Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess rootkit help please


  • This topic is locked This topic is locked
17 replies to this topic

#1 kaygee809

kaygee809

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 18 February 2014 - 04:35 PM

boopme has been instrumental in getting me through this.  he told me to open a new post and enclose the following.  idk what is happening but I am really having a hard time with this pc.  tyvm  apologies btw i wasnt able to zip and attach.  im having many issues atm.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/21/2012 10:44:16 AM
System Uptime: 2/18/2014 12:02:04 PM (4 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: AMD E-300 APU with Radeon™ HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 215.363 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP136: 1/24/2014 5:14:21 PM - Scheduled Checkpoint
RP137: 1/27/2014 3:33:06 AM - Installed AVG PC TuneUp 2014
RP138: 2/3/2014 10:21:10 AM - Installed Java 7 Update 51
RP139: 2/10/2014 2:36:53 PM - Scheduled Checkpoint
RP140: 2/12/2014 8:54:48 PM - Windows Update
RP141: 2/15/2014 9:10:51 PM - Installed AVG 2014
RP142: 2/16/2014 8:32:44 PM - Windows Update
RP143: 2/17/2014 11:03:59 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X MUI
Adobe Shockwave Player 12.0
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Android USB Driver
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
AVG 2014
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
Bejeweled 3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Conexant HD Audio
Curse Client
CWA Reminder by We-Care.com v4.0.16.3
D3DX10
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.8.0_R01
FATE - The Traitor Soul
FileParade bundle uninstaller
Fishdom ™ 2
Flash Player Pro V5.4
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.7
Itibiti RTC
Java 7 Update 51
Java Auto Updater
Java™ 6 Update 25
Junk Mail filter update
Knctr
Learning Lodge™
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 365 Home Premium - en-us
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PDFCreator
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Polar Bowler
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Skype Click to Call
Skype Launcher
Skype™ 6.1
Super TextTwist (remove only)
swMSM
Tom Clancy's Splinter Cell
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VTech Download Agent Library
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/18/2014 3:46:30 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
2/18/2014 11:05:25 AM, Error: Service Control Manager [7000]  - The Common Client Job Manager Service service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/21/2012 10:44:16 AM
System Uptime: 2/18/2014 12:02:04 PM (4 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: AMD E-300 APU with Radeon™ HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 215.363 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP136: 1/24/2014 5:14:21 PM - Scheduled Checkpoint
RP137: 1/27/2014 3:33:06 AM - Installed AVG PC TuneUp 2014
RP138: 2/3/2014 10:21:10 AM - Installed Java 7 Update 51
RP139: 2/10/2014 2:36:53 PM - Scheduled Checkpoint
RP140: 2/12/2014 8:54:48 PM - Windows Update
RP141: 2/15/2014 9:10:51 PM - Installed AVG 2014
RP142: 2/16/2014 8:32:44 PM - Windows Update
RP143: 2/17/2014 11:03:59 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X MUI
Adobe Shockwave Player 12.0
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Android USB Driver
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
AVG 2014
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
Bejeweled 3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Conexant HD Audio
Curse Client
CWA Reminder by We-Care.com v4.0.16.3
D3DX10
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.8.0_R01
FATE - The Traitor Soul
FileParade bundle uninstaller
Fishdom ™ 2
Flash Player Pro V5.4
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.7
Itibiti RTC
Java 7 Update 51
Java Auto Updater
Java™ 6 Update 25
Junk Mail filter update
Knctr
Learning Lodge™
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 365 Home Premium - en-us
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
PDFCreator
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Polar Bowler
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Skype Click to Call
Skype Launcher
Skype™ 6.1
Super TextTwist (remove only)
swMSM
Tom Clancy's Splinter Cell
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VTech Download Agent Library
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/18/2014 3:46:30 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
2/18/2014 11:05:25 AM, Error: Service Control Manager [7000]  - The Common Client Job Manager Service service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by mommie at 16:19:23 on 2014-02-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.402 [GMT -5:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\svchost.exe -k defragsvc
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
StartupFolder: C:\Users\mommie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocx
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C255CBF0-110E-437C-900A-BE27A2FBDFAB} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB15B607-34AB-4291-B280-88F7F856EEEF}\2456C6B696E6F574F575962756C6563737F5935373443424 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EB15B607-34AB-4291-B280-88F7F856EEEF}\27D6A6F6E6563783830363 : DHCPNameServer = 192.168.0.1 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: The weDownload Manager: {11111111-1111-1111-1111-110411901174} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - <orphaned>
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mommie\AppData\Roaming\Mozilla\Firefox\Profiles\yw8zymku.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-1-7 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-1-7 38016]
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-1-7 204288]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-1-7 9216]
R3 GKUPRO2D;GKUPRO2D;C:\windows\System32\drivers\GKUPRO2D.sys [2012-11-5 120320]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-1-7 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-1-7 1109096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2013-12-16 14112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;C:\windows\System32\drivers\CT_U_USBSER.sys [2012-7-18 122368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-1-7 243712]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2014-02-18 17:45:30 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 17:45:28 119000 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-02-18 02:22:12 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-02-17 00:54:19 -------- d-----w- C:\Program Files\HitmanPro
2014-02-16 08:46:19 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-02-16 08:46:17 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-02-16 08:46:17 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-02-16 08:46:17 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-02-16 08:46:15 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-02-13 01:58:30 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-02-13 01:58:29 548864 ----a-w- C:\windows\System32\vbscript.dll
2014-02-12 08:44:45 1882112 ----a-w- C:\windows\System32\msxml3.dll
2014-02-12 08:43:47 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-02-12 08:43:46 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2014-02-12 08:43:42 3928064 ----a-w- C:\windows\System32\d2d1.dll
2014-02-12 08:43:41 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2014-02-03 15:24:28 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-27 22:36:49 9528 ----a-w- C:\Users\mommie\FACEBO~1.004
2014-01-27 08:40:47 40248 ----a-w- C:\windows\System32\TURegOpt.exe
2014-01-27 08:40:39 29496 ----a-w- C:\windows\System32\authuitu.dll
2014-01-27 08:40:39 25400 ----a-w- C:\windows\SysWow64\authuitu.dll
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-05 11:11:31 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 11:11:31 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-22 17:58:50 10285040 ----a-w- C:\Users\mommie\mbam-setup-1.75.0.1300.exe
2013-12-06 02:30:08 2048 ----a-w- C:\windows\System32\msxml3r.dll
2013-12-06 02:02:08 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-30 15:46:04 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2013-11-30 15:46:04 194048 ----a-w- C:\windows\SysWow64\elshyph.dll
2013-11-27 01:41:37 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\windows\System32\win32k.sys
2013-11-26 02:47:22 196376 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-11-26 02:47:20 243480 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-11-26 02:47:20 150808 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
.
============= FINISH: 16:21:43.51 ===============
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by mommie at 16:19:23 on 2014-02-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.402 [GMT -5:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\svchost.exe -k defragsvc
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
StartupFolder: C:\Users\mommie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocx
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C255CBF0-110E-437C-900A-BE27A2FBDFAB} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB15B607-34AB-4291-B280-88F7F856EEEF}\2456C6B696E6F574F575962756C6563737F5935373443424 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EB15B607-34AB-4291-B280-88F7F856EEEF}\27D6A6F6E6563783830363 : DHCPNameServer = 192.168.0.1 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: The weDownload Manager: {11111111-1111-1111-1111-110411901174} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - <orphaned>
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mommie\AppData\Roaming\Mozilla\Firefox\Profiles\yw8zymku.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-1-7 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-1-7 38016]
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-1-7 204288]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-1-7 9216]
R3 GKUPRO2D;GKUPRO2D;C:\windows\System32\drivers\GKUPRO2D.sys [2012-11-5 120320]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-1-7 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-1-7 1109096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2013-12-16 14112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;C:\windows\System32\drivers\CT_U_USBSER.sys [2012-7-18 122368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-1-7 243712]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2014-02-18 17:45:30 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 17:45:28 119000 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-02-18 02:22:12 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-02-17 00:54:19 -------- d-----w- C:\Program Files\HitmanPro
2014-02-16 08:46:19 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-02-16 08:46:17 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-02-16 08:46:17 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-02-16 08:46:17 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-02-16 08:46:15 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-02-13 01:58:30 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-02-13 01:58:29 548864 ----a-w- C:\windows\System32\vbscript.dll
2014-02-12 08:44:45 1882112 ----a-w- C:\windows\System32\msxml3.dll
2014-02-12 08:43:47 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-02-12 08:43:46 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2014-02-12 08:43:42 3928064 ----a-w- C:\windows\System32\d2d1.dll
2014-02-12 08:43:41 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2014-02-03 15:24:28 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-27 22:36:49 9528 ----a-w- C:\Users\mommie\FACEBO~1.004
2014-01-27 08:40:47 40248 ----a-w- C:\windows\System32\TURegOpt.exe
2014-01-27 08:40:39 29496 ----a-w- C:\windows\System32\authuitu.dll
2014-01-27 08:40:39 25400 ----a-w- C:\windows\SysWow64\authuitu.dll
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-05 11:11:31 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 11:11:31 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-22 17:58:50 10285040 ----a-w- C:\Users\mommie\mbam-setup-1.75.0.1300.exe
2013-12-06 02:30:08 2048 ----a-w- C:\windows\System32\msxml3r.dll
2013-12-06 02:02:08 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-30 15:46:04 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2013-11-30 15:46:04 194048 ----a-w- C:\windows\SysWow64\elshyph.dll
2013-11-27 01:41:37 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\windows\System32\win32k.sys
2013-11-26 02:47:22 196376 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-11-26 02:47:20 243480 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-11-26 02:47:20 150808 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
.
============= FINISH: 16:21:43.51 ===============


