Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32/Patched rpcss.dll svchost virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 greenlight20

greenlight20

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 25 February 2014 - 01:29 PM

Avg dectected the virus and i have tried to remove it by following some similiar problems here on the forum but have been unsuccessful in repariinr the virus

 

dds.txt log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.45.2
Run by Timothy Davis at 12:32:52 on 2014-02-25
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.129 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Timothy Davis\Desktop\RogueKiller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [googletalk] c:\users\timothy davis\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\direct3dvideooutput.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\Direct3DVideoOutput.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\directsoundaudiooutput.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\DirectSoundAudioOutput.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\divxdeinterlacefilter.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\DivXDeinterlaceFilter.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxbanneradplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxdownloadmanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxmediamanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxplayerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXPlayerPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxplaybackservicesplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXPlaybackServicesPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxdevicepaneplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXDevicePanePlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxlibrarypaneplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXLibraryPanePlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll",DllRegisterServer
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\users\timoth~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\timothy davis\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8DE22592-DA9F-4F8B-BE01-F4B727B0AA98} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E12C4C8C-B654-4E3D-87C8-7C6F4F07ECFB} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\timothy davis\appdata\roaming\mozilla\firefox\profiles\bbsdkgw9.default\
FF - prefs.js: browser.startup.homepage - ww.google.com
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\timothy davis\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\timothy davis\appdata\roaming\mozilla\firefox\profiles\bbsdkgw9.default\extensions\2020player_ikea@2020technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: c:\users\timothy davis\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2011-6-2 13824]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-25 17:26:54    26624    ----a-w-    c:\windows\system32\TrueSight.sys
2014-02-24 19:38:12    --------    d-----w-    c:\windows\ERUNT
2014-02-24 17:23:24    --------    d-----w-    C:\AdwCleaner
2014-02-24 15:18:01    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-02-24 15:17:49    --------    d-----w-    c:\users\timothy davis\appdata\local\temp
2014-02-24 14:22:47    98816    ----a-w-    c:\windows\sed.exe
2014-02-24 14:22:47    256000    ----a-w-    c:\windows\PEV.exe
2014-02-24 14:22:47    208896    ----a-w-    c:\windows\MBR.exe
2014-02-24 12:59:05    --------    d-----w-    c:\users\timothy davis\appdata\local\CrashDumps
2014-02-23 17:32:27    --------    d-----w-    c:\program files\HitmanPro
2014-02-22 20:08:39    --------    d-----w-    c:\programdata\HitmanPro
2014-02-22 05:50:06    --------    d-----w-    c:\users\timothy davis\appdata\roaming\Malwarebytes
2014-02-22 05:48:36    --------    d-----w-    c:\programdata\Malwarebytes
2014-02-22 05:48:04    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-02-22 05:48:03    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-02-20 20:48:39    --------    d-----w-    c:\windows\system32\bleep you
2014-02-01 05:15:27    --------    d-----w-    C:\found.006
2014-01-31 08:42:40    --------    d-----w-    c:\program files\Market Samurai
2014-01-29 21:39:13    --------    d-----w-    c:\users\timothy davis\appdata\roaming\MarketSamurai
.
==================== Find3M  ====================
.
2014-02-21 01:14:42    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 01:14:42    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-20 02:46:54    22808    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2014-01-06 19:23:36    4558848    ----a-w-    c:\windows\system32\GPhotos.scr
2013-12-18 06:11:52    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
.
============= FINISH: 12:42:17.62 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 25 February 2014 - 02:09 PM

Hi there,

i have tried to remove it by following some similiar problems here on the forum

Can you please post up all log files from the tools you have already run.

