Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help fixing - EXP/CVE; JAVA/Dldr; TR/ATRAPS;TR/ZAcess.H; ADWARE


  • This topic is locked This topic is locked
22 replies to this topic

#1 keeperlynn

keeperlynn

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 26 January 2014 - 12:23 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.51.2
Run by Amber Claycomb at 10:08:12 on 2014-01-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1334 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Users\Amber Claycomb\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\mmc.exe
C:\windows\system32\mmc.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Amber Claycomb\AppData\Local\DownloadTerms\temp.dat
BHO: SaveAs: {44824101-D354-21E2-709A-FBC2DF8FC96F} - C:\ProgramData\SaveAs\50fcbb2805e3a.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Facebook Update] "C:\Users\Amber Claycomb\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\windows\System32\config\systemprofile\AppData\Roaming\SearchProtect"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{1536D189-EA51-4156-9B17-601DD642974C} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{1536D189-EA51-4156-9B17-601DD642974C}\14C434642534349303 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{1536D189-EA51-4156-9B17-601DD642974C}\35368696E64656C6560284F6D656 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
x64-Run: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-6-23 55856]
R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2013-5-26 28600]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-5-26 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-5-26 440376]
R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2013-5-26 108440]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-5-12 35008]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-1-24 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-5-12 239136]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192Ce.sys [2011-5-12 877088]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-1-24 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
.
=============== Created Last 30 ================
.
2014-01-26 16:59:39 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2014-01-26 00:49:44 -------- d-----w- C:\windows\Migration
2014-01-24 13:20:27 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2014-01-24 13:19:00 3072 ----a-w- C:\windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-01-24 13:19:00 15360 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2014-01-24 13:19:00 13312 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-24 13:19:00 13312 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-24 13:16:22 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2014-01-24 13:16:22 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2014-01-24 13:16:22 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2014-01-24 13:16:22 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2014-01-24 13:16:21 744448 ----a-w- C:\windows\System32\WUDFx.dll
2014-01-24 13:16:21 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2014-01-24 13:16:21 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2014-01-24 13:02:05 335360 ----a-w- C:\windows\System32\msieftp.dll
2014-01-24 13:02:05 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2014-01-24 13:02:05 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys
2014-01-24 13:02:04 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-01-24 13:02:04 366592 ----a-w- C:\windows\System32\qdvd.dll
2014-01-24 13:02:03 503808 ----a-w- C:\windows\System32\srcore.dll
2014-01-24 13:02:02 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2014-01-24 13:00:41 46592 ----a-w- C:\windows\SysWow64\fpb.rs
2014-01-24 12:59:58 327168 ----a-w- C:\windows\System32\mswsock.dll
2014-01-24 12:58:10 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2014-01-24 12:58:07 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2014-01-24 12:58:07 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2014-01-24 12:58:07 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2014-01-24 12:58:07 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2014-01-24 12:58:07 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2014-01-24 12:58:07 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2014-01-24 12:58:07 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2014-01-24 12:58:01 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
2014-01-24 12:58:01 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
2014-01-24 12:58:00 81408 ----a-w- C:\windows\System32\imagehlp.dll
2014-01-24 12:58:00 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2014-01-24 12:53:47 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-01-24 02:06:11 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-24 01:53:12 -------- d-----w- C:\ProgramData\Oracle
2014-01-23 01:53:06 -------- d-----w- C:\Users\Amber Claycomb\AppData\Local\SearchProtect
.
==================== Find3M  ====================
.
2014-01-24 00:21:40 84720 ----a-w- C:\windows\System32\drivers\avnetflt.sys
2014-01-24 00:21:40 28600 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2014-01-24 00:21:39 108440 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2014-01-23 03:03:51 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-23 03:03:51 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 11:40:00 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-10-14 13:13:14 50053120 ----a-w- C:\Program Files (x86)\GUT11EB.tmp
.
============= FINISH: 10:09:13.18 ===============
 
 
 
 
 
 
 
 
.
 

Attached Files


Edited by keeperlynn, 26 January 2014 - 01:02 PM.


BC AdBot (Login to Remove)

 


m

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 26 January 2014 - 08:20 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 keeperlynn

keeperlynn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 31 January 2014 - 03:10 PM

hello, thank you. I am ready to start. 



#4 keeperlynn

keeperlynn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 31 January 2014 - 03:24 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Amber Claycomb (administrator) on AMBERCLAYCOMB on 31-01-2014 13:14:21
Running from C:\Users\Amber Claycomb\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(CA, Inc.) C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Facebook Inc.) C:\Users\Amber Claycomb\AppData\Local\Facebook\Update\FacebookUpdate.exe
() C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [x]
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Amber Claycomb\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKCU\...\Run: [ComcastAntispyClient] - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe [1589208 2009-08-19] ()
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {0e0cca46-9e7b-11e0-a578-e89a8f2ba295} - E:\setup.exe -a
MountPoints2: {83b3fa3a-cabf-11e1-bed7-e89a8f2ba295} - "E:\WD SmartWare.exe" autoplay=true
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {2E0DE170-F4CE-4A18-B71C-8C809AFE2E8D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279411&CUI=UN10098222178872283&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKCU - {BDA0E9A7-46B9-41C3-B29B-3713F8A374B4} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Amber Claycomb\AppData\Local\DownloadTerms\temp.dat ()
BHO-x32: SaveAs - {44824101-D354-21E2-709A-FBC2DF8FC96F} - C:\ProgramData\SaveAs\50fcbb2805e3a.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
 