 


Edited by kaygee809, 19 February 2014 - 07:00 AM.
Moved from AII to MRL - Hamluis.

The voyage of discovery is not in seeking new landscapes

   but in having new eyes...


BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:03 AM

Posted 19 February 2014 - 03:40 PM

Hello kaygee809,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 kaygee809

kaygee809
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 19 February 2014 - 04:55 PM

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mommie [Admin rights]
Mode : Remove -- Date : 02/19/2014 16:44:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] Digital Sites : C:\Users\mommie\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
[V2][SUSP PATH] Test TimeTrigger : C:\Users\jamel\AppData\Local\Temp\Runner.exe - C:\Users\jamel\AppData\Local\Temp\DNS.exe [x][x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3275GSX SATA Disk Device +++++
--- User ---
[MBR] 0c13800222c21f6dca3e965c9fcdad92
[BSP] 41c3235da47578c83c7d3c8a3d73b855 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 291228 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 599508992 | Size: 12516 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_02192014_164438.txt >>
RKreport[0]_S_02192014_164156.txt



RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mommie [Admin rights]
Mode : Remove -- Date : 02/19/2014 16:44:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] Digital Sites : C:\Users\mommie\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
[V2][SUSP PATH] Test TimeTrigger : C:\Users\jamel\AppData\Local\Temp\Runner.exe - C:\Users\jamel\AppData\Local\Temp\DNS.exe [x][x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3275GSX SATA Disk Device +++++
--- User ---
[MBR] 0c13800222c21f6dca3e965c9fcdad92
[BSP] 41c3235da47578c83c7d3c8a3d73b855 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 291228 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 599508992 | Size: 12516 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_02192014_164438.txt >>
RKreport[0]_S_02192014_164156.txt


 

If i understand you correctly by renaming something that will not work - i can make it work?  sort of tricking whatever is blocking me- is that correct?  tyvm


The voyage of discovery is not in seeking new landscapes

   but in having new eyes...


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:03 AM

Posted 19 February 2014 - 06:30 PM

 

If i understand you correctly by renaming something that will not work - i can make it work?  sort of tricking whatever is blocking me- is that correct?  tyvm

Sometimes it works.