And in addition:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 greenlight20

greenlight20
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 25 February 2014 - 02:25 PM

Roque Killer and JRT

 

 

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Timothy Davis [Admin rights]
Mode : Scan -- Date : 02/24/2014 14:13:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35873F66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35873F66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35873F66)
[Inline] EAT @explorer.exe (OPENSSL_ia32cap_P) : avgntopensslx.dll -> HOOKED (Unknown @ 0x77ED3A1E)
[Inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x77071FFD)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1200BEVS-22RST0 +++++
--- User ---
[MBR] f6255a8d85424f2e55b3888443dcbe80
[BSP] d8378bad109d1d159dd6c6e4428293fa : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10707 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21928725 | Size: 103763 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02242014_141352.txt >>
RKreport[0]_D_02242014_121636.txt;RKreport[0]_S_02232014_133740.txt;RKreport[0]_S_02242014_121615.txt



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Timothy Davis on Mon 02/24/2014 at 14:39:07.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\bigfix"
Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Successfully deleted the following from C:\Users\Timothy Davis\AppData\Roaming\mozilla\firefox\profiles\bbsdkgw9.default\prefs.js

user_pref("interclue.preferences", "{\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\",\"Security.sites\":{\"surfcanyon.com\":3},\"Button.turboNote.showInTitlebar\":false,
user_pref("interclue.preferences.backup", "{\"Security.sites\":{\"surfcanyon.com\":3},\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\"}");
Emptied folder: C:\Users\Timothy Davis\AppData\Roaming\mozilla\firefox\profiles\bbsdkgw9.default\minidumps [227 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/24/2014 at 14:51:42.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



#4 greenlight20

greenlight20
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 25 February 2014 - 02:32 PM

hijack and combo

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:10:03 AM, on 2/24/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Timothy Davis\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Timothy Davis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Timothy Davis\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Rank Tracker] C:\Program Files\SEO PowerSuite\Rank Tracker\bin\ranktracker.exe -minimized
O4 - HKCU\..\Run: [googletalk] C:\Users\Timothy Davis\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3794427647-3927051111-2602980719-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Maddison')
O4 - HKUS\S-1-5-21-3794427647-3927051111-2602980719-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Maddi')
O4 - HKUS\S-1-5-21-3794427647-3927051111-2602980719-1002\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'Maddi')
O4 - Startup: Dropbox.lnk = C:\Users\Timothy Davis\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sprint Con App Svc (CASprint) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP LaserJet Professional M1210 MFP Series Receive Fax Service (HPM1210RcvFaxSrvc) - HP - C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: lxdx_device -   - C:\Windows\system32\lxdxcoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 14948 bytes
 

 

