Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mysearchdial


  • This topic is locked This topic is locked
11 replies to this topic

#1 mloo55

mloo55

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 07 February 2014 - 11:19 PM

Please I need to eliminate this malware that appears in IE, Firefox,Croma. I have win7 and iE99.

thanks in advance

mloo55



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 PM

Posted 08 February 2014 - 08:15 AM





Hello mloo55

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mloo55

mloo55
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 08 February 2014 - 09:47 AM

Gringo, thanks for the help, here are the two files
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Owner (administrator) on OWNER-PC on 08-02-2014 09:39:50
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\Ticno\Multibar\SearchService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\RightSurf\updateRightSurf.exe
() C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
() C:\Program Files (x86)\Ticno\Multibar\multibar.exe
() C:\Program Files (x86)\Ticno\Multibar\multibar_main.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Owner\AppData\Local\Ticno\Multibar\plugins\weather\TicnoWeather.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [multibar.exe] - C:\Program Files (x86)\Ticno\Multibar\multibar.exe [509952 2011-06-29] ()
HKLM-x32\...\Run: [Windows defender] - C:\Windows\SysWOW64\drivers\csrss.exe [22528 2012-02-28] (CLARO)
HKLM-x32\...\Run: [] - ""
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-1278214162-730200832-2028366764-1000\...\Run: [Facebook Update] - C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-1278214162-730200832-2028366764-1000\...\Run: [EPSON Stylus CX7300 Series] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATICDL.EXE [209408 2007-02-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1278214162-730200832-2028366764-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\S-1-5-21-1278214162-730200832-2028366764-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-02] (SUPERAntiSpyware)
HKU\S-1-5-21-1278214162-730200832-2028366764-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=PE&userid=67a59160-93bb-632a-7b63-af016fe0ce95&searchtype=ds&q={searchTerms}&installDate=13/12/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=PE&userid=67a59160-93bb-632a-7b63-af016fe0ce95&searchtype=ds&q={searchTerms}&installDate=13/12/2013
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1297879691&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1297879691&ir=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=PE&userid=67a59160-93bb-632a-7b63-af016fe0ce95&searchtype=ds&q={searchTerms}&installDate=13/12/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=PE&userid=67a59160-93bb-632a-7b63-af016fe0ce95&searchtype=ds&q={searchTerms}&installDate=13/12/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {E2C127D6-3ADD-42CA-BDCB-F472324CD3B4} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1297879691&ir=
SearchScopes: HKCU - 690AC3A19C3140C7A1455D4739D3FC54 URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS444
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=PE&userid=67a59160-93bb-632a-7b63-af016fe0ce95&searchtype=ds&q={searchTerms}&installDate=13/12/2013
SearchScopes: HKCU - {E2C127D6-3ADD-42CA-BDCB-F472324CD3B4} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1297879691&ir=
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: SmileysWeLoveToolbar - {e4ef8a64-0a30-48f5-b3fe-5fda978da775} - C:\Program Files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader64.dll ()
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: RightSurf - {88be1aa9-6740-461c-9e3e-f35eb8fa741c} - C:\Program Files (x86)\RightSurf\RightSurfbho.dll (RightSurf)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmileysWeLoveToolbar - {e4ef8a64-0a30-48f5-b3fe-5fda978da775} - C:\Program Files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll ()
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Smileys We Love - {97ef02f9-8bab-41eb-97d1-bec6ec3d36ff} - C:\Program Files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader64.dll ()
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Smileys We Love - {97ef02f9-8bab-41eb-97d1-bec6ec3d36ff} - C:\Program Files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll ()
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
DPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 200.48.225.130 200.48.225.146

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\user.js
FF DefaultSearchEngine: Mysearchdial
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Mysearchdial
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1297879691&ir=
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\searchplugins\Mysearchdial.xml
FF Extension: MySearchDial NewTab - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-02-07]
FF Extension: RightSurf - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\Extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi [2014-02-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-27]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011-08-12]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011-08-06]
FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files (x86)\Iminent\webbooster@iminent.com

Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1297879691&ir=
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-14]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-06]
CHR HKLM-x32\...\Chrome\Extension: [pppagaglfkmlpgobnlenhknilehpmcbo] - C:\Program Files (x86)\PSafe\PSafeAV\safemon\360webshield.crx [2013-08-06]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
R2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2013-10-12] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 TicnoSearch; C:\Program Files (x86)\Ticno\Multibar\SearchService.exe [258048 2011-08-17] ()
R2 Update RightSurf; C:\Program Files (x86)\RightSurf\updateRightSurf.exe [80160 2014-02-06] ()
R2 Util RightSurf; C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe [80160 2014-02-07] ()