 


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 kaygee809

kaygee809
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 19 February 2014 - 07:49 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by mommie (administrator) on JAMEL-PC on 19-02-2014 19:10:50
Running from C:\Users\mommie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(LionSea) C:\Program Files (x86)\DriverTuner\DriverTuner.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596912 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AgentMonitor] - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKU\S-1-5-21-3438129854-778272065-4149528103-1003\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-09-12] (Google Inc.)
Startup: C:\Users\jamel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\mommie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
SearchScopes: HKLM - DefaultScope {EA46298D-229B-4737-B6FB-88341B0CE804} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {EA46298D-229B-4737-B6FB-88341B0CE804} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM-x32 - {EA46298D-229B-4737-B6FB-88341B0CE804} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKCU - DefaultScope {EA46298D-229B-4737-B6FB-88341B0CE804} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7MXGB_enUS553
SearchScopes: HKCU - {46F1DF1E-17BB-417F-9DA2-187E2D1AB02B} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7MXGB_enUS553
SearchScopes: HKCU - {EA46298D-229B-4737-B6FB-88341B0CE804} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7MXGB_enUS553
BHO: The weDownload Manager - {11111111-1111-1111-1111-110411901174} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/stg_drm.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\mommie\AppData\Roaming\Mozilla\Firefox\Profiles\yw8zymku.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: The weDownload Manager - C:\Users\mommie\AppData\Roaming\Mozilla\Firefox\Profiles\yw8zymku.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com [2014-02-08]
FF Extension: YouTube™ Anywhere Player - C:\Users\mommie\AppData\Roaming\Mozilla\Firefox\Profiles\yw8zymku.default\Extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} [2014-01-17]
FF Extension: DnsBasic - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com

Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\mommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-17]
CHR Extension: (Google Wallet) - C:\Users\mommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-02-16] (SurfRight B.V.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)
R2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] ()
S2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [122368 2011-05-09] (Incorporated)
R3 GKUPRO2D; C:\Windows\System32\DRIVERS\GKUPRO2D.sys [120320 2012-11-05] (Gemalto)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] (Qualcomm Atheros Co., Ltd.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-19 19:10 - 2014-02-19 19:11 - 00018875 _____ () C:\Users\mommie\Downloads\FRST.txt
2014-02-19 19:09 - 2014-02-19 19:10 - 00000000 ____D () C:\FRST
2014-02-19 19:08 - 2014-02-19 19:09 - 02153472 _____ (Farbar) C:\Users\mommie\Downloads\FRST64.exe
2014-02-19 18:55 - 2014-02-19 18:55 - 00261208 _____ (LG Electronics) C:\Users\jamel\Downloads\B2CAppSetup.exe
2014-02-19 17:00 - 2014-02-19 17:01 - 00000000 ____D () C:\Users\mommie\Desktop\fireman
2014-02-19 16:26 - 2014-02-19 16:26 - 03817984 _____ () C:\Users\mommie\Desktop\RogueKiller.exe
2014-02-19 06:40 - 2014-02-19 06:40 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-02-19 06:21 - 2014-02-19 06:25 - 00000000 ____D () C:\Program Files\DIFX
2014-02-19 03:33 - 2014-02-19 06:19 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-02-19 03:33 - 2014-02-19 03:33 - 00003308 _____ () C:\windows\System32\Tasks\DriverTuner Startup
2014-02-19 03:33 - 2014-02-19 03:33 - 00001054 _____ () C:\Users\Public\Desktop\DriverTuner.lnk
2014-02-19 03:04 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-02-19 03:04 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-19 03:04 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-19 03:04 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-02-19 03:04 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-02-19 03:04 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-02-19 03:04 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-19 03:04 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-02-19 03:04 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-02-19 03:04 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-02-19 03:04 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-02-19 03:04 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-02-19 03:04 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-02-19 03:04 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-02-19 03:04 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-02-19 03:04 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-02-19 03:04 - 2013-10-01 15:57 - 06578176 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-02-19 03:04 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-02-19 03:02 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-02-19 03:01 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-02-19 03:01 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-02-19 03:01 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2014-02-19 03:01 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-02-19 03:01 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-02-19 03:01 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-02-19 02:59 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-02-19 02:59 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-02-19 02:59 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-02-19 02:59 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-02-18 16:18 - 2014-02-18 16:18 - 00688992 ____R (Swearware) C:\Users\mommie\Downloads\dds.com
2014-02-18 12:45 - 2014-02-18 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 12:45 - 2014-02-18 12:45 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-17 21:24 - 2014-02-19 16:57 - 00000000 ____D () C:\Users\mommie\Desktop\bleeping computer
2014-02-17 21:22 - 2014-02-18 12:05 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-17 21:21 - 2014-02-18 16:18 - 00000000 ____D () C:\Users\mommie\Desktop\mbar
2014-02-17 21:21 - 2014-02-17 21:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\mommie\Desktop\mbar-1.07.0.1009.exe
2014-02-16 19:54 - 2014-02-16 20:08 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-16 19:54 - 2014-02-16 19:54 - 00001904 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-16 19:47 - 2014-02-16 19:53 - 10820032 _____ (SurfRight B.V.) C:\Users\mommie\Downloads\HitmanPro_x64.exe
2014-02-16 19:45 - 2014-02-16 19:45 - 00000000 ____D () C:\Users\mommie\Downloads\Hitman_Pro_TSV34JT9P
2014-02-16 19:38 - 2014-02-16 19:44 - 09988304 _____ (SurfRight B.V.) C:\Users\mommie\Downloads\HitmanPro.exe
2014-02-16 19:36 - 2014-02-16 19:36 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\mommie\Downloads\iExplore.exe
2014-02-16 19:32 - 2014-02-16 19:32 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\mommie\Downloads\tdsskiller.exe
2014-02-15 16:07 - 2014-02-15 16:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 20:58 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-12 20:58 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-12 20:56 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-12 20:56 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-12 20:56 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-12 20:56 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-12 20:56 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-12 20:56 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-12 20:56 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-12 20:56 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-12 20:56 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-12 20:56 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-12 20:56 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-12 20:56 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-12 20:56 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-12 20:56 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-12 20:56 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-12 20:56 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-12 20:56 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-12 20:56 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-12 20:56 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-12 20:56 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-12 20:56 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-12 20:56 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-12 20:56 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-12 20:56 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-12 20:56 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-12 20:56 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-12 20:56 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-12 20:56 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-12 20:56 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-12 20:56 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-12 20:56 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-12 20:56 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-12 20:56 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-12 20:56 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-12 20:56 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-12 20:56 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-12 20:56 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-12 20:56 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-12 20:56 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-12 03:44 - 2013-12-31 18:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-12 03:44 - 2013-12-31 18:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-12 03:44 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-12 03:44 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-12 03:44 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-12 03:44 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-12 03:44 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-12 03:44 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-12 03:44 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-12 03:44 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-12 03:44 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-12 03:44 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-12 03:44 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-12 03:44 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-12 03:44 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 03:44 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-12 03:44 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-12 03:44 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 03:44 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-12 03:44 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-12 03:44 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-12 03:44 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-12 03:44 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 03:44 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 03:43 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-12 03:43 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-12 03:43 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-12 03:43 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-08 18:50 - 2014-02-08 18:51 - 327964808 _____ (Microsoft Corporation) C:\Users\mommie\Downloads\X16-32694.exe
2014-02-03 10:24 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-03 10:24 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-02-03 10:24 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-02-03 10:24 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-02-03 10:23 - 2014-02-03 10:24 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 17:36 - 2009-04-23 06:16 - 00009528 _____ () C:\Users\mommie\FACEBO~1.004
2014-01-27 17:32 - 2014-01-27 17:32 - 00000005 _____ () C:\Users\mommie\AppData\Roaming\WBPU-TTL.DAT
2014-01-27 17:29 - 2014-01-27 17:32 - 00000098 _____ () C:\Users\mommie\AppData\Roaming\WB.CFG
2014-01-27 03:40 - 2013-12-18 09:38 - 00040248 _____ (AVG) C:\windows\system32\TURegOpt.exe
2014-01-27 03:40 - 2013-12-18 09:38 - 00029496 _____ (AVG) C:\windows\system32\authuitu.dll
2014-01-27 03:40 - 2013-12-18 09:38 - 00025400 _____ (AVG) C:\windows\SysWOW64\authuitu.dll