ComboFix 14-02-24.01 - Timothy Davis 02/24/2014   9:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.1224 [GMT -5:00]
Running from: c:\users\Timothy Davis\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\SEO PowerSuite\Rank Tracker\bin\ranktracker.exe
c:\programdata\windows
c:\users\Timothy Davis\AppData\Roaming\~ygw.tmp
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Timothy Davis\AppData\Roaming\RegistrySmart
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-24 to 2014-02-24  )))))))))))))))))))))))))))))))
.
.
2014-02-24 15:00 . 2014-02-24 15:10    --------    d-----w-    c:\users\Timothy Davis\AppData\Local\temp
2014-02-24 15:00 . 2014-02-24 15:00    --------    d-----w-    c:\users\Maddison\AppData\Local\temp
2014-02-24 15:00 . 2014-02-24 15:00    --------    d-----w-    c:\users\Maddi\AppData\Local\temp
2014-02-24 15:00 . 2014-02-24 15:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-24 13:27 . 2014-02-24 13:59    30976    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2014-02-24 12:59 . 2014-02-24 12:59    --------    d-----w-    c:\users\Timothy Davis\AppData\Local\CrashDumps
2014-02-23 18:44 . 2014-02-23 18:44    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-23 17:32 . 2014-02-23 17:32    --------    d-----w-    c:\program files\HitmanPro
2014-02-22 20:08 . 2014-02-22 20:36    --------    d-----w-    c:\programdata\HitmanPro
2014-02-22 05:50 . 2014-02-22 05:50    --------    d-----w-    c:\users\Timothy Davis\AppData\Roaming\Malwarebytes
2014-02-22 05:48 . 2014-02-22 05:48    --------    d-----w-    c:\programdata\Malwarebytes
2014-02-22 05:48 . 2013-04-04 19:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-02-22 05:48 . 2014-02-22 05:49    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-02-20 20:48 . 2014-02-20 20:48    --------    d-----w-    c:\windows\system32\bleep you
2014-02-01 05:15 . 2014-02-01 05:15    --------    d-----w-    C:\found.006
2014-01-31 08:42 . 2014-01-31 08:43    --------    d-----w-    c:\program files\Market Samurai
2014-01-29 21:39 . 2014-01-29 21:39    --------    d-----w-    c:\users\Timothy Davis\AppData\Roaming\MarketSamurai
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 01:14 . 2012-04-03 03:45    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-21 01:14 . 2011-06-01 06:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-20 02:46 . 2014-01-20 02:46    22808    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2014-01-06 19:23 . 2014-01-06 19:23    4558848    ----a-w-    c:\windows\system32\GPhotos.scr
2013-12-18 06:11 . 2013-12-18 06:11    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 17:59    1811296    ----a-w-    c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Timothy Davis\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Timothy Davis\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Timothy Davis\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"googletalk"="c:\users\Timothy Davis\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-12-23 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-11-15 1861968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-04 40072]
.
c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Timothy Davis\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Timothy Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Timothy Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Timothy Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 16:09    63712    ----a-w-    c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CollaborationHost]
2008-01-19 07:33    192000    ----a-w-    c:\windows\System32\p2phost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-12-23 04:16    450560    ----a-w-    c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-11-15 00:48    1861968    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33    125952    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-12-12 03:03    106496    ----a-w-    c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTrackingLEDM]
2009-10-15 22:43    30264    ----a-w-    c:\program files\HP\HP UT LEDM\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-09-29 19:39    151552    ----a-w-    c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-12-12 03:02    98304    ----a-w-    c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55    55824    ----a-w-    c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\medicsp2]
2007-03-07 15:53    198184    ----a-w-    c:\program files\twc\medicsp2\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 16:02    79400    ----a-w-    c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-12-12 03:02    81920    ----a-w-    c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2013-01-17 20:08    267792    ----a-w-    c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_dec12]
2012-01-16 17:59    928096    ----a-w-    c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2008-10-07 15:23    111856    ----a-w-    c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28    1233920    ----a-w-    c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 18:46    1458176    ----a-w-    c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2008-10-15 16:02    17664    ----a-w-    c:\program files\Sprint\Sprint SmartView\SprintSV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03    210472    ----a-w-    c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-11-17 06:58    815104    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-11-12 16:23    295512    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-01-16 17:59    939872    ----a-w-    c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38    1008184    ----a-w-    c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45    215552    ----a-w-    c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33    202240    ----a-w-    c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35    176128    ----a-w-    c:\windows\System32\wpcumi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 12:35    20480    ----a-w-    c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23    111856    ----a-w-    c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3794427647-3927051111-2602980719-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - hitmanpro37
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ       wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ       WcesComm RapiMgr
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-21 03:15    1150280    ----a-w-    c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 01:14]
.
2014-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-10 01:22]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:48]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\
FF - prefs.js: browser.startup.homepage - ww.google.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Rank Tracker - c:\program files\SEO PowerSuite\Rank Tracker\bin\ranktracker.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-BigFix - c:\program files\Bigfix\bigfix.exe
MSConfigStartUp-Browser companion helper - c:\program files\BrowserCompanion\BCHelper.exe
MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe
MSConfigStartUp-FBSSA - c:\program files\SGPSA\ie3sh.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-LWS - c:\program files\Logitech\LWS\Webcam Software\LWS.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-Rank Tracker - c:\program files\SEO PowerSuite\Rank Tracker\bin\ranktracker.exe
MSConfigStartUp-RegistrySmart - c:\program files\RegistrySmart\RegistrySmart.exe
MSConfigStartUp-SpiralFrog - c:\program files\SpiralFrog\Spiralfrog.exe
MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-24 10:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
 [0] 0x49064606
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-02-24  10:17:43
ComboFix-quarantined-files.txt  2014-02-24 15:17
.
Pre-Run: 33,415,942,144 bytes free
Post-Run: 32,180,477,952 bytes free
.
- - End Of File - - 293D55AAC7689E9355C0174F8F4F7A10
5C616939100B85E558DA92B899A0FC36
 