==================== Drivers (Whitelisted) ====================

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [556120 2011-08-06] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-08 09:39 - 2014-02-08 09:41 - 00026419 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-02-08 09:39 - 2014-02-08 09:39 - 00000000 ____D () C:\FRST
2014-02-08 09:38 - 2014-02-08 09:39 - 02079744 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-02-06 22:27 - 2014-02-06 22:27 - 00692816 _____ (LiveSoftAction) C:\Users\Owner\Downloads\LG LH-D6230 user guide provided through mypdfmanuals.com.exe
2014-02-06 22:15 - 2014-02-06 22:15 - 00001144 _____ () C:\Users\Owner\Desktop\Continue Adobe Reader Free Download Installation.lnk
2014-02-06 22:09 - 2014-02-06 22:09 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\PSafe
2014-02-06 22:06 - 2014-02-06 22:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\PSafe
2014-02-06 22:06 - 2014-02-06 22:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\360safe
2014-02-06 22:06 - 2014-02-06 22:05 - 00023624 _____ (360安全中心) C:\windows\system32\Drivers\efimon.sys
2014-02-06 22:05 - 2014-02-06 14:27 - 00071360 ____R (360.cn) C:\windows\system32\Drivers\360AvFlt.sys
2014-02-06 22:03 - 2014-02-07 22:05 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
2014-02-06 22:03 - 2014-02-07 06:48 - 00000000 ____D () C:\Program Files (x86)\RightSurf
2014-02-06 22:03 - 2014-02-06 22:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\FileTypeAssistant
2014-02-06 22:03 - 2014-02-06 22:03 - 00003902 _____ () C:\windows\System32\Tasks\ProgramUpdateCheck
2014-02-06 22:03 - 2014-02-06 22:03 - 00003580 _____ () C:\windows\System32\Tasks\ProgramRefresh-ATFST
2014-02-06 22:03 - 2014-02-06 22:03 - 00000041 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-02-06 22:02 - 2014-02-07 06:48 - 00000000 ____D () C:\Program Files (x86)\PSafe
2014-02-06 22:02 - 2014-02-06 22:09 - 00000000 ____D () C:\ProgramData\PSafe
2014-02-06 22:02 - 2014-02-06 22:02 - 00000393 _____ () C:\Users\Owner\Desktop\MySearchDial.url
2014-02-06 22:02 - 2014-02-06 22:02 - 00000388 _____ () C:\Users\Owner\Desktop\FREE Games.url
2014-02-06 22:02 - 2014-02-06 22:01 - 16617352 _____ (Bitberry Software ) C:\Users\Owner\Downloads\FreeFileViewerSetup [1].exe
2014-02-06 22:00 - 2014-02-06 22:00 - 00690104 _____ ( ) C:\Users\Owner\Downloads\FreeFileViewerSetup.exe
2014-02-05 23:35 - 2014-02-05 23:35 - 00000000 _____ () C:\windows\SysWOW64\sho709E.tmp
2014-02-02 11:06 - 2014-02-08 09:21 - 00000840 _____ () C:\windows\setupact.log
2014-02-02 11:06 - 2014-02-02 11:06 - 00000000 _____ () C:\windows\setuperr.log
2014-02-02 11:05 - 2014-02-07 06:47 - 00005536 _____ () C:\windows\PFRO.log
2014-02-02 00:47 - 2014-02-03 22:22 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 00:44 - 2014-02-08 09:22 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 00:44 - 2014-02-07 23:16 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 00:44 - 2014-02-02 02:12 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-02 00:44 - 2014-02-02 02:11 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-02 00:43 - 2014-02-02 00:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-02 00:43 - 2014-02-02 00:43 - 00001779 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-02 00:35 - 2014-02-02 00:42 - 29085296 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-01-26 20:22 - 2014-01-26 20:22 - 00008780 _____ () C:\Users\Owner\Documents\RIMAC.xlsx
2014-01-15 18:56 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 18:56 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 18:56 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 18:56 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 18:56 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 18:56 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 18:56 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 18:56 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 18:56 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-14 19:45 - 2014-01-14 19:45 - 00000000 _____ () C:\windows\SysWOW64\sho624B.tmp
2014-01-14 08:25 - 2014-01-14 08:25 - 00000000 _____ () C:\windows\SysWOW64\shoEF3E.tmp

