomTom HOME (x32 Version: 2.9.3 - TomTom)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.)
TVersity Codec Pack 1.2 (x32 Version: 1.2 - TVersity Inc.)
TVersity Media Server 1.8 Beta (x32 Version: 1.8 Beta - TVersity)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB957242) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VLC media player 1.1.4 (x32 Version: 1.1.4 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (x32 Version: 2.6.4038.0 - Microsoft Corporation)
WinRAR archiver (Version:  - )
YouTube Downloader 2.7 (x32 Version:  - BienneSoft)
 
==================== Restore Points  =========================
 
02-01-2014 02:00:52 Scheduled Checkpoint
09-01-2014 06:00:09 Scheduled Checkpoint
17-01-2014 06:00:09 Scheduled Checkpoint
21-01-2014 01:22:17 Installed HiJackThis
26-01-2014 17:08:54 avast! antivirus system restore point
02-02-2014 03:20:43 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2010-04-30 13:56 - 00001798 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {07DBB9C5-8210-4938-A0F7-0AF05F27F46A} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-FONSECAFAMILY => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {2201A4AB-D2AD-47E9-9CF8-E201D0F50FE5} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx2-FONSECAFAMILY => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {3D80ED6B-D386-4F54-8F6A-AF073E317544} - System32\Tasks\{4BB66C92-FCFA-4709-80FF-A00D11202FBC} => C:\Program Files (x86)\AIM\aim.exe
Task: {4FCF694D-D402-463E-B60E-062EE402D28E} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {707239B5-4DE4-4F8B-B91D-6A43A4B42035} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {911134E7-E7F9-4AE2-B435-13A1D92B5E6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4201078045-3611494322-3505696443-1001UA => C:\Users\Fonseca Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01] (Google Inc.)
Task: {9DFA8D57-0637-4BC1-81C0-7C6323FCC58D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4201078045-3611494322-3505696443-1001Core => C:\Users\Fonseca Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01] (Google Inc.)
Task: {B9C76EFE-8A40-43E7-AF84-F2B88E8D7659} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-12-25] (AVAST Software)
Task: {C65B4353-2BED-449B-9B41-C2A1C61601D7} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-12-05] ()
Task: {D09D470F-FD15-4A8D-BC45-D38D06B39B30} - System32\Tasks\{F1984CCE-3EDA-4551-BDA2-6F0B97286ABC} => C:\Users\Fonseca Family\Downloads\sp37318.exe
Task: {D37C92DA-1D95-4E1E-8848-C5B21F1DDD69} - System32\Tasks\AdobeAAMUpdater-1.0-FonsecaFamily-Fonseca Family => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {EB9EFA91-D915-4422-A056-3A6FE1B6197B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F1A68C0C-D07C-4409-858A-ED89580FF9C8} - System32\Tasks\{92FAA2CA-02C4-4F8B-914A-237C134EFDC7} => C:\Users\Fonseca Family\Downloads\sp37318.exe
Task: {F1AB5242-69B5-49BF-B985-FA8DD0834462} - System32\Tasks\{0CDD1428-BD72-455B-9406-7B071B3DB0E2} => C:\Program Files (x86)\AIM\aim.exe
Task: {F53EAD3A-992D-4380-AEDE-10782DE5533D} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx3-FONSECAFAMILY => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201078045-3611494322-3505696443-1001Core.job => C:\Users\Fonseca Family\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201078045-3611494322-3505696443-1001UA.job => C:\Users\Fonseca Family\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-05 22:06 - 2013-12-03 20:48 - 04055504 _____ () C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 22:06 - 2013-12-03 20:48 - 00399312 _____ () C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 22:05 - 2013-12-03 20:47 - 01619408 _____ () C:\Users\Fonseca Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2014-01-20 18:57 - 2014-01-20 18:57 - 04591616 _____ () C:\Users\Fonseca Family\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-01-20 18:57 - 2014-01-20 18:57 - 00112128 _____ () C:\Users\Fonseca Family\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:7578EF04
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Faulty Device Manager Devices =============
 
Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/13/2014 00:32:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/12/2014 00:33:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/11/2014 11:05:44 PM) (Source: RasClient) (User: )
Description: CoId={CEFBBD01-5C95-4774-BDA8-B48C9DEBB57A}: The user FonsecaFamily\Fonseca Family dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (01/06/2014 00:32:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/05/2014 02:13:01 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1358
 
Start Time: 01cf0a5251cff548
 
Termination Time: 25
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (01/04/2014 00:32:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/02/2014 00:55:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/01/2014 02:56:59 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c24
 
Start Time: 01cf06cf44983380
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (01/01/2014 02:12:15 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fd8
 
Start Time: 01cf06c8f334d710
 
Termination Time: 31
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (12/31/2013 01:26:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (02/01/2014 09:28:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 09:28:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 09:28:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 09:28:34 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
 