#5 greenlight20

greenlight20
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 25 February 2014 - 02:43 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014 01
Ran by Timothy Davis (administrator) on SCOTTPATTERSON on 25-02-2014 14:31:21
Running from C:\Users\Timothy Davis\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
( ) C:\Windows\system32\lxdxcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SupportSoft, Inc.) C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-22] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [40072 2007-05-03] (soft thinks)
HKU\S-1-5-21-3794427647-3927051111-2602980719-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3794427647-3927051111-2602980719-1000\...\Run: [googletalk] - C:\Users\Timothy Davis\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-3794427647-3927051111-2602980719-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3794427647-3927051111-2602980719-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3794427647-3927051111-2602980719-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Timothy Davis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3794427647-3927051111-2602980719-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3794427647-3927051111-2602980719-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {F597B92D-1F5B-4CBA-B315-A68A99D761D5} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default
FF Homepage: ww.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Timothy Davis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Timothy Davis\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-18]
FF Extension: ReImage Helper - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\bbrs_006@blabbers.com [2012-05-30]
FF Extension: Xmarks - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\foxmarks@kei.com [2014-01-11]
FF Extension: Wappalyzer - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\wappalyzer@crunchlabz.com [2014-02-11]
FF Extension: Google Toolbar for Firefox - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-01]
FF Extension: Autofill Forms - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\autofillForms@blueimp.net.xpi [2011-11-08]
FF Extension: DT Whois - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\beysim@beysim.net.xpi [2011-12-28]
FF Extension: Cache Status - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\cache@status.org.xpi [2011-08-21]
FF Extension: Ghostery - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\firefox@ghostery.com.xpi [2014-01-02]
FF Extension: RankChecker - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\rankchecker@seobook.com.xpi [2011-09-17]
FF Extension: Seo Toolbar - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\seotoolbar@seobook.com.xpi [2011-07-04]
FF Extension: FastestFox - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\smarterwiki@wikiatic.com.xpi [2011-06-01]
FF Extension: MozBar - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\toolbar@seomoz.org.xpi [2011-06-01]
FF Extension: X-notifier - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-03-16]
FF Extension: New Tab Homepage - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2011-11-08]
FF Extension: googlebar - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}.xpi [2011-08-08]
FF Extension: NoScript - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-01]
FF Extension: Googlebar Lite - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2011-11-08]
FF Extension: FireFTP - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-09-08]
FF Extension: Interclue - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi [2011-06-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-12]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (         "name": "",) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\chromeNPAPI.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U6) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.60.24) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (Mozbar) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2013-04-20]
CHR Extension: (PageRank Status) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2013-09-26]
CHR Extension: (RealDownloader) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-12]
CHR Extension: (Skype Click to Call) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-01-28]
CHR Extension: (Google Wallet) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (SEO for Chrome) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2013-04-20]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-06-09]
CHR Extension: (Majestic SEO Backlink Analyzer) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2013-04-20]
CHR HKLM\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files\ReImageCompanion\blabbers-ch.crx [2013-04-20]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
S3 CASprint; C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe [124160 2008-10-15] (PCTEL)