Chrome: 
=======
CHR Extension: (Vafmusic2) - C:\Users\Amber Claycomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko [2013-05-26]
CHR Extension: (MixiDJ V5) - C:\Users\Amber Claycomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdepacjoijebcfaaenjicnejghibmebp [2013-03-26]
CHR Extension: (Google Wallet) - C:\Users\Amber Claycomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR HKCU\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\Amber Claycomb\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-05-13]
CHR HKCU\...\Chrome\Extension: [fdepacjoijebcfaaenjicnejghibmebp] - C:\Users\Amber Claycomb\AppData\Local\CRE\fdepacjoijebcfaaenjicnejghibmebp.crx [2013-03-24]
CHR HKCU\...\Chrome\Extension: [ggamifejnddpoocdmadhjdbgaijnphdi] - C:\Users\Amber Claycomb\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\Amber Claycomb\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [fdepacjoijebcfaaenjicnejghibmebp] - C:\Users\Amber Claycomb\AppData\Local\CRE\fdepacjoijebcfaaenjicnejghibmebp.crx [2013-03-24]
CHR HKLM-x32\...\Chrome\Extension: [ggamifejnddpoocdmadhjdbgaijnphdi] - C:\Users\Amber Claycomb\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx [2013-08-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-23] (Avira Operations GmbH & Co. KG)
R2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-23] (Avira Operations GmbH & Co. KG)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-31 13:14 - 2014-01-31 13:14 - 00016823 _____ C:\Users\Amber Claycomb\Downloads\FRST.txt
2014-01-31 13:13 - 2014-01-31 13:14 - 00000000 ____D C:\FRST
2014-01-31 13:12 - 2014-01-31 13:12 - 02079744 _____ (Farbar) C:\Users\Amber Claycomb\Downloads\FRST64.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 01137152 _____ (Farbar) C:\Users\Amber Claycomb\Downloads\FRST.exe
2014-01-26 17:46 - 2014-01-26 17:46 - 00023616 _____ C:\Users\Amber Claycomb\Desktop\AVSCAN-20140126-153354-5E3B391D.LOG
2014-01-26 15:30 - 2014-01-26 15:30 - 00000000 ____D C:\windows\SysWOW64\syncdb
2014-01-26 14:12 - 2014-01-26 14:12 - 00011334 _____ C:\Users\Amber Claycomb\Downloads\attach (2).txt
2014-01-26 11:05 - 2014-01-26 11:05 - 00011334 _____ C:\Users\Amber Claycomb\Downloads\attach (1).txt
2014-01-26 11:02 - 2014-01-26 11:02 - 00011334 _____ C:\Users\Amber Claycomb\Downloads\attach.txt
2014-01-26 09:59 - 2014-01-26 09:59 - 00000000 ____D C:\Program Files (x86)\Intel Corporation
2014-01-26 09:54 - 2014-01-26 09:54 - 02530816 _____ C:\Users\Amber Claycomb\Downloads\pidenu36.msi
2014-01-26 08:19 - 2014-01-31 13:06 - 00011415 _____ C:\windows\IE11_main.log
2014-01-25 17:44 - 2013-10-24 23:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-01-25 17:44 - 2013-10-24 23:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-01-25 17:44 - 2013-10-24 23:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-01-25 17:44 - 2013-10-24 23:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-01-25 17:44 - 2013-10-24 23:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-01-25 17:44 - 2013-10-24 23:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-01-25 17:44 - 2013-10-24 23:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-01-25 17:44 - 2013-10-24 23:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-01-25 17:44 - 2013-10-24 23:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-01-25 17:44 - 2013-10-24 23:17 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-01-25 17:44 - 2013-10-24 23:17 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-01-25 17:44 - 2013-10-24 23:17 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-01-25 17:44 - 2013-10-24 23:17 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-01-25 17:44 - 2013-10-24 23:17 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-01-25 17:44 - 2013-10-24 21:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-01-25 17:44 - 2013-10-24 21:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-01-25 17:44 - 2013-10-24 21:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-01-25 17:44 - 2013-10-24 21:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-01-25 17:44 - 2013-10-24 21:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-01-25 17:44 - 2013-10-24 21:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-01-25 17:44 - 2013-10-24 21:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-01-25 17:44 - 2013-10-24 21:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-01-25 17:44 - 2013-10-24 21:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-01-25 17:44 - 2013-10-24 21:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-01-25 17:44 - 2013-10-24 21:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-01-25 17:44 - 2013-10-24 21:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-01-25 17:44 - 2013-10-24 21:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-01-25 17:44 - 2013-10-24 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-01-25 17:44 - 2013-10-24 20:41 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-01-25 17:44 - 2013-10-24 20:17 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-01-25 17:44 - 2013-10-24 19:49 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-25 17:42 - 2014-01-26 21:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-25 17:42 - 2014-01-26 21:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-24 06:19 - 2012-08-23 06:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-24 06:19 - 2012-08-23 06:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-24 06:19 - 2012-08-23 06:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-01-24 06:18 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-01-24 06:18 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-01-24 06:18 - 2012-08-23 07:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-01-24 06:18 - 2012-08-23 06:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-01-24 06:18 - 2012-08-23 06:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-01-24 06:18 - 2012-08-23 06:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-01-24 06:18 - 2012-08-23 06:18 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-01-24 06:18 - 2012-08-23 06:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-01-24 06:18 - 2012-08-23 06:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-01-24 06:18 - 2012-08-23 05:52 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-01-24 06:18 - 2012-08-23 04:20 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-01-24 06:18 - 2012-08-23 04:15 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-01-24 06:18 - 2012-08-23 04:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-01-24 06:18 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-01-24 06:18 - 2012-08-23 03:54 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-01-24 06:18 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-01-24 06:18 - 2012-08-23 03:39 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-01-24 06:18 - 2012-08-23 03:22 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-01-24 06:18 - 2012-08-23 02:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-01-24 06:18 - 2012-08-23 01:19 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-01-24 06:18 - 2012-08-23 01:13 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-01-24 06:16 - 2012-07-25 20:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
2014-01-24 06:16 - 2012-07-25 20:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2014-01-24 06:16 - 2012-07-25 20:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2014-01-24 06:16 - 2012-07-25 20:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2014-01-24 06:16 - 2012-07-25 20:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