Error: (02/01/2014 09:28:34 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (02/01/2014 09:27:07 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 09:27:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 09:27:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 09:27:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (02/01/2014 09:27:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (07/05/2011 04:20:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/03/2011 02:23:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/03/2011 02:22:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2010-08-13 16:28:34.055
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Komku\usb_prep8\vdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-13 16:28:34.047
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Komku\usb_prep8\vdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-13 16:28:34.000
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Komku\usb_prep8\vdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-13 16:28:33.992
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Komku\usb_prep8\vdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-13 16:22:12.041
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Komku\usb_prep8\vdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-13 16:22:12.033
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Komku\usb_prep8\vdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-13 16:22:11.985
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Komku\usb_prep8\vdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-13 16:22:11.975
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Komku\usb_prep8\vdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-13 16:16:55.929
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Komku\usb_prep8\vdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-08-13 16:16:55.921
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Komku\usb_prep8\vdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 2942.46 MB
Available physical RAM: 1817.83 MB
Total Pagefile: 5883.06 MB
Available Pagefile: 4762.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:25.44 GB) NTFS
Drive d: (CD226A1) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive j: () (Removable) (Total:14.83 GB) (Free:5.02 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 907DA0A5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
 
==================== End Of Log ============================


#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:08 PM

Posted 02 February 2014 - 02:31 PM

Dcalc,

I would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

 
In your next post I need the following:

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 Dcalc

Dcalc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 07 February 2014 - 10:27 PM

It still appears to be doing the same thing where after full startup the internet connection ceases.
 
Thank you for your assistance
 
 
 
 
ComboFix 14-02-05.02 - Fonseca Family 02/07/2014  20:57:43.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2942.1762 [GMT -6:00]
Running from: c:\users\Fonseca Family\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\uninstaller.exe
c:\users\Fonseca Family\ia_remove.sh4065.tmp
c:\users\Fonseca Family\ia_remove.sh6291.tmp
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
-------\Service_Updater Service for StartNow Toolbar
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-08 to 2014-02-08  )))))))))))))))))))))))))))))))
.
.
2014-02-08 03:10 . 2014-02-08 03:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-08 03:10 . 2014-02-08 03:10 -------- d-----w- c:\users\Mcx3-FONSECAFAMILY\AppData\Local\temp
2014-02-08 03:10 . 2014-02-08 03:10 -------- d-----w- c:\users\Mcx2-FONSECAFAMILY\AppData\Local\temp
2014-02-02 03:28 . 2014-02-02 03:40 -------- d-----w- C:\FRST
2014-01-21 01:52 . 2014-01-21 01:52 -------- d-----w- c:\users\Fonseca Family\AppData\Local\Programs
2014-01-21 01:23 . 2014-01-21 01:23 388096 ----a-r- c:\users\Fonseca Family\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-21 01:23 . 2014-01-21 01:23 -------- d-----w- c:\program files (x86)\Trend Micro
2014-01-12 17:30 . 2014-01-12 17:30 -------- d-----w- C:\NVIDIA
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-08 02:45 . 2013-12-25 23:00 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-08 02:45 . 2011-05-23 18:59 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-08 02:45 . 2011-01-14 18:17 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-08 02:45 . 2010-01-27 00:01 421704 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-02-08 02:45 . 2010-01-27 00:01 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-08 02:45 . 2010-06-29 22:20 43152 ----a-w- c:\windows\avastSS.scr
2014-02-08 02:45 . 2012-04-08 10:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-08 02:45 . 2012-04-08 10:41 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-25 22:59 . 2013-03-02 19:50 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-15 22:57 . 2010-08-11 17:39 82896128 ----a-w- c:\windows\system32\MRT.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-05-06 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2010-05-06 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-06 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-06 03:47 1520840 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-10-13 2701752]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-06 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-12-05 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2014-02-08 3767096]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-06-27 380416]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-06 1573576]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-02-08 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys;c:\windows\SYSNATIVE\drivers\urfltv64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 F5 Networks Component Installer;F5 Networks Component Installer;c:\windows\SysWOW64\F5InstallerService.exe;c:\windows\SysWOW64\F5InstallerService.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys;c:\windows\SYSNATIVE\DRIVERS\covpnv64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 17:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 02:45]
.
2014-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201078045-3611494322-3505696443-1001Core.job
- c:\users\Fonseca Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 22:09]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201078045-3611494322-3505696443-1001UA.job
- c:\users\Fonseca Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 22:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-08 02:45 287280 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://search.coupons.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mhhs.org
Trusted Zone: newphysicianlink.org
TCP: DhcpNameServer = 192.168.0.1
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://activestaffer.mhhs.org/myActiveStaffer/MsrsReportProcess.aspx?apirs:Command=GetRSClientPrintCab
DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} - hxxps://insite.mhhs.org/MHHS_Portal_Login_09.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo Layers\YontooIEClient.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\users\Fonseca Family\AppData\Local\TVersity\Media Server\MediaServer.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-02-07  21:20:54 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-08 03:20
.
Pre-Run: 26,485,886,976 bytes free
Post-Run: 26,762,072,064 bytes free
.
- - End Of File - - F1E51B85A9718803B148D1B2FDD24A0F
A36C5E4F47E84449FF07ED3517B43A31


#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:08 PM

Posted 08 February 2014 - 09:26 AM

Dcalc,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
3. Save this file in the same location as ComboFix.exe: Attached File  CFScript.txt   303bytes   0 downloads


CFScriptB-4.gif

4. Referring to the picture above, drag CFScript into ComboFix.exe

5. When finished, it shall produce a log for you at C:\ComboFix.txt Please post this log in your next reply.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:08 PM

Posted 13 February 2014 - 12:19 AM

Dcalc,
 
It has been five days since my last post. Do you still need help?

If you do, please follow my previous instructions. 
:thumbup2:


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:08 PM

Posted 18 February 2014 - 09:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users