==================== One Month Modified Files and Folders =======

2014-02-08 09:41 - 2014-02-08 09:39 - 00026419 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-02-08 09:39 - 2014-02-08 09:39 - 00000000 ____D () C:\FRST
2014-02-08 09:39 - 2014-02-08 09:38 - 02079744 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-02-08 09:34 - 2011-05-30 01:13 - 01054941 _____ () C:\windows\WindowsUpdate.log
2014-02-08 09:32 - 2009-07-13 23:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 09:32 - 2009-07-13 23:45 - 00024400 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 09:31 - 2012-06-19 17:41 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-08 09:23 - 2011-08-06 15:21 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-08 09:22 - 2014-02-02 00:44 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-08 09:21 - 2014-02-02 11:06 - 00000840 _____ () C:\windows\setupact.log
2014-02-08 09:21 - 2013-12-17 20:53 - 00069792 _____ (Absolute Software Corp.) C:\windows\SysWOW64\rpcnet.dll
2014-02-08 09:21 - 2010-01-01 00:00 - 00017920 _____ () C:\windows\system32\rpcnetp.exe
2014-02-08 09:21 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-07 23:16 - 2014-02-02 00:44 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 22:05 - 2014-02-06 22:03 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
2014-02-07 21:48 - 2012-03-25 15:53 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1278214162-730200832-2028366764-1000UA.job
2014-02-07 21:46 - 2010-01-01 00:00 - 00017920 _____ () C:\windows\SysWOW64\rpcnetp.dll
2014-02-07 21:45 - 2010-01-01 00:00 - 00017920 _____ () C:\windows\SysWOW64\rpcnetp.exe
2014-02-07 21:24 - 2013-04-27 04:03 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{88660F23-D119-4889-BC57-058939D692C1}
2014-02-07 06:48 - 2014-02-06 22:03 - 00000000 ____D () C:\Program Files (x86)\RightSurf
2014-02-07 06:48 - 2014-02-06 22:02 - 00000000 ____D () C:\Program Files (x86)\PSafe
2014-02-07 06:47 - 2014-02-02 11:05 - 00005536 _____ () C:\windows\PFRO.log
2014-02-06 22:27 - 2014-02-06 22:27 - 00692816 _____ (LiveSoftAction) C:\Users\Owner\Downloads\LG LH-D6230 user guide provided through mypdfmanuals.com.exe
2014-02-06 22:15 - 2014-02-06 22:15 - 00001144 _____ () C:\Users\Owner\Desktop\Continue Adobe Reader Free Download Installation.lnk
2014-02-06 22:15 - 2014-02-06 22:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\FileTypeAssistant
2014-02-06 22:09 - 2014-02-06 22:09 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\PSafe
2014-02-06 22:09 - 2014-02-06 22:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\PSafe
2014-02-06 22:09 - 2014-02-06 22:02 - 00000000 ____D () C:\ProgramData\PSafe
2014-02-06 22:06 - 2014-02-06 22:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\360safe
2014-02-06 22:05 - 2014-02-06 22:06 - 00023624 _____ (360安全中心) C:\windows\system32\Drivers\efimon.sys
2014-02-06 22:03 - 2014-02-06 22:03 - 00003902 _____ () C:\windows\System32\Tasks\ProgramUpdateCheck
2014-02-06 22:03 - 2014-02-06 22:03 - 00003580 _____ () C:\windows\System32\Tasks\ProgramRefresh-ATFST
2014-02-06 22:03 - 2014-02-06 22:03 - 00000041 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-02-06 22:02 - 2014-02-06 22:02 - 00000393 _____ () C:\Users\Owner\Desktop\MySearchDial.url
2014-02-06 22:02 - 2014-02-06 22:02 - 00000388 _____ () C:\Users\Owner\Desktop\FREE Games.url
2014-02-06 22:01 - 2014-02-06 22:02 - 16617352 _____ (Bitberry Software ) C:\Users\Owner\Downloads\FreeFileViewerSetup [1].exe
2014-02-06 22:00 - 2014-02-06 22:00 - 00690104 _____ ( ) C:\Users\Owner\Downloads\FreeFileViewerSetup.exe
2014-02-06 14:27 - 2014-02-06 22:05 - 00071360 ____R (360.cn) C:\windows\system32\Drivers\360AvFlt.sys
2014-02-05 23:35 - 2014-02-05 23:35 - 00000000 _____ () C:\windows\SysWOW64\sho709E.tmp
2014-02-05 22:38 - 2009-07-14 00:08 - 00032538 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-05 08:18 - 2009-07-14 00:13 - 00780196 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-04 22:38 - 2012-03-24 21:27 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-02-04 19:29 - 2012-06-19 17:41 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 19:29 - 2012-06-19 17:41 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 19:29 - 2011-12-21 18:23 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 09:17 - 2013-01-30 18:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FlvtoConverter
2014-02-03 22:22 - 2014-02-02 00:47 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 11:06 - 2014-02-02 11:06 - 00000000 _____ () C:\windows\setuperr.log
2014-02-02 10:27 - 2011-09-19 20:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-02-02 09:48 - 2012-03-25 15:53 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1278214162-730200832-2028366764-1000Core.job
2014-02-02 02:12 - 2014-02-02 00:44 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-02 02:11 - 2014-02-02 00:44 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-02 00:47 - 2011-05-30 01:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-02 00:45 - 2014-02-02 00:43 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-02 00:43 - 2014-02-02 00:43 - 00001779 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-02 00:42 - 2014-02-02 00:35 - 29085296 _____ (SUPERAntiSpyware) C:\Users\Owner\Downloads\SUPERAntiSpyware.exe
2014-01-29 09:04 - 2011-08-06 15:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Toshiba
2014-01-29 09:04 - 2011-08-06 14:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\TOSHIBA
2014-01-26 20:22 - 2014-01-26 20:22 - 00008780 _____ () C:\Users\Owner\Documents\RIMAC.xlsx
2014-01-26 10:17 - 2013-12-27 23:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-18 13:21 - 2009-07-13 23:45 - 00417160 _____ () C:\windows\system32\FNTCACHE.DAT
2014-01-17 19:39 - 2013-08-08 16:14 - 00000000 ____D () C:\windows\system32\MRT
2014-01-17 19:34 - 2011-08-09 01:00 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-14 19:45 - 2014-01-14 19:45 - 00000000 _____ () C:\windows\SysWOW64\sho624B.tmp
2014-01-14 08:25 - 2014-01-14 08:25 - 00000000 _____ () C:\windows\SysWOW64\shoEF3E.tmp