2014-01-24 06:16 - 2012-07-25 19:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2014-01-24 06:16 - 2012-07-25 19:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2014-01-24 06:16 - 2012-06-02 07:57 - 00000003 _____ C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-01-24 06:02 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-01-24 06:02 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-01-24 06:02 - 2013-01-23 23:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-01-24 06:02 - 2012-05-05 01:36 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2014-01-24 06:02 - 2012-05-05 00:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2014-01-24 06:02 - 2012-05-04 04:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-01-24 06:02 - 2012-05-04 02:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-01-24 06:01 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-01-24 06:01 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-01-24 06:01 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-01-24 06:01 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-01-24 06:01 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2014-01-24 06:01 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-01-24 06:01 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2014-01-24 06:01 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-01-24 06:01 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-01-24 06:01 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-01-24 06:01 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2014-01-24 06:01 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-01-24 06:01 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2014-01-24 06:01 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-01-24 06:01 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-01-24 06:01 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-01-24 06:01 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-01-24 06:01 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2014-01-24 06:01 - 2013-04-17 00:02 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-01-24 06:01 - 2013-04-16 23:24 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-01-24 06:01 - 2013-03-18 22:53 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-01-24 06:01 - 2013-03-18 22:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2014-01-24 06:01 - 2012-11-29 16:17 - 00420064 _____ C:\windows\SysWOW64\locale.nls
2014-01-24 06:01 - 2012-11-29 16:15 - 00420064 _____ C:\windows\system32\locale.nls
2014-01-24 06:01 - 2012-10-09 11:17 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2014-01-24 06:01 - 2012-10-09 11:17 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2014-01-24 06:01 - 2012-10-09 10:40 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2014-01-24 06:01 - 2012-10-09 10:40 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2014-01-24 06:01 - 2012-08-21 14:01 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
2014-01-24 06:01 - 2012-01-04 03:44 - 00509952 _____ (Microsoft Corporation) C:\windows\system32\ntshrui.dll
2014-01-24 06:01 - 2012-01-04 01:58 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntshrui.dll
2014-01-24 06:01 - 2011-05-03 22:25 - 02315776 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2014-01-24 06:01 - 2011-05-03 22:22 - 02223616 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2014-01-24 06:01 - 2011-05-03 22:22 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2014-01-24 06:01 - 2011-05-03 22:22 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2014-01-24 06:01 - 2011-05-03 22:22 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2014-01-24 06:01 - 2011-05-03 22:22 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2014-01-24 06:01 - 2011-05-03 22:19 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2014-01-24 06:01 - 2011-05-03 22:19 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2014-01-24 06:01 - 2011-05-03 22:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2014-01-24 06:01 - 2011-05-03 21:34 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2014-01-24 06:01 - 2011-05-03 21:32 - 01401344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2014-01-24 06:01 - 2011-05-03 21:32 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2014-01-24 06:01 - 2011-05-03 21:32 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2014-01-24 06:01 - 2011-05-03 21:32 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2014-01-24 06:01 - 2011-05-03 21:32 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2014-01-24 06:01 - 2011-05-03 21:28 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2014-01-24 06:01 - 2011-05-03 21:28 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2014-01-24 06:01 - 2011-05-03 21:28 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2014-01-24 06:00 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-24 06:00 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-01-24 06:00 - 2013-04-25 16:30 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-01-24 06:00 - 2013-03-31 15:52 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-01-24 06:00 - 2012-12-07 06:20 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2014-01-24 06:00 - 2012-12-07 06:15 - 02746368 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
2014-01-24 06:00 - 2012-12-07 05:26 - 00308736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wpc.dll
2014-01-24 06:00 - 2012-12-07 05:20 - 02576384 _____ (Microsoft Corporation) C:\windows\SysWOW64\gameux.dll
2014-01-24 06:00 - 2012-12-07 04:20 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
2014-01-24 06:00 - 2012-12-07 04:20 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
2014-01-24 06:00 - 2012-12-07 04:20 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
2014-01-24 06:00 - 2012-12-07 04:20 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
2014-01-24 06:00 - 2012-12-07 04:20 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
2014-01-24 06:00 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
2014-01-24 06:00 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
2014-01-24 06:00 - 2012-12-07 04:19 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
2014-01-24 06:00 - 2012-12-07 04:19 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
2014-01-24 06:00 - 2012-12-07 04:19 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
2014-01-24 06:00 - 2012-12-07 04:19 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
2014-01-24 06:00 - 2012-12-07 04:19 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
2014-01-24 06:00 - 2012-12-07 04:19 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
2014-01-24 06:00 - 2012-12-07 04:19 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00055296 _____ (Microsoft) C:\windows\SysWOW64\cero.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00051712 _____ (Microsoft) C:\windows\SysWOW64\esrb.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00046592 _____ (Microsoft) C:\windows\SysWOW64\fpb.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00045568 _____ (Microsoft) C:\windows\SysWOW64\oflc-nz.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00044544 _____ (Microsoft) C:\windows\SysWOW64\pegibbfc.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00043520 _____ (Microsoft) C:\windows\SysWOW64\csrr.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00040960 _____ (Microsoft) C:\windows\SysWOW64\cob-au.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00030720 _____ (Microsoft) C:\windows\SysWOW64\usk.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00023552 _____ (Microsoft) C:\windows\SysWOW64\oflc.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00021504 _____ (Microsoft) C:\windows\SysWOW64\grb.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-pt.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi-fi.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\windows\SysWOW64\pegi.rs
2014-01-24 06:00 - 2012-12-07 03:46 - 00015360 _____ (Microsoft) C:\windows\SysWOW64\djctq.rs
2014-01-24 06:00 - 2012-10-03 10:44 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2014-01-24 06:00 - 2012-10-03 10:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2014-01-24 06:00 - 2012-10-03 10:44 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2014-01-24 06:00 - 2012-10-03 10:44 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2014-01-24 06:00 - 2012-10-03 10:44 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
2014-01-24 06:00 - 2012-10-03 10:42 - 00569344 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-01-24 06:00 - 2012-10-03 09:42 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2014-01-24 06:00 - 2012-10-03 09:42 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2014-01-24 06:00 - 2012-10-03 09:42 - 00018944 _____ (Microsoft Corporation) C:\windows\SysWOW64\netevent.dll