==================== One Month Modified Files and Folders =======

2014-02-19 19:11 - 2014-02-19 19:10 - 00018875 _____ () C:\Users\mommie\Downloads\FRST.txt
2014-02-19 19:11 - 2013-09-12 06:43 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 19:10 - 2014-02-19 19:09 - 00000000 ____D () C:\FRST
2014-02-19 19:09 - 2014-02-19 19:08 - 02153472 _____ (Farbar) C:\Users\mommie\Downloads\FRST64.exe
2014-02-19 19:01 - 2012-01-07 02:13 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 18:58 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 18:58 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 18:56 - 2013-09-17 13:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-19 18:55 - 2014-02-19 18:55 - 00261208 _____ (LG Electronics) C:\Users\jamel\Downloads\B2CAppSetup.exe
2014-02-19 18:54 - 2012-01-07 00:51 - 01731565 _____ () C:\windows\WindowsUpdate.log
2014-02-19 18:52 - 2013-09-15 03:50 - 00000000 ____D () C:\Users\jamel\AppData\Local\Deployment
2014-02-19 18:52 - 2012-02-25 21:38 - 00000000 ____D () C:\Users\jamel\AppData\Roaming\Skype
2014-02-19 18:49 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-19 18:49 - 2009-07-13 23:51 - 00099542 _____ () C:\windows\setupact.log
2014-02-19 17:01 - 2014-02-19 17:00 - 00000000 ____D () C:\Users\mommie\Desktop\fireman
2014-02-19 16:57 - 2014-02-17 21:24 - 00000000 ____D () C:\Users\mommie\Desktop\bleeping computer
2014-02-19 16:43 - 2012-01-07 02:13 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 16:35 - 2013-12-22 15:34 - 00000000 ____D () C:\Users\mommie\Desktop\tools
2014-02-19 16:26 - 2014-02-19 16:26 - 03817984 _____ () C:\Users\mommie\Desktop\RogueKiller.exe
2014-02-19 11:51 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-02-19 07:11 - 2009-07-14 00:08 - 00032530 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-19 06:47 - 2012-01-07 01:10 - 00033218 _____ () C:\windows\DPINST.LOG
2014-02-19 06:40 - 2014-02-19 06:40 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-02-19 06:25 - 2014-02-19 06:21 - 00000000 ____D () C:\Program Files\DIFX
2014-02-19 06:19 - 2014-02-19 03:33 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-02-19 05:53 - 2013-11-20 04:00 - 00000000 ____D () C:\Users\mommie\AppData\Local\Adobe
2014-02-19 05:53 - 2013-09-17 13:19 - 00000000 ____D () C:\Users\mommie\AppData\Roaming\Adobe
2014-02-19 03:42 - 2009-07-14 00:13 - 00797232 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-19 03:33 - 2014-02-19 03:33 - 00003308 _____ () C:\windows\System32\Tasks\DriverTuner Startup
2014-02-19 03:33 - 2014-02-19 03:33 - 00001054 _____ () C:\Users\Public\Desktop\DriverTuner.lnk
2014-02-19 03:29 - 2013-09-17 13:21 - 00000000 ____D () C:\Users\mommie\AppData\Roaming\Toshiba
2014-02-19 03:18 - 2012-02-25 21:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-19 03:18 - 2012-02-25 21:37 - 00000000 ____D () C:\ProgramData\Skype
2014-02-19 03:05 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-02-19 02:43 - 2013-09-12 07:55 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-02-18 16:18 - 2014-02-18 16:18 - 00688992 ____R (Swearware) C:\Users\mommie\Downloads\dds.com
2014-02-18 16:18 - 2014-02-18 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-18 16:18 - 2014-02-17 21:21 - 00000000 ____D () C:\Users\mommie\Desktop\mbar
2014-02-18 12:45 - 2014-02-18 12:45 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-18 12:05 - 2014-02-17 21:22 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-17 23:07 - 2010-11-20 22:47 - 00166846 _____ () C:\windows\PFRO.log
2014-02-17 21:21 - 2014-02-17 21:21 - 12589848 _____ (Malwarebytes Corp.) C:\Users\mommie\Desktop\mbar-1.07.0.1009.exe
2014-02-17 12:26 - 2013-12-22 15:32 - 00000000 ____D () C:\AdwCleaner
2014-02-17 12:19 - 2013-10-13 17:35 - 00000000 ____D () C:\Users\mommie\AppData\Local\Deployment
2014-02-16 20:39 - 2013-09-16 04:49 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 20:33 - 2013-09-16 04:49 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-16 20:08 - 2014-02-16 19:54 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-16 19:54 - 2014-02-16 19:54 - 00001904 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-16 19:53 - 2014-02-16 19:47 - 10820032 _____ (SurfRight B.V.) C:\Users\mommie\Downloads\HitmanPro_x64.exe
2014-02-16 19:45 - 2014-02-16 19:45 - 00000000 ____D () C:\Users\mommie\Downloads\Hitman_Pro_TSV34JT9P
2014-02-16 19:44 - 2014-02-16 19:38 - 09988304 _____ (SurfRight B.V.) C:\Users\mommie\Downloads\HitmanPro.exe
2014-02-16 19:36 - 2014-02-16 19:36 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\mommie\Downloads\iExplore.exe
2014-02-16 19:32 - 2014-02-16 19:32 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\mommie\Downloads\tdsskiller.exe
2014-02-16 14:14 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-02-16 14:12 - 2013-09-17 13:19 - 00000258 __RSH () C:\Users\mommie\ntuser.pol
2014-02-16 14:12 - 2013-09-17 13:18 - 00000000 ____D () C:\Users\mommie
2014-02-16 03:46 - 2012-02-25 14:11 - 00000000 ____D () C:\ProgramData\Knowledge Adventure
2014-02-15 21:20 - 2013-09-20 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 21:15 - 2013-09-17 13:55 - 00000976 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-15 16:07 - 2014-02-15 16:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 04:38 - 2012-01-07 02:13 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 04:38 - 2012-01-07 02:13 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 21:35 - 2012-07-31 14:56 - 00791448 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-12 13:45 - 2013-09-26 10:49 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-02-08 18:51 - 2014-02-08 18:50 - 327964808 _____ (Microsoft Corporation) C:\Users\mommie\Downloads\X16-32694.exe
2014-02-06 07:16 - 2014-02-12 20:56 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-12 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-12 20:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-12 20:56 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-12 20:56 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-12 20:56 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-12 20:56 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-12 20:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-12 20:56 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-12 20:56 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-12 20:56 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-12 20:56 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-12 20:56 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-12 20:56 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-12 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-12 20:56 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-12 20:56 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-12 20:56 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-12 20:56 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 20:56 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-12 20:56 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-12 20:56 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 20:56 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-12 20:56 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-12 20:56 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-12 20:56 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-12 20:56 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-12 20:56 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-12 20:56 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-12 20:56 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-12 20:56 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-12 20:56 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 20:56 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 20:56 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-12 20:56 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-12 20:56 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-12 20:56 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-12 20:56 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-12 20:56 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-05 06:11 - 2013-09-12 06:43 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 06:11 - 2013-04-01 04:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 06:11 - 2011-07-21 20:55 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-03 11:07 - 2013-09-29 11:34 - 00003704 _____ () C:\windows\System32\Tasks\Java Update Scheduler
2014-02-03 10:25 - 2013-09-25 06:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-03 10:24 - 2014-02-03 10:23 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-03 10:24 - 2011-07-21 20:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-28 04:36 - 2013-09-26 08:59 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-27 17:32 - 2014-01-27 17:32 - 00000005 _____ () C:\Users\mommie\AppData\Roaming\WBPU-TTL.DAT
2014-01-27 17:32 - 2014-01-27 17:29 - 00000098 _____ () C:\Users\mommie\AppData\Roaming\WB.CFG
2014-01-27 03:37 - 2013-09-17 13:52 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-01-23 04:04 - 2014-01-16 17:31 - 00000000 ____D () C:\ProgramData\Symantec
2014-01-23 04:04 - 2012-01-07 01:49 - 00000000 ____D () C:\ProgramData\Norton
2014-01-23 04:01 - 2014-01-11 17:20 - 00000000 ____D () C:\Users\mommie\AppData\Local\CrashDumps
ZeroAccess:
C:\Users\jamel\AppData\Local\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\mommie\mbam-setup-1.75.0.1300.exe