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\72914uninstall.exe
C:\Users\Owner\AppData\Local\Temp\AdobeUpdateSetup.exe
C:\Users\Owner\AppData\Local\Temp\ICReinstall_AdobeUpdateSetup.exe
C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014
Ran by Owner at 2014-02-08 09:41:47
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Out of date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512 - ABBYY Software House)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)
ArcSoft PhotoImpression 6 (x32 Version: 6 - ArcSoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36 - Atheros Communications Inc.)
Belarc Advisor 8.2 (x32 Version: 8.2.1.0 - Belarc Inc.)
Best Buy pc app (HKCU Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
CCleaner (Version: 4.09 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
EPSON CX7300 User's Guide (x32 Version: - )
EPSON Printer Software (Version: - SEIKO EPSON Corporation)
EPSON Scan (x32 Version: - )
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
File Type Assistant (x32 Version: 2013.4.8.0 - ) <==== ATTENTION
Flvto Youtube Downloader (x32 Version: 0.4.0 - Hotger)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004 - Intel Corporation)
IZArc 4.1.6 (x32 Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 7 (x32 Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (x32 Version: 6.0.200 - Sun Microsystems, Inc.)
Kaspersky Anti-Virus 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab)
Kaspersky Anti-Virus 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab) Hidden
Label@Once 1.0 (x32 Version: 1.0 - Corel)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyFreeCodec (HKCU Version: - )
Nokia Connectivity Cable Driver (Version: 7.1.32.69 - )
NTE QUICKCross (x32 Version: 15.0 - CyberSoft, Inc.)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Reader Driver (x32 Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RightSurf (Version: 2014.02.06.195607 - RightSurf) <==== ATTENTION
Skype Click to Call (x32 Version: 6.11.13307 - Skype Technologies S.A.)
Skype™ 6.5 (x32 Version: 6.5.158 - Skype Technologies S.A.)
Smileys We Love Toolbar for IE (x32 Version: 2.1.4 - SqueekyChocolate, LLC)
SUPERAntiSpyware (Version: 5.7.1014 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (Version: 15.2.11.1 - Synaptics Incorporated)
TeamViewer 8 (x32 Version: 8.0.16642 - TeamViewer)
Ticno multibar (x32 Version: 1.1.1.0 - Ticno.com)
TOSHIBA Application Installer (x32 Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (x32 Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (x32 Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA Hardware Setup (x32 Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (x32 Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (x32 Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA Supervisor Password (x32 Version: 4.08.06.00 - )
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (x32 Version: 1.0.4 - Toshiba)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 16.0 (Version: 16.0.9691 - WinZip Computing, S.L. )

==================== Restore Points =========================

03-01-2014 06:29:28 Windows Update
03-01-2014 21:51:51 Windows Update
05-01-2014 03:16:25 Windows Update
06-01-2014 13:18:55 Windows Update
06-01-2014 13:45:10 Windows Update
07-01-2014 23:44:54 Windows Update
09-01-2014 00:55:55 Windows Update
09-01-2014 06:43:46 Windows Update
10-01-2014 23:16:16 Windows Update
11-01-2014 17:29:07 Windows Update
11-01-2014 17:48:12 Windows Update
12-01-2014 17:02:54 Windows Update
14-01-2014 02:50:37 Windows Update
14-01-2014 13:11:10 Windows Update
14-01-2014 13:24:46 Windows Update
18-01-2014 00:32:48 Windows Update
18-01-2014 18:36:13 Windows Update
21-01-2014 22:31:12 Windows Update
25-01-2014 05:43:27 Windows Update
29-01-2014 02:56:13 Windows Update
02-02-2014 04:25:56 Windows Update
02-02-2014 08:00:37 Windows Update
03-02-2014 03:00:27 Windows Update
03-02-2014 05:33:01 Windows Update
05-02-2014 12:29:13 Windows Update
06-02-2014 13:21:16 Windows Update
07-02-2014 01:05:57 Windows Update
07-02-2014 11:53:40 Windows Update
08-02-2014 14:28:27 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-03-23 17:15 - 00000059 ____A C:\windows\system32\Drivers\etc\hosts
User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/