2014-01-24 06:00 - 2012-10-03 09:07 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2014-01-24 06:00 - 2012-01-13 00:12 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2014-01-24 06:00 - 2011-03-10 23:41 - 00410496 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys
2014-01-24 06:00 - 2011-03-10 23:41 - 00189824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-01-24 06:00 - 2011-03-10 23:41 - 00166272 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys
2014-01-24 06:00 - 2011-03-10 23:41 - 00148352 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys
2014-01-24 06:00 - 2011-03-10 23:41 - 00107904 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys
2014-01-24 06:00 - 2011-03-10 23:41 - 00027008 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys
2014-01-24 06:00 - 2011-03-10 23:33 - 02565632 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
2014-01-24 06:00 - 2011-03-10 23:30 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\fsutil.exe
2014-01-24 06:00 - 2011-03-10 22:33 - 01699328 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
2014-01-24 06:00 - 2011-03-10 22:31 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\fsutil.exe
2014-01-24 06:00 - 2011-03-10 21:37 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2014-01-24 05:59 - 2013-11-11 19:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-01-24 05:59 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-01-24 05:59 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-01-24 05:59 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-01-24 05:59 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2014-01-24 05:59 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2014-01-24 05:59 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-01-24 05:59 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2014-01-24 05:59 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-01-24 05:59 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2014-01-24 05:59 - 2013-09-24 19:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-01-24 05:59 - 2013-09-24 19:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-01-24 05:59 - 2013-09-24 19:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-01-24 05:59 - 2013-09-24 19:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-01-24 05:59 - 2013-09-24 19:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-01-24 05:59 - 2013-09-24 19:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-01-24 05:59 - 2013-09-24 19:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-01-24 05:59 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-01-24 05:59 - 2013-09-24 18:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-01-24 05:59 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-01-24 05:59 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-01-24 05:59 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-01-24 05:59 - 2013-09-24 18:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-01-24 05:59 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2014-01-24 05:59 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2014-01-24 05:59 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2014-01-24 05:59 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-01-24 05:59 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-01-24 05:59 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-01-24 05:59 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-01-24 05:59 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-01-24 05:59 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2014-01-24 05:59 - 2013-05-09 22:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-01-24 05:59 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-01-24 05:59 - 2012-11-21 22:44 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-01-24 05:59 - 2012-11-21 21:45 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-01-24 05:59 - 2012-08-22 11:12 - 00950128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-01-24 05:59 - 2012-07-04 13:26 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
2014-01-24 05:59 - 2012-04-30 22:40 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-01-24 05:59 - 2012-04-07 05:31 - 03216384 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-01-24 05:59 - 2012-04-07 04:26 - 02342400 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-01-24 05:59 - 2011-12-29 23:26 - 00515584 _____ (Microsoft Corporation) C:\windows\system32\timedate.cpl
2014-01-24 05:59 - 2011-12-29 22:27 - 00478720 _____ (Microsoft Corporation) C:\windows\SysWOW64\timedate.cpl
2014-01-24 05:59 - 2011-04-22 15:15 - 00027520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-01-24 05:59 - 2011-02-18 03:51 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\prevhost.exe
2014-01-24 05:59 - 2011-02-17 22:39 - 00031232 _____ (Microsoft Corporation) C:\windows\SysWOW64\prevhost.exe
2014-01-24 05:58 - 2013-11-26 18:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-24 05:58 - 2013-11-26 18:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-24 05:58 - 2013-11-26 18:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-24 05:58 - 2013-11-26 18:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-24 05:58 - 2013-11-26 18:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-24 05:58 - 2013-11-26 18:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-24 05:58 - 2013-11-26 18:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-24 05:58 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-01-24 05:58 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-01-24 05:58 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2014-01-24 05:58 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-01-24 05:58 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-01-24 05:53 - 2013-11-26 03:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-24 05:50 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-01-24 05:50 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-01-24 05:50 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-01-24 05:50 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-01-24 05:50 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-01-24 05:50 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-01-24 05:50 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-01-24 05:50 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-01-24 05:50 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-01-24 05:50 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-01-24 05:50 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-01-24 05:50 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-01-24 05:50 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-01-24 05:50 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-01-24 05:50 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-01-23 19:41 - 2014-01-23 19:41 - 00017970 _____ C:\Users\Amber Claycomb\Desktop\AVSCAN-20140123-193523-4A67DE0A.LOG
2014-01-23 19:08 - 2014-01-23 19:08 - 00000671 _____ C:\Users\Amber Claycomb\Desktop\java.txt
2014-01-23 19:06 - 2014-01-23 19:06 - 00000000 ____D C:\ProgramData\Sun
2014-01-23 19:06 - 2014-01-23 19:05 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-23 19:06 - 2014-01-23 19:05 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-23 19:06 - 2014-01-23 19:05 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-23 19:06 - 2014-01-23 19:05 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-23 19:05 - 2014-01-23 19:05 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-23 18:53 - 2014-01-23 19:06 - 00000000 ____D C:\ProgramData\Oracle
2014-01-23 18:17 - 2014-01-23 18:18 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2014-01-23 18:12 - 2014-01-23 18:12 - 00982016 _____ (Farbar) C:\Users\Amber Claycomb\Downloads\MiniToolBox.exe
2014-01-23 18:08 - 2014-01-23 19:11 - 00002499 _____ C:\Users\Amber Claycomb\Desktop\FSS.txt
2014-01-22 18:58 - 2014-01-22 18:58 - 00003330 _____ C:\windows\System32\Tasks\4782
2014-01-22 18:58 - 2014-01-22 18:58 - 00003228 _____ C:\windows\System32\Tasks\0
2014-01-22 18:53 - 2014-01-22 18:53 - 00000000 ____D C:\Users\Amber Claycomb\AppData\Local\SearchProtect
 