Some content of TEMP:
====================
C:\Users\mommie\AppData\Local\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-18 00:03

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by mommie at 2014-02-19 19:12:48
Running from C:\Users\mommie\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) MUI (x32 Version: 10.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112 - Adobe Systems, Inc.)
AMD Media Foundation Decoders (Version: 1.0.60607.2201 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
Android USB Driver (x32 Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (Version: 3.0.829.0 - ATI Technologies, Inc.)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4335 - AVG Technologies)
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0607.2212.38019 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help English (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help French (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help German (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
ccc-utility64 (Version: 2011.0607.2212.38019 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (Version: 8.54.1.0 - Conexant)
Curse Client (HKCU Version: 5.1.1.792 - Curse)
CWA Reminder by We-Care.com v4.0.16.3 (x32 Version: 4.0.16.3 - We-Care.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverTuner 3.1.0.1 (x32 Version: 3.1.0.1 - LionSea SoftWare)
ESET Online Scanner v3 (x32 Version:  - )
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileParade bundle uninstaller (x32 Version: 1.0.0.0 - FileParade) <==== ATTENTION
Fishdom ™ 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Flash Player Pro V5.4 (x32 Version:  - FlashPlayerPro.com)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HitmanPro 3.7 (Version: 3.7.9.212 - SurfRight B.V.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (x32 Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Knctr (x32 Version:  - Itibiti Inc.)
Learning Lodge™ (x32 Version:  - VTech)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
PDFCreator (x32 Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype Click to Call (x32 Version: 7.0.14735.1561 - Microsoft Corporation)
Skype Launcher (x32 Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Super TextTwist (remove only) (x32 Version:  - JenkatGames)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
Toshiba App Place (x32 Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (x32 Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (x32 Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (x32 Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (Version: 1.6.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 1.6.10.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (x32 Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (x32 Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (x32 Version: 1.0.87.4 - TOSHIBA CORPORATION)
Toshiba Online Backup (x32 Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (x32 Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.2.12 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (x32 Version: 1.0.6 - TOSHIBA)
TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.104 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
WildTangent Games (x32 Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Driver Package - AMD USB  (03/30/2010 1.0.0.5) (Version: 03/30/2010 1.0.0.5 - AMD)
Windows Driver Package - Qualcomm Atheros (L1C) Net  (05/29/2013 2.1.0.19) (Version: 05/29/2013 2.1.0.19 - Qualcomm Atheros)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World of Warcraft (x32 Version:  - Blizzard Entertainment)
Yahoo! Toolbar (x32 Version:  - Yahoo! Inc.)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Restore Points  =========================