==================== Scheduled Tasks (whitelisted) =============

Task: {018D6083-66DE-4FC8-9AB9-A155514B0B98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {02752FE2-E53C-4F61-A8A4-A8C0D889F4F8} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2013-04-08] ( ) <==== ATTENTION
Task: {081224D2-1B25-4ED2-8607-CA3D917DE8CA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1278214162-730200832-2028366764-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {2E927689-5AB7-44E5-BA0F-4C76C85B5E47} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {B7EC8577-BE3B-48C2-9483-20262EF82369} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {BB6BDD79-6444-4F3A-A8D6-0F1E034926DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {C4BE6CDE-BC90-401C-AB59-05F65D62E1C8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1278214162-730200832-2028366764-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {C518629F-592D-4D45-AD62-1A2AA6D9BFB8} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2013-04-08] (Trusted Software ApS) <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1278214162-730200832-2028366764-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1278214162-730200832-2028366764-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2012-08-27 14:14 - 2012-08-27 14:14 - 00717824 _____ () C:\Program Files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader64.dll
2010-12-08 17:42 - 2010-12-08 17:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2010-10-05 19:26 - 2010-10-05 19:26 - 02111160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avzkrnl.dll
2009-06-27 01:11 - 2009-06-27 01:11 - 00503202 _____ () C:\Program Files (x86)\Ticno\Multibar\sqlite3.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-07-18 01:27 - 2011-07-18 01:27 - 00042496 _____ () C:\Program Files (x86)\Ticno\Multibar\hook2.dll
2011-07-27 02:20 - 2011-07-27 02:20 - 00264192 _____ () C:\Program Files (x86)\Ticno\Multibar\SearchPanel.dll
2011-11-05 19:06 - 2011-07-27 02:22 - 00328704 _____ () C:\Users\Owner\AppData\Local\Ticno\Multibar\plugins\local_search\local_search.dll
2011-11-05 19:06 - 2011-07-27 02:22 - 00327168 _____ () C:\Users\Owner\AppData\Local\Ticno\Multibar\plugins\inet_search\inet_search.dll
2011-11-05 19:06 - 2011-07-27 02:21 - 00128000 _____ () C:\Users\Owner\AppData\Local\Ticno\Multibar\plugins\wiki_search\wiki_search.dll
2011-11-05 19:06 - 2011-07-27 02:21 - 00128512 _____ () C:\Users\Owner\AppData\Local\Ticno\Multibar\plugins\youtube_search\youtube_search.dll
2011-11-05 19:06 - 2011-05-17 01:58 - 00047616 _____ () C:\Users\Owner\AppData\Local\Ticno\Multibar\plugins\weather\main.dll
2011-11-05 19:06 - 2011-07-27 02:21 - 00242176 _____ () C:\Users\Owner\AppData\Local\Ticno\Multibar\plugins\friendmeter\friendmeter.dll
2011-11-05 19:06 - 2011-08-19 06:15 - 00259584 _____ () C:\Users\Owner\AppData\Local\Ticno\Multibar\plugins\games\games.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Owner\Downloads\Fw_ DICHOS POPULARES !!!.eml:OECustomProperty
AlternateDataStreams: C:\Users\Owner\Downloads\PASSWORDS.eml:OECustomProperty
AlternateDataStreams: C:\Users\Owner\Downloads\Rv_ Fwd_ PASSWORDS.eml:OECustomProperty
AlternateDataStreams: C:\Users\Owner\Downloads\RV_ Ojos chinitos!.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2014 09:22:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 09:47:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 09:30:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 09:17:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 06:49:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2014 09:15:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2014 05:59:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2014 08:17:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2014 10:40:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2014 06:30:03 PM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service


System errors:
=============
Error: (02/08/2014 09:34:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 for x64-based Systems (KB971033).

Error: (02/08/2014 09:24:53 AM) (Source: Service Control Manager) (User: )
Description: The TicnoSearch service hung on starting.

Error: (02/08/2014 09:21:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/08/2014 09:21:14 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:19:20 PM on ‎2/‎7/‎2014 was unexpected.

Error: (02/07/2014 09:48:34 PM) (Source: Service Control Manager) (User: )
Description: The TicnoSearch service hung on starting.