==================== One Month Modified Files and Folders =======
 
2014-01-31 13:14 - 2014-01-31 13:14 - 00016823 _____ C:\Users\Amber Claycomb\Downloads\FRST.txt
2014-01-31 13:14 - 2014-01-31 13:13 - 00000000 ____D C:\FRST
2014-01-31 13:12 - 2014-01-31 13:12 - 02079744 _____ (Farbar) C:\Users\Amber Claycomb\Downloads\FRST64.exe
2014-01-31 13:12 - 2014-01-31 13:12 - 01137152 _____ (Farbar) C:\Users\Amber Claycomb\Downloads\FRST.exe
2014-01-31 13:12 - 2010-10-14 21:04 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 13:12 - 2009-07-13 21:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 13:12 - 2009-07-13 21:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 13:08 - 2011-05-12 04:39 - 01215524 _____ C:\windows\WindowsUpdate.log
2014-01-31 13:07 - 2012-01-05 01:18 - 00003982 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{057D8657-1393-456A-BF14-D2521387FA5B}
2014-01-31 13:06 - 2014-01-26 08:19 - 00011415 _____ C:\windows\IE11_main.log
2014-01-31 13:04 - 2013-01-20 20:28 - 00000382 ____H C:\windows\Tasks\{DFA2991D-7F2A-4E37-A734-E9BF6F1AD58A}.job
2014-01-31 13:03 - 2012-04-06 07:47 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 13:03 - 2011-10-11 11:52 - 00000964 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035910926-2905071289-103245942-1001UA.job
2014-01-31 13:03 - 2011-10-11 11:52 - 00000942 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035910926-2905071289-103245942-1001Core.job
2014-01-31 13:03 - 2010-10-14 21:04 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 21:02 - 2014-01-25 17:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-26 21:02 - 2014-01-25 17:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-26 21:02 - 2010-10-14 21:32 - 01378088 _____ C:\windows\PFRO.log
2014-01-26 21:02 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-26 21:02 - 2009-07-13 21:51 - 00147116 _____ C:\windows\setupact.log
2014-01-26 21:02 - 2009-07-13 21:45 - 00432480 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-26 20:16 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2014-01-26 17:53 - 2011-06-01 16:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-26 17:53 - 2009-07-13 19:34 - 00000513 _____ C:\windows\win.ini
2014-01-26 17:46 - 2014-01-26 17:46 - 00023616 _____ C:\Users\Amber Claycomb\Desktop\AVSCAN-20140126-153354-5E3B391D.LOG
2014-01-26 17:40 - 2011-07-19 21:35 - 00000000 ____D C:\Users\Amber Claycomb\AppData\Local\Microsoft Games
2014-01-26 17:35 - 2011-06-01 15:52 - 00116320 _____ C:\Users\Amber Claycomb\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-26 15:32 - 2010-10-14 20:57 - 00000000 ____D C:\ProgramData\Adobe
2014-01-26 15:31 - 2010-10-14 20:57 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-26 15:30 - 2014-01-26 15:30 - 00000000 ____D C:\windows\SysWOW64\syncdb
2014-01-26 15:21 - 2011-06-01 15:52 - 00000000 ____D C:\Users\Amber Claycomb\AppData\Roaming\Adobe
2014-01-26 14:12 - 2014-01-26 14:12 - 00011334 _____ C:\Users\Amber Claycomb\Downloads\attach (2).txt
2014-01-26 14:02 - 2009-07-13 22:13 - 00782578 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-26 11:05 - 2014-01-26 11:05 - 00011334 _____ C:\Users\Amber Claycomb\Downloads\attach (1).txt
2014-01-26 11:02 - 2014-01-26 11:02 - 00011334 _____ C:\Users\Amber Claycomb\Downloads\attach.txt
2014-01-26 09:59 - 2014-01-26 09:59 - 00000000 ____D C:\Program Files (x86)\Intel Corporation
2014-01-26 09:54 - 2014-01-26 09:54 - 02530816 _____ C:\Users\Amber Claycomb\Downloads\pidenu36.msi
2014-01-25 18:04 - 2009-07-13 20:20 - 00000000 ____D C:\windows\PolicyDefinitions
2014-01-25 17:51 - 2013-03-26 08:40 - 00768462 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-24 06:06 - 2013-07-21 19:33 - 00000000 ____D C:\windows\system32\MRT
2014-01-24 05:44 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2014-01-23 19:48 - 2011-06-01 15:51 - 00000000 ____D C:\Users\Amber Claycomb\AppData\Local\Google
2014-01-23 19:41 - 2014-01-23 19:41 - 00017970 _____ C:\Users\Amber Claycomb\Desktop\AVSCAN-20140123-193523-4A67DE0A.LOG
2014-01-23 19:25 - 2010-10-14 21:04 - 00000000 ____D C:\Program Files\Google
2014-01-23 19:25 - 2010-10-14 21:04 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-23 19:11 - 2014-01-23 18:08 - 00002499 _____ C:\Users\Amber Claycomb\Desktop\FSS.txt
2014-01-23 19:08 - 2014-01-23 19:08 - 00000671 _____ C:\Users\Amber Claycomb\Desktop\java.txt
2014-01-23 19:06 - 2014-01-23 19:06 - 00000000 ____D C:\ProgramData\Sun