03-02-2014 15:21:10 Installed Java 7 Update 51
10-02-2014 19:36:53 Scheduled Checkpoint
13-02-2014 01:54:48 Windows Update
16-02-2014 02:10:51 Installed AVG 2014
17-02-2014 01:32:44 Windows Update
18-02-2014 04:03:59 Malwarebytes Anti-Rootkit Restore Point
19-02-2014 08:00:23 Windows Update
19-02-2014 08:16:12 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1654AB20-6531-459D-BA5F-2FF0CBB81E78} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\WSCStub.exe
Task: {315345F8-B4C6-47B3-9AB7-FEABBE7646F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07] (Google Inc.)
Task: {37372E26-0349-4175-9EC0-2C206C015D2A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-15] (Microsoft Corporation)
Task: {5AC55308-273D-4569-AC88-E1FE9F81CC32} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)
Task: {6C370BAF-860B-401A-8AC6-6953E8188FF6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\SymErr.exe
Task: {96F4DBCC-F088-4E92-B9C4-1870D5B907BF} - \Desk 365 RunAsStdUser No Task File
Task: {9B88E90E-0686-4B42-B1E2-F70D61F9D1AC} - \Funmoods No Task File
Task: {A5F6B689-BBB3-48CB-9013-FD911084CF6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07] (Google Inc.)
Task: {A86FF5B0-4864-4F77-95C1-2C748FC51C62} - \FoxTab No Task File
Task: {C04C17BF-4783-4132-83C0-6BBA28814F28} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {F3CDD4FD-BF3A-4D29-BB4A-2EBC064BB8D6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {F55B5117-6A71-4628-9E8B-6257C2D2A892} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\SymErr.exe
Task: {F6DDEB46-E97A-405D-B1E3-8B07D63F8C02} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {FED29808-2E37-479E-9BA5-527C47290F8C} - System32\Tasks\DriverTuner Startup => C:\Program Files (x86)\DriverTuner\DriverTuner.exe [2013-07-11] (LionSea)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-01 13:13 - 2005-03-11 23:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2013-10-13 18:51 - 2013-10-31 09:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-10-13 18:51 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-10-13 18:51 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-12-18 09:38 - 2013-12-18 09:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2012-07-18 22:39 - 2011-05-12 13:23 - 00512000 _____ () C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
2014-01-15 03:11 - 2014-01-15 03:11 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-08-11 21:37 - 2013-06-20 02:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2011-06-08 01:11 - 2011-06-08 01:11 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 13:17 - 2011-03-22 13:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-08-11 21:37 - 2010-06-23 20:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2013-08-11 21:37 - 2010-07-13 08:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2013-08-11 21:37 - 2010-06-01 21:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2013-08-11 21:37 - 2010-06-01 21:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2013-08-11 21:37 - 2013-08-09 01:01 - 09849200 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2013-08-11 21:37 - 2010-06-01 21:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2013-08-11 21:37 - 2010-06-01 21:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2013-08-11 21:37 - 2010-07-05 04:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2013-08-11 21:37 - 2010-11-11 04:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2013-08-11 21:37 - 2010-06-02 00:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-08-11 21:37 - 2010-06-02 00:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2014-02-19 03:33 - 2013-07-11 09:07 - 00092984 _____ () C:\Program Files (x86)\DriverTuner\zlibwapi.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1880E7FA
AlternateDataStreams: C:\ProgramData\TEMP:3E69E337
AlternateDataStreams: C:\ProgramData\TEMP:77A023CE
AlternateDataStreams: C:\ProgramData\TEMP:91730504
AlternateDataStreams: C:\ProgramData\TEMP:B95DA41A
AlternateDataStreams: C:\ProgramData\TEMP:CD6E25A6
AlternateDataStreams: C:\ProgramData\TEMP:CF31AEF5
AlternateDataStreams: C:\ProgramData\TEMP:CF75D88F
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2014 07:01:44 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 06:54:29 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (02/19/2014 06:52:41 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (02/19/2014 06:51:40 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 06:51:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2014 04:11:55 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (02/19/2014 04:09:37 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 04:09:18 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (02/19/2014 04:09:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2014 11:45:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (02/19/2014 06:50:01 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (02/19/2014 06:49:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2014 05:18:55 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/19/2014 04:07:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2014 04:07:40 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (02/19/2014 00:35:16 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/19/2014 08:05:00 AM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (02/19/2014 08:04:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2014 07:13:39 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.

Error: (02/19/2014 07:13:39 AM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147943515.

Microsoft Office Sessions:
=========================
Error: (02/19/2014 07:01:44 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 06:54:29 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (02/19/2014 06:52:41 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (02/19/2014 06:51:40 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 06:51:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2014 04:11:55 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (02/19/2014 04:09:37 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 04:09:18 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (02/19/2014 04:09:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2014 11:45:23 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 2662.87 MB
Available physical RAM: 1315.41 MB
Total Pagefile: 5323.91 MB
Available Pagefile: 3726.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:213.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CBA03604)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

==================== End Of Log ===========================


Edited by kaygee809, 20 February 2014 - 05:09 PM.

The voyage of discovery is not in seeking new landscapes

   but in having new eyes...