Error: (02/07/2014 09:46:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/07/2014 09:29:57 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/07/2014 09:29:57 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/07/2014 09:29:57 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/07/2014 09:29:57 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (02/08/2014 09:22:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 09:47:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 09:30:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 09:17:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2014 06:49:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2014 09:15:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2014 05:59:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2014 08:17:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2014 10:40:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2014 06:30:03 PM) (Source: TOSHIBA Service Station)(User: )
Description: TSS Load: could not communicate with TMachInfo service


==================== Memory info ===========================

Percentage of memory in use: 71%
Total physical RAM: 1995.86 MB
Available physical RAM: 561.62 MB
Total Pagefile: 3991.72 MB
Available Pagefile: 1427.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (TI106139W0E) (Fixed) (Total:580.98 GB) (Free:511.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 4E59E2AF)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

==================== End Of Log ============================
==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-05 23:14

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 PM

Posted 08 February 2014 - 12:59 PM



Hello mloo55

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mloo55

mloo55
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 08 February 2014 - 07:40 PM

Gringo
I run Adwcleaner and this is what I got
# AdwCleaner v3.018 - Report created 08/02/2014 at 19:27:35
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : TicnoSearch

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Ticno
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Program Files (x86)\Smartdl
Folder Deleted : C:\Program Files (x86)\SqueekyChocolate, LLC
Folder Deleted : C:\Program Files (x86)\Ticno
Folder Deleted : C:\Users\Owner\AppData\Local\Babylon
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\Local\Ticno
Folder Deleted : C:\Users\Owner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Owner\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Owner\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Owner\Desktop\Free Animated Desktop Wallpaper.lnk
File Deleted : C:\Users\Owner\Desktop\Free Dolphin Screensaver.lnk
File Deleted : C:\Users\Owner\Desktop\Free Whales ScreenSaver.lnk
File Deleted : C:\Users\Owner\Desktop\MySearchDial.url
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\searchplugins\bingp.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4cdv1eaw.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4cdv1eaw.default\user.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\user.js
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [multibar.exe]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_free-video-to-mp3-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_free-video-to-mp3-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_oovoo[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_oovoo[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Ticno Multibar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Ticno Multibar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\multibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4cdv1eaw.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1[...]
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd0103");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1297879691");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutB[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "E89A8F4540057068");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16107");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyEyDyEtDtDyDyBtDyCzztN0D0Tzu0SyByCzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.022:2:23");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [24510 octets] - [08/02/2014 19:25:29]
AdwCleaner[S0].txt - [23605 octets] - [08/02/2014 19:27:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23666 octets] ##########


Any other action please advice.
rgds
mloo55

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 PM

Posted 09 February 2014 - 08:56 PM


Hello mloo55

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mloo55

mloo55
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 14 February 2014 - 03:27 PM

Gringo sorry for the delay in notfify you tha when I run Adwcleaner the laptop returned to normal so now when I start the programs no more mysearch appears. Thanks you so much.
mloo55

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 PM

Posted 14 February 2014 - 09:22 PM

tHAT WAS ONLY ONE STEP IN THE PROCESS AND YOU SHOULD STAY WITH ME UNTILL IT IS COMPLETE


GRINGO
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mloo55

mloo55
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 16 February 2014 - 06:52 PM