2014-01-23 19:06 - 2014-01-23 18:53 - 00000000 ____D C:\ProgramData\Oracle
2014-01-23 19:05 - 2014-01-23 19:06 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-23 19:05 - 2014-01-23 19:06 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-23 19:05 - 2014-01-23 19:06 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-23 19:05 - 2014-01-23 19:06 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-23 19:05 - 2014-01-23 19:05 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-23 18:18 - 2014-01-23 18:17 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2014-01-23 18:12 - 2014-01-23 18:12 - 00982016 _____ (Farbar) C:\Users\Amber Claycomb\Downloads\MiniToolBox.exe
2014-01-23 17:21 - 2013-05-26 14:56 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-01-23 17:21 - 2013-05-26 14:55 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-01-23 17:21 - 2013-05-26 14:55 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-01-23 17:21 - 2013-05-26 14:55 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-01-23 04:31 - 2013-08-25 18:50 - 00000000 ____D C:\Users\Amber Claycomb\AppData\Roaming\SearchProtect
2014-01-23 04:31 - 2013-08-25 18:50 - 00000000 ____D C:\Users\Amber Claycomb\AppData\Roaming\PerformerSoft
2014-01-23 04:31 - 2013-08-25 17:54 - 00000000 ____D C:\Users\Amber Claycomb\AppData\Roaming\Systweak
2014-01-23 04:31 - 2013-08-14 11:42 - 00000000 ____D C:\Program Files (x86)\Web Layers
2014-01-23 04:31 - 2013-01-20 20:28 - 00000000 ____D C:\ProgramData\BetterSoft
2014-01-23 04:31 - 2013-01-20 20:27 - 00000000 ____D C:\ProgramData\SaveAs
2014-01-23 04:31 - 2013-01-20 20:27 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-22 20:58 - 2013-08-25 18:50 - 00003118 _____ C:\windows\System32\Tasks\PC Performer
2014-01-22 20:58 - 2013-08-25 17:54 - 00003108 _____ C:\windows\System32\Tasks\RegClean Pro
2014-01-22 20:03 - 2012-04-06 07:47 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-22 20:03 - 2012-04-06 07:47 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-22 20:03 - 2011-06-09 07:55 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-22 19:09 - 2013-05-09 11:18 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-22 19:09 - 2011-06-01 15:49 - 00000000 ___RD C:\Users\Amber Claycomb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-22 19:03 - 2011-12-07 20:03 - 00000000 ____D C:\ProgramData\Skype
2014-01-22 19:02 - 2011-12-07 20:03 - 00000000 ____D C:\Users\Amber Claycomb\AppData\Roaming\Skype
2014-01-22 19:01 - 2010-10-14 20:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-22 18:58 - 2014-01-22 18:58 - 00003330 _____ C:\windows\System32\Tasks\4782
2014-01-22 18:58 - 2014-01-22 18:58 - 00003228 _____ C:\windows\System32\Tasks\0
2014-01-22 18:56 - 2012-01-30 20:01 - 00000000 ____D C:\ProgramData\Yahoo!
2014-01-22 18:55 - 2010-10-14 21:04 - 00003908 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-22 18:55 - 2010-10-14 21:04 - 00003656 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-22 18:53 - 2014-01-22 18:53 - 00000000 ____D C:\Users\Amber Claycomb\AppData\Local\SearchProtect
2014-01-22 18:53 - 2013-01-20 20:28 - 00000002 _____ C:\END
2014-01-22 18:52 - 2013-01-20 20:28 - 00000000 ____D C:\Users\Amber Claycomb\AppData\Local\Conduit
2014-01-06 16:20 - 2011-06-17 13:06 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
Files to move or delete:
====================
C:\Windows\Tasks\{DFA2991D-7F2A-4E37-A734-E9BF6F1AD58A}.job
 
 
Some content of TEMP:
====================
C:\Users\Amber Claycomb\AppData\Local\Temp\6_Offer_19.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\air2D84.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\air2E32.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\airA1BA.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\airFCE5.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\AskSLib.dll
C:\Users\Amber Claycomb\AppData\Local\Temp\avgnt.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\BackupSetup.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\helper.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\pjelw3md.dll
C:\Users\Amber Claycomb\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\sqlite3.exe
C:\Users\Amber Claycomb\AppData\Local\Temp\tbappb.dll
C:\Users\Amber Claycomb\AppData\Local\Temp\tbVaf0.dll
C:\Users\Amber Claycomb\AppData\Local\Temp\tbWhi2.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\

hello, thank you. I am ready to start. 