#6 kaygee809

kaygee809
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 19 February 2014 - 07:51 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by mommie at 2014-02-19 19:12:48
Running from C:\Users\mommie\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) MUI (x32 Version: 10.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112 - Adobe Systems, Inc.)
AMD Media Foundation Decoders (Version: 1.0.60607.2201 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
Android USB Driver (x32 Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (Version: 3.0.829.0 - ATI Technologies, Inc.)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4335 - AVG Technologies)
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0607.2212.38019 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help English (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help French (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help German (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
ccc-utility64 (Version: 2011.0607.2212.38019 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (Version: 8.54.1.0 - Conexant)
Curse Client (HKCU Version: 5.1.1.792 - Curse)
CWA Reminder by We-Care.com v4.0.16.3 (x32 Version: 4.0.16.3 - We-Care.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverTuner 3.1.0.1 (x32 Version: 3.1.0.1 - LionSea SoftWare)
ESET Online Scanner v3 (x32 Version:  - )
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileParade bundle uninstaller (x32 Version: 1.0.0.0 - FileParade) <==== ATTENTION
Fishdom ™ 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Flash Player Pro V5.4 (x32 Version:  - FlashPlayerPro.com)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HitmanPro 3.7 (Version: 3.7.9.212 - SurfRight B.V.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (x32 Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Knctr (x32 Version:  - Itibiti Inc.)
Learning Lodge™ (x32 Version:  - VTech)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
PDFCreator (x32 Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype Click to Call (x32 Version: 7.0.14735.1561 - Microsoft Corporation)
Skype Launcher (x32 Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Super TextTwist (remove only) (x32 Version:  - JenkatGames)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
Toshiba App Place (x32 Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (x32 Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (x32 Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (x32 Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (Version: 1.6.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 1.6.10.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (x32 Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (x32 Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (x32 Version: 1.0.87.4 - TOSHIBA CORPORATION)
Toshiba Online Backup (x32 Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (x32 Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.2.12 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (x32 Version: 1.0.6 - TOSHIBA)
TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.104 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
WildTangent Games (x32 Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Driver Package - AMD USB  (03/30/2010 1.0.0.5) (Version: 03/30/2010 1.0.0.5 - AMD)
Windows Driver Package - Qualcomm Atheros (L1C) Net  (05/29/2013 2.1.0.19) (Version: 05/29/2013 2.1.0.19 - Qualcomm Atheros)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World of Warcraft (x32 Version:  - Blizzard Entertainment)
Yahoo! Toolbar (x32 Version:  - Yahoo! Inc.)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Restore Points  =========================

03-02-2014 15:21:10 Installed Java 7 Update 51
10-02-2014 19:36:53 Scheduled Checkpoint
13-02-2014 01:54:48 Windows Update
16-02-2014 02:10:51 Installed AVG 2014
17-02-2014 01:32:44 Windows Update
18-02-2014 04:03:59 Malwarebytes Anti-Rootkit Restore Point
19-02-2014 08:00:23 Windows Update
19-02-2014 08:16:12 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1654AB20-6531-459D-BA5F-2FF0CBB81E78} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\WSCStub.exe
Task: {315345F8-B4C6-47B3-9AB7-FEABBE7646F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07] (Google Inc.)
Task: {37372E26-0349-4175-9EC0-2C206C015D2A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-15] (Microsoft Corporation)
Task: {5AC55308-273D-4569-AC88-E1FE9F81CC32} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)
Task: {6C370BAF-860B-401A-8AC6-6953E8188FF6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\SymErr.exe
Task: {96F4DBCC-F088-4E92-B9C4-1870D5B907BF} - \Desk 365 RunAsStdUser No Task File
Task: {9B88E90E-0686-4B42-B1E2-F70D61F9D1AC} - \Funmoods No Task File
Task: {A5F6B689-BBB3-48CB-9013-FD911084CF6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07] (Google Inc.)
Task: {A86FF5B0-4864-4F77-95C1-2C748FC51C62} - \FoxTab No Task File
Task: {C04C17BF-4783-4132-83C0-6BBA28814F28} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {F3CDD4FD-BF3A-4D29-BB4A-2EBC064BB8D6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {F55B5117-6A71-4628-9E8B-6257C2D2A892} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\SymErr.exe
Task: {F6DDEB46-E97A-405D-B1E3-8B07D63F8C02} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {FED29808-2E37-479E-9BA5-527C47290F8C} - System32\Tasks\DriverTuner Startup => C:\Program Files (x86)\DriverTuner\DriverTuner.exe [2013-07-11] (LionSea)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-01 13:13 - 2005-03-11 23:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2013-10-13 18:51 - 2013-10-31 09:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-10-13 18:51 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-10-13 18:51 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-12-18 09:38 - 2013-12-18 09:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2012-07-18 22:39 - 2011-05-12 13:23 - 00512000 _____ () C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
2014-01-15 03:11 - 2014-01-15 03:11 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-08-11 21:37 - 2013-06-20 02:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2011-06-08 01:11 - 2011-06-08 01:11 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 13:17 - 2011-03-22 13:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-08-11 21:37 - 2010-06-23 20:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2013-08-11 21:37 - 2010-07-13 08:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2013-08-11 21:37 - 2010-06-01 21:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2013-08-11 21:37 - 2010-06-01 21:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2013-08-11 21:37 - 2013-08-09 01:01 - 09849200 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2013-08-11 21:37 - 2010-06-01 21:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2013-08-11 21:37 - 2010-06-01 21:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2013-08-11 21:37 - 2010-07-05 04:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2013-08-11 21:37 - 2010-11-11 04:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2013-08-11 21:37 - 2010-06-02 00:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-08-11 21:37 - 2010-06-02 00:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2014-02-19 03:33 - 2013-07-11 09:07 - 00092984 _____ () C:\Program Files (x86)\DriverTuner\zlibwapi.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1880E7FA
AlternateDataStreams: C:\ProgramData\TEMP:3E69E337
AlternateDataStreams: C:\ProgramData\TEMP:77A023CE
AlternateDataStreams: C:\ProgramData\TEMP:91730504
AlternateDataStreams: C:\ProgramData\TEMP:B95DA41A
AlternateDataStreams: C:\ProgramData\TEMP:CD6E25A6
AlternateDataStreams: C:\ProgramData\TEMP:CF31AEF5
AlternateDataStreams: C:\ProgramData\TEMP:CF75D88F
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2014 07:01:44 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 06:54:29 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (02/19/2014 06:52:41 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (02/19/2014 06:51:40 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 06:51:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2014 04:11:55 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (02/19/2014 04:09:37 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 04:09:18 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (02/19/2014 04:09:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2014 11:45:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (02/19/2014 06:50:01 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (02/19/2014 06:49:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2014 05:18:55 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/19/2014 04:07:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2014 04:07:40 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (02/19/2014 00:35:16 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/19/2014 08:05:00 AM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (02/19/2014 08:04:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/19/2014 07:13:39 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.

Error: (02/19/2014 07:13:39 AM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147943515.

Microsoft Office Sessions:
=========================
Error: (02/19/2014 07:01:44 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 06:54:29 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (02/19/2014 06:52:41 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (02/19/2014 06:51:40 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 06:51:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2014 04:11:55 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (02/19/2014 04:09:37 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/19/2014 04:09:18 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (02/19/2014 04:09:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2014 11:45:23 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 2662.87 MB
Available physical RAM: 1315.41 MB
Total Pagefile: 5323.91 MB
Available Pagefile: 3726.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:213.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: CBA03604)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

==================== End Of Log ============================

 

 

Bear with me pls.  im 62, self-taught and very unsure of this.i made a mistake and updated this morning when asked.  it was out of habit.  im very sorry I will not let it happen again.  have I messed up?  btw my son gave me this laptop and he didn't use protection of any type,  maybe that's how this thing got in!! tyvm!