Gringo, sorry you are rigth with my behavior, what you start what you finish, here is my combo report
ComboFix 14-02-16.01 - Owner 02/16/2014 18:13:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1996.643 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\activacion_linea.exe
c:\windows\SysWow64\SET3A8D.tmp
c:\windows\SysWow64\SET5C51.tmp
c:\windows\SysWow64\SET6509.tmp
c:\windows\SysWow64\SET6A09.tmp
c:\windows\SysWow64\SET6F76.tmp
c:\windows\SysWow64\SET78AB.tmp
c:\windows\SysWow64\SET7CA2.tmp
c:\windows\SysWow64\SET81E1.tmp
c:\windows\SysWow64\SET8664.tmp
c:\windows\SysWow64\SET8A6B.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-01-16 to 2014-02-16 )))))))))))))))))))))))))))))))
.
.
2014-02-16 23:33 . 2014-02-16 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-02-16 23:33 . 2014-02-16 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-16 22:08 . 2014-02-16 22:08 -------- d-----w- c:\users\Owner\AppData\Roaming\1O1L1I1PtF1F1C1N
2014-02-16 22:08 . 2014-02-16 23:08 -------- d-----w- c:\program files (x86)\FindRight
2014-02-16 22:08 . 2014-02-16 22:12 -------- d-----w- c:\program files (x86)\IminentToolbar
2014-02-16 22:07 . 2014-02-16 22:07 -------- d-----w- c:\users\Owner\AppData\Roaming\IminentToolbar
2014-02-16 22:07 . 2014-02-16 22:07 -------- d-----w- c:\users\Owner\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2014-02-15 03:14 . 2014-02-15 18:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB448B1-A5EC-4E35-8138-859C83B64697}\offreg.dll
2014-02-14 12:16 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB448B1-A5EC-4E35-8138-859C83B64697}\mpengine.dll
2014-02-12 21:53 . 2014-02-05 10:19 17849344 ----a-w- c:\windows\system32\mshtml.dll
2014-02-12 21:53 . 2014-02-05 10:02 10926080 ----a-w- c:\windows\system32\ieframe.dll
2014-02-12 00:59 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 00:59 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 00:59 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 00:59 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-11 22:38 . 2014-02-11 22:38 0 ----a-w- c:\windows\SysWow64\sho67A8.tmp
2014-02-11 10:03 . 2014-02-11 10:03 0 ----a-w- c:\windows\SysWow64\shoE0DC.tmp
2014-02-09 18:47 . 2014-02-09 18:47 0 ----a-w- c:\windows\SysWow64\shoC774.tmp
2014-02-09 02:30 . 2014-02-09 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-02-09 02:30 . 2014-02-09 02:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-02-09 00:25 . 2014-02-09 00:27 -------- d-----w- C:\AdwCleaner
2014-02-08 14:39 . 2014-02-08 14:43 -------- d-----w- C:\FRST
2014-02-07 03:09 . 2014-02-07 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\PSafe
2014-02-07 03:06 . 2014-02-07 03:09 -------- d-----w- c:\users\Owner\AppData\Local\PSafe
2014-02-07 03:06 . 2014-02-07 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\360safe
2014-02-07 03:06 . 2014-02-07 03:05 23624 ----a-w- c:\windows\system32\drivers\efimon.sys
2014-02-07 03:05 . 2014-02-06 19:27 71360 ----a-r- c:\windows\system32\drivers\360AvFlt.sys
2014-02-07 03:03 . 2014-02-07 11:48 -------- d-----w- c:\program files (x86)\RightSurf
2014-02-07 03:03 . 2014-02-07 03:15 -------- d-----w- c:\users\Owner\AppData\Local\FileTypeAssistant
2014-02-07 03:03 . 2014-02-16 19:23 -------- d-----w- c:\program files (x86)\File Type Assistant
2014-02-07 03:02 . 2014-02-07 11:48 -------- d-----w- c:\program files (x86)\PSafe
2014-02-07 03:02 . 2014-02-07 03:09 -------- d-----w- c:\programdata\PSafe
2014-02-06 04:35 . 2014-02-06 04:35 0 ----a-w- c:\windows\SysWow64\sho709E.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 23:31 . 2010-01-01 05:00 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2014-02-15 10:32 . 2013-12-18 01:53 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2014-02-08 20:47 . 2010-01-01 05:00 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2014-02-08 20:47 . 2010-01-01 05:00 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2014-02-05 00:29 . 2012-06-19 22:41 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 00:29 . 2011-12-21 23:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-18 00:34 . 2011-08-09 06:00 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-15 00:45 . 2014-01-15 00:45 0 ----a-w- c:\windows\SysWow64\sho624B.tmp
2014-01-14 13:25 . 2014-01-14 13:25 0 ----a-w- c:\windows\SysWow64\shoEF3E.tmp
2014-01-04 01:27 . 2014-01-04 01:27 0 ----a-w- c:\windows\SysWow64\shoDFC4.tmp
2014-01-03 21:52 . 2014-01-03 21:52 0 ----a-w- c:\windows\SysWow64\shoD548.tmp
2014-01-01 22:55 . 2014-01-01 22:55 0 ----a-w- c:\windows\SysWow64\sho8DD4.tmp
2013-12-27 05:17 . 2013-12-27 05:17 0 ----a-w- c:\windows\SysWow64\sho4D45.tmp
2013-12-24 18:56 . 2013-12-24 18:56 0 ----a-w- c:\windows\SysWow64\shoC83E.tmp
2013-12-21 18:23 . 2013-12-21 18:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-21 18:23 . 2013-12-21 18:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-21 18:23 . 2013-12-21 18:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-21 18:23 . 2013-12-21 18:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-21 18:23 . 2013-12-21 18:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-21 18:23 . 2013-12-21 18:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-21 18:23 . 2013-12-21 18:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-12-21 18:23 . 2013-12-21 18:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-21 18:23 . 2013-12-21 18:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-21 18:23 . 2013-12-21 18:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-21 18:23 . 2013-12-21 18:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-21 18:23 . 2013-12-21 18:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-21 18:23 . 2013-12-21 18:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-21 18:23 . 2013-12-21 18:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-21 18:23 . 2013-12-21 18:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-12-21 18:23 . 2013-12-21 18:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-21 18:23 . 2013-12-21 18:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-21 18:23 . 2013-12-21 18:23 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-12-21 18:23 . 2013-12-21 18:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-12-21 18:23 . 2013-12-21 18:23 82432 ----a-w- c:\windows\system32\icardie.dll