 

Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-26 20:08
 
==================== End Of Log ============================

Attached Files


Edited by RPMcMurphy, 31 January 2014 - 10:41 PM.
Deleted extra log


#5 keeperlynn

keeperlynn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 31 January 2014 - 03:27 PM

Sorry about the double add.  :smash:



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 31 January 2014 - 10:43 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\Tasks\{DFA2991D-7F2A-4E37-A734-E9BF6F1AD58A}.job
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 keeperlynn

keeperlynn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 01 February 2014 - 10:28 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 03
Ran by Amber Claycomb at 2014-02-01 08:27:05 Run:1
Running from C:\Users\Amber Claycomb\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\Tasks\{DFA2991D-7F2A-4E37-A734-E9BF6F1AD58A}.job
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Windows\Tasks\{DFA2991D-7F2A-4E37-A734-E9BF6F1AD58A}.job => Moved successfully.
 
==== End of Fixlog ====


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 01 February 2014 - 11:29 AM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 keeperlynn

keeperlynn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 01 February 2014 - 12:56 PM

When downloading the files, it does not give me option to save to desktop, they go straight to my downloads folder. The ComboFix ran real fast before I could close out of my antivirus.

 

Antivirus is off and the combofix is in the downloads folder.   :bubbles:


Edited by keeperlynn, 01 February 2014 - 12:58 PM.


#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 01 February 2014 - 12:58 PM

Go ahead and download it to your downloads folder, then right click on it and select cut.  Then right click on an empty spot on your desktop, right click again and select paste.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 keeperlynn

keeperlynn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 01 February 2014 - 01:48 PM

I ran the ComboFix but a pop up for my Avira came up recommending me to scan I clicked later. Yikes, I hope this has been done correctly. Please advise. 

 

 

 

 

 

ComboFix 14-02-01.01 - Amber Claycomb 02/01/2014  11:18:19.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.2260 [GMT -7:00]
Running from: c:\users\Amber Claycomb\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Amber Claycomb\AppData\Local\DownloadTerms\teMP.dat
c:\users\Amber Claycomb\AppData\Roaming\SearchProtect
c:\users\Amber Claycomb\AppData\Roaming\SearchProtect\bin\msvcp100.dll
c:\users\Amber Claycomb\AppData\Roaming\SearchProtect\bin\msvcr100.dll
c:\users\Amber Claycomb\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\Amber Claycomb\Documents\~WRL0003.tmp
c:\users\Amber Claycomb\Documents\~WRL0005.tmp
c:\users\Amber Claycomb\Documents\~WRL0698.tmp
c:\users\Amber Claycomb\Documents\~WRL1007.tmp
c:\users\Amber Claycomb\Documents\~WRL2194.tmp
c:\users\Amber Claycomb\Documents\~WRL3026.tmp
c:\users\Amber Claycomb\Documents\~WRL3307.tmp
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-01 to 2014-02-01  )))))))))))))))))))))))))))))))
.
.
2014-02-01 18:29 . 2014-02-01 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-31 20:13 . 2014-02-01 15:27 -------- d-----w- C:\FRST
2014-01-26 22:30 . 2014-01-26 22:30 -------- d-----w- c:\windows\SysWow64\syncdb
2014-01-26 16:59 . 2014-01-26 16:59 -------- d-----w- c:\program files (x86)\Intel Corporation
2014-01-26 00:49 . 2014-01-26 00:49 -------- d-----w- c:\windows\Migration
2014-01-26 00:42 . 2014-01-27 04:02 -------- d-----w- c:\program files\Microsoft Silverlight
2014-01-26 00:42 . 2014-01-27 04:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-01-24 13:20 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-01-24 13:19 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2014-01-24 13:19 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-24 13:19 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-24 13:19 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-01-24 13:16 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-24 13:16 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-24 13:16 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-24 13:16 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-24 13:16 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-24 13:16 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-24 13:16 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-24 13:02 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-01-24 13:02 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-01-24 13:02 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-01-24 13:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-01-24 13:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-01-24 13:02 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2014-01-24 13:02 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2014-01-24 13:00 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2014-01-24 12:59 . 2013-09-08 02:27 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-01-24 12:58 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-01-24 12:58 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-24 12:58 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-24 12:58 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-24 12:58 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-24 12:58 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-24 12:58 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-24 12:58 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-24 12:58 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-01-24 12:58 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-01-24 12:58 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-01-24 12:58 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-01-24 12:53 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-24 02:06 . 2014-01-24 02:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-24 02:06 . 2014-01-24 02:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-24 02:05 . 2014-01-24 02:05 -------- d-----w- c:\program files (x86)\Java
2014-01-24 01:53 . 2014-01-24 02:06 -------- d-----w- c:\programdata\Oracle
2014-01-23 01:53 . 2014-01-23 01:53 -------- d-----w- c:\users\Amber Claycomb\AppData\Local\SearchProtect
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-24 00:21 . 2013-05-26 21:56 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-01-24 00:21 . 2013-05-26 21:55 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-01-24 00:21 . 2013-05-26 21:55 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-01-24 00:21 . 2013-05-26 21:55 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-23 03:03 . 2012-04-06 14:47 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-23 03:03 . 2011-06-09 14:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-06 23:20 . 2011-06-17 20:06 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-10-14 13:13 . 2013-10-14 13:13 50053120 ----a-w- c:\program files (x86)\GUT11EB.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{44824101-D354-21E2-709A-FBC2DF8FC96F}]
2013-01-21 03:51 120832 ----a-w- c:\programdata\SaveAs\50fcbb2805e3a.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-01-24 684600]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-31 20:07 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 03:03]
.
2014-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035910926-2905071289-103245942-1001Core.job
- c:\users\Amber Claycomb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-11 15:58]
.
2014-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035910926-2905071289-103245942-1001UA.job
- c:\users\Amber Claycomb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-11 15:58]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\Amber Claycomb\AppData\Local\DownloadTerms\temp.dat
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-01  11:41:29
ComboFix-quarantined-files.txt  2014-02-01 18:41
.
Pre-Run: 243,129,958,400 bytes free
Post-Run: 243,983,355,904 bytes free
.
- - End Of File - - 6B6FD7FF976B70416489773E0EA233DE