Edited by kaygee809, 20 February 2014 - 05:06 PM.

The voyage of discovery is not in seeking new landscapes

   but in having new eyes...


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:03 AM

Posted 20 February 2014 - 10:30 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.32KB   10 downloads


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 kaygee809

kaygee809
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 20 February 2014 - 08:23 PM

pls help       me I don't know what happened to the download.  I cant find it.  I will not use firefox anymore until         things are better.  I couldn't figure out how to save to desktop in explorer because I had already downloaded it.  all I get now is the text doc.  im very sorry.  can you resend the download.  thx


The voyage of discovery is not in seeking new landscapes

   but in having new eyes...


#9 kaygee809

kaygee809
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 20 February 2014 - 08:33 PM

nvm what I posted above.  I have them on my desktop but im notsure how to run this fix.  can you pls explain it again to me.  im so very sorry for not understanding what to do.  I feel like an idiot.  thx.  ill come bk & check later.  im not sure what to run or how to run it.  also im constantly besieged with pop-ups and pages from

that akaihed (spellings wrong) that brought me to you in the 1st place.


Edited by kaygee809, 21 February 2014 - 05:58 AM.

The voyage of discovery is not in seeking new landscapes

   but in having new eyes...


#10 kaygee809

kaygee809
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 21 February 2014 - 07:39 AM

Have I done it correctly?? here is the log...

 

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-02-2014
Ran by mommie at 2014-02-21 07:37:54 Run:1
Running from C:\Users\mommie\Desktop\fireman
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO: The weDownload Manager - {11111111-1111-1111-1111-110411901174} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
HKLM\...\Run: [] - [X]
FF Extension: The weDownload Manager - C:\Users\mommie\AppData\Roaming\Mozilla\Firefox\Profiles\yw8zymku.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com [2014-02-08]
FF Extension: DnsBasic - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\jamel\AppData\Local\Google\Desktop\Install
C:\Users\mommie\mbam-setup-1.75.0.1300.exe
C:\Users\mommie\AppData\Local\Temp\ntdll_dump.dll
Task: {A86FF5B0-4864-4F77-95C1-2C748FC51C62} - \FoxTab No Task File
Task: {96F4DBCC-F088-4E92-B9C4-1870D5B907BF} - \Desk 365 RunAsStdUser No Task File
Task: {9B88E90E-0686-4B42-B1E2-F70D61F9D1AC} - \Funmoods No Task File
*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411901174} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Users\mommie\AppData\Roaming\Mozilla\Firefox\Profiles\yw8zymku.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3} => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\extension@Fast_Free_Converter.com => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\jamel\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Users\mommie\mbam-setup-1.75.0.1300.exe => Moved successfully.
C:\Users\mommie\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A86FF5B0-4864-4F77-95C1-2C748FC51C62} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A86FF5B0-4864-4F77-95C1-2C748FC51C62} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96F4DBCC-F088-4E92-B9C4-1870D5B907BF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96F4DBCC-F088-4E92-B9C4-1870D5B907BF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B88E90E-0686-4B42-B1E2-F70D61F9D1AC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B88E90E-0686-4B42-B1E2-F70D61F9D1AC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => Key deleted successfully.

==== End of Fixlog ====


The voyage of discovery is not in seeking new landscapes

   but in having new eyes...


#11 kaygee809

kaygee809
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 22 February 2014 - 05:15 PM

Dear Fireman4,

   Well I guess I actually did do the "fix" correctly...I no longer see the blank page or the tab that was opening from this site (I wondered if it was really from you guys).  I am very very grateful to you for helping.  I am waiting to verify my paypal account so that I can make a donation to you.  Is there anything else that you want me to do?  I am very afraid that as soon as I get the "all clean" it will start

hassling me again!

K. :bounce: :bananas: :flowers: :love4u:


The voyage of discovery is not in seeking new landscapes

   but in having new eyes...


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:03 AM

Posted 23 February 2014 - 11:29 AM

Sorry for the delay have had some things going on. Let's check for any leftovers.
 
 
1.
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
 

2.
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 kaygee809

kaygee809
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 23 February 2014 - 03:03 PM

im really sorry to hear that you have things going on....i hope all is well.  believe me i can relate!  my partner recently had a very serious surgery for cancer.  he will never speak again in life.  it can be hard but it does get better.  i just needed to be sure that

you were not finished with me. 

 

how do i rename a file b4 dwnlding it?  i tried to right-click and rename but i got a msg. back that it did not recognize and would not run it.  pls explain what you want me to do - at your leisure.  thx!  take care


The voyage of discovery is not in seeking new landscapes

   but in having new eyes...


#14 kaygee809

kaygee809
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 23 February 2014 - 05:03 PM

here is the log i ran from  my own malwarebytes program

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
mommie :: JAMEL-PC [administrator]

2/23/2014 4:11:10 PM
mbam-log-2014-02-23 (16-11-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280512
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
mommie :: JAMEL-PC [administrator]

2/24/2014 12:33:37 PM
mbam-log-2014-02-24 (12-33-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280581
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
mommie :: JAMEL-PC [administrator]

2/24/2014 12:33:37 PM
mbam-log-2014-02-24 (12-33-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280581
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 


Edited by kaygee809, 24 February 2014 - 12:50 PM.

The voyage of discovery is not in seeking new landscapes

   but in having new eyes...


#15 kaygee809

kaygee809
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:baltimore
  • Local time:05:03 AM

Posted 24 February 2014 - 08:16 PM

eset found 0 threats.  I ran it 2x to be sure.  actually my pc is running very well atm - I just don't trust it!  I have a feeling that as soon as I break connections with you it will mess up again.  it did  something similar to  that in December!  im waiting for my paypal account to be verified so that I can make a donation .  ill check again tomorrow (2-3 business days).

hope all is well with you!


The voyage of discovery is not in seeking new landscapes

   but in having new eyes...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users