2013-12-21 18:23 . 2013-12-21 18:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-12-21 18:23 . 2013-12-21 18:23 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-21 18:23 . 2013-12-21 18:23 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-21 18:23 . 2013-12-21 18:23 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-12-21 18:23 . 2013-12-21 18:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-12-21 18:23 . 2013-12-21 18:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-21 18:23 . 2013-12-21 18:23 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-21 18:23 . 2013-12-21 18:23 448512 ----a-w- c:\windows\system32\html.iec
2013-12-21 18:23 . 2013-12-21 18:23 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-21 18:23 . 2013-12-21 18:23 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-12-21 18:23 . 2013-12-21 18:23 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-21 18:23 . 2013-12-21 18:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-21 18:23 . 2013-12-21 18:23 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-21 18:23 . 2013-12-21 18:23 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-12-21 18:23 . 2013-12-21 18:23 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-12-21 18:23 . 2013-12-21 18:23 222208 ----a-w- c:\windows\system32\msls31.dll
2013-12-21 18:23 . 2013-12-21 18:23 197120 ----a-w- c:\windows\system32\msrating.dll
2013-12-21 18:23 . 2013-12-21 18:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-12-21 18:23 . 2013-12-21 18:23 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-12-21 18:23 . 2013-12-21 18:23 160256 ----a-w- c:\windows\system32\wextract.exe
2013-12-21 18:23 . 2013-12-21 18:23 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-12-21 18:23 . 2013-12-21 18:23 149504 ----a-w- c:\windows\system32\occache.dll
2013-12-21 18:23 . 2013-12-21 18:23 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-12-21 18:23 . 2013-12-21 18:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-21 18:23 . 2013-12-21 18:23 12288 ----a-w- c:\windows\system32\mshta.exe
2013-12-21 18:23 . 2013-12-21 18:23 114176 ----a-w- c:\windows\system32\admparse.dll
2013-12-21 18:23 . 2013-12-21 18:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-21 18:23 . 2013-12-21 18:23 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-21 18:23 . 2013-12-21 18:23 103936 ----a-w- c:\windows\system32\inseng.dll
2013-12-21 03:56 . 2013-12-21 03:56 0 ----a-w- c:\windows\SysWow64\shoB164.tmp
2013-12-19 13:49 . 2013-12-19 13:49 0 ----a-w- c:\windows\SysWow64\sho9980.tmp
2013-12-19 11:34 . 2013-12-19 11:34 0 ----a-w- c:\windows\SysWow64\shoE16E.tmp
2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-18 01:52 . 2013-12-18 01:53 69792 ------w- c:\windows\SysWow64\rpcnet.exe
2013-12-01 05:12 . 2013-12-01 05:12 0 ----a-w- c:\windows\SysWow64\sho32A3.tmp
2013-11-29 13:23 . 2013-11-29 13:23 0 ----a-w- c:\windows\SysWow64\sho6AD3.tmp
2013-11-29 02:41 . 2013-11-29 02:41 0 ----a-w- c:\windows\SysWow64\shoDBFD.tmp
2013-11-27 01:41 . 2014-01-15 23:56 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 23:56 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 23:56 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 23:56 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 23:56 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 23:56 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 23:56 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 23:56 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 23:56 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 01:27 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 01:27 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2c774641-5504-46a8-b63f-6715ae3fe376}]
2014-02-14 17:27 249632 ----a-w- c:\program files (x86)\FindRight\FindRightBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}]
2014-02-06 19:56 249632 ----a-w- c:\program files (x86)\RightSurf\RightSurfBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=PE&userid=67a59160-93bb-632a-7b63-af016fe0ce95&searchtype=ds&q={searchTerms}&installDate=13/12/2013
IE: &Enviar a OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: paypal.com\www
TCP: DhcpNameServer = 200.48.225.130 200.48.225.146
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - f04f706800000000000068a3c4edff11
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16117
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.317:08
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{e4ef8a64-0a30-48f5-b3fe-5fda978da775} - c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll
Toolbar-Locked - (no file)
Toolbar-{97ef02f9-8bab-41eb-97d1-bec6ec3d36ff} - c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-16 18:39:18
ComboFix-quarantined-files.txt 2014-02-16 23:39
.
Pre-Run: 546,424,569,856 bytes free
Post-Run: 546,057,601,024 bytes free
.
- - End Of File - - 4AC6B9A3668A41AD6E90311B4F9CC0B7

During running combo fix no problems were found .
I am checking the pc and everything run normal.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 PM

Posted 16 February 2014 - 08:59 PM


Hello mloo55

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Owner\AppData\Roaming\1O1L1I1PtF1F1C1N
c:\program files (x86)\FindRight
c:\program files (x86)\IminentToolbar
c:\users\Owner\AppData\Roaming\IminentToolbar
c:\users\Owner\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl


Firefox::
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i0ov43os.default-1387155797857\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - f04f706800000000000068a3c4edff11
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16117
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.317:08
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
user_pref(extensions.autoDisableScopes,14);
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 PM

Posted 21 February 2014 - 08:18 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:20 PM

Posted 27 February 2014 - 08:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users