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 01 February 2014 - 06:07 PM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 keeperlynn

keeperlynn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 01 February 2014 - 10:37 PM

  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.

 

MBAM DID NOT GIVE ME THAT OPTION.

 
 
 
 
 
 
# AdwCleaner v3.018 - Report created 01/02/2014 at 17:03:23
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Amber Claycomb - AMBERCLAYCOMB
# Running from : C:\Users\Amber Claycomb\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Amber Claycomb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Amber Claycomb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\windows\System32\roboot64.exe
File Found : C:\windows\System32\Tasks\AmiUpdXp
File Found : C:\windows\System32\Tasks\RegClean Pro
Folder Found : C:\Users\Amber Claycomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Folder Found : C:\Users\Amber Claycomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdepacjoijebcfaaenjicnejghibmebp
Folder Found C:\Program Files (x86)\comcasttb
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\MyPC Backup 
Folder Found C:\Program Files (x86)\registry mechanic
Folder Found C:\Program Files\DomaIQ Uninstaller
Folder Found C:\ProgramData\BetterSoft
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\clsoft ltd
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found C:\ProgramData\SaveAs
Folder Found C:\ProgramData\SaveAs
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Searchprotect
Folder Found C:\Users\Amber Claycomb\AppData\Local\Conduit
Folder Found C:\Users\Amber Claycomb\AppData\Local\DownloadTerms
Folder Found C:\Users\Amber Claycomb\AppData\Local\PackageAware
Folder Found C:\Users\Amber Claycomb\AppData\Local\Searchprotect
Folder Found C:\Users\Amber Claycomb\AppData\Local\Supreme Savings
Folder Found C:\Users\Amber Claycomb\AppData\Local\SwvUpdater
Folder Found C:\Users\Amber Claycomb\AppData\LocalLow\Conduit
Folder Found C:\Users\Amber Claycomb\AppData\LocalLow\PriceGong
Folder Found C:\Users\Amber Claycomb\AppData\LocalLow\SaveAs
Folder Found C:\Users\Amber Claycomb\AppData\LocalLow\SaveAs
Folder Found C:\Users\Amber Claycomb\AppData\Roaming\PerformerSoft
Folder Found C:\Users\Amber Claycomb\AppData\Roaming\registry mechanic
Folder Found C:\Users\Amber Claycomb\AppData\Roaming\strongvault
Folder Found C:\Users\Amber Claycomb\AppData\Roaming\Systweak
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Found : HKCU\Software\Google\Chrome\Extensions\fdepacjoijebcfaaenjicnejghibmebp
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44824101-D354-21E2-709A-FBC2DF8FC96F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44824101-D354-21E2-709A-FBC2DF8FC96F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\PerformerSoft
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\PerformerSoft
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122992262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44824101-D354-21E2-709A-FBC2DF8FC96F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155995562}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166996662}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3272810
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279411
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287819
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144994462}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdepacjoijebcfaaenjicnejghibmebp
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44824101-D354-21E2-709A-FBC2DF8FC96F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : HKLM\Software\PerformerSoft
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Supreme Savings
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155995562}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166996662}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\Amber Claycomb\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11332 octets] - [01/02/2014 16:55:49]
AdwCleaner[R1].txt - [11393 octets] - [01/02/2014 17:00:03]
AdwCleaner[R2].txt - [11256 octets] - [01/02/2014 17:03:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [11317 octets] ##########
 
 
 
 
 
 
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.01.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Amber Claycomb :: AMBERCLAYCOMB [administrator]
 
2/1/2014 7:08:50 PM
mbam-log-2014-02-01 (19-08-50).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386578
Time elapsed: 1 hour(s), 5 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
 
 
 


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 AM

Posted 02 February 2014 - 10:16 AM

How is your computer running now? Please do this next:

icon11.gif  Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-Uncheck any items you see related to software you wish to keep->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is the computer running now?
  • adwCleaner log
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 keeperlynn

keeperlynn
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 02 February 2014 - 10:44 AM

Its running better. I think there is a problem with the internet explorer. I will run the scans and post requested information. GO Broncos!! Yeah?  ;)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users