S3 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S3 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-02-23] (SurfRight B.V.)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP)
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [589824 2009-10-16] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 SprintRcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [111872 2008-10-15] (PCTEL)
R2 sprtsvc_medicsp2; C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [202280 2007-03-07] (SupportSoft, Inc.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2010-04-28] ()
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 Nmea; C:\Windows\System32\DRIVERS\pctnullport.sys [38680 2008-10-15] (PCTEL Inc.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2008-10-15] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32408 2008-10-15] (PCTEL Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation                           )
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [649216 2007-01-02] (SigmaTel, Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [24840 2008-10-15] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 catchme; \??\C:\Users\TIMOTH~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U3 mbr; \??\C:\Users\TIMOTH~1\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-25 14:31 - 2014-02-25 14:34 - 00032205 _____ () C:\Users\Timothy Davis\Desktop\FRST.txt
2014-02-25 14:28 - 2014-02-25 14:31 - 00000000 ____D () C:\FRST
2014-02-25 14:26 - 2014-02-25 14:26 - 01144320 _____ (Farbar) C:\Users\Timothy Davis\Desktop\FRST.exe
2014-02-25 12:43 - 2014-02-25 12:44 - 00015840 _____ () C:\Users\Timothy Davis\Desktop\dds.txt
2014-02-25 12:43 - 2014-02-25 12:44 - 00006872 _____ () C:\Users\Timothy Davis\Desktop\attach.txt
2014-02-25 12:29 - 2014-02-25 12:30 - 00688992 ____R (Swearware) C:\Users\Timothy Davis\Desktop\dds.com
2014-02-24 14:51 - 2014-02-24 14:51 - 00001365 _____ () C:\Users\Timothy Davis\Desktop\JRT.txt
2014-02-24 14:38 - 2014-02-24 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-02-24 14:36 - 2014-02-24 14:36 - 01037734 _____ (Thisisu) C:\Users\Timothy Davis\Desktop\JRT.exe
2014-02-24 14:13 - 2014-02-24 14:13 - 00002792 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_141352.txt
2014-02-24 12:23 - 2014-02-24 12:39 - 00000000 ____D () C:\AdwCleaner
2014-02-24 12:23 - 2014-02-24 12:23 - 01241834 _____ () C:\Users\Timothy Davis\Desktop\AdwCleaner.exe
2014-02-24 12:16 - 2014-02-24 12:16 - 00003337 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_D_02242014_121636.txt
2014-02-24 12:16 - 2014-02-24 12:16 - 00003264 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_121615.txt
2014-02-24 11:29 - 2014-02-24 11:29 - 01153912 _____ (Emsi Software GmbH) C:\Users\Timothy Davis\Desktop\BlitzBlank.exe
2014-02-24 11:06 - 2014-02-24 15:56 - 00001792 _____ () C:\Windows\PFRO.log
2014-02-24 11:03 - 2014-02-24 11:03 - 00022296 _____ () C:\Users\Timothy Davis\Desktop\combo.txt
2014-02-24 10:17 - 2014-02-24 10:17 - 00022296 _____ () C:\ComboFix.txt
2014-02-24 09:22 - 2014-02-24 10:17 - 00000000 ____D () C:\Qoobox
2014-02-24 09:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-24 09:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-24 09:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-24 09:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-24 09:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-24 09:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-24 09:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-24 09:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-24 09:19 - 2014-02-24 10:13 - 00000000 ____D () C:\Windows\erdnt
2014-02-24 09:18 - 2014-02-24 09:18 - 05184582 ____R (Swearware) C:\Users\Timothy Davis\Desktop\ComboFix.exe
2014-02-24 09:18 - 2014-02-24 09:18 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\backups
2014-02-24 09:01 - 2014-02-24 09:10 - 00014950 _____ () C:\Users\Timothy Davis\Desktop\hijackthis.log
2014-02-24 08:44 - 2014-02-24 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Timothy Davis\Desktop\HijackThis.exe
2014-02-24 07:59 - 2014-02-24 12:20 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Local\CrashDumps
2014-02-23 13:37 - 2014-02-23 13:37 - 00003211 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02232014_133740.txt
2014-02-23 13:25 - 2014-02-24 12:16 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\RK_Quarantine
2014-02-23 12:43 - 2014-02-24 13:56 - 03818496 _____ () C:\Users\Timothy Davis\Desktop\RogueKiller.exe
2014-02-23 12:32 - 2014-02-23 12:32 - 00001732 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-23 12:32 - 2014-02-23 12:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-22 15:35 - 2014-02-22 15:35 - 00004238 _____ () C:\Windows\system32\.crusader
2014-02-22 15:08 - 2014-02-22 15:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-22 15:06 - 2014-02-22 15:06 - 09988304 _____ (SurfRight B.V.) C:\Users\Timothy Davis\Desktop\HitmanPro.exe
2014-02-22 00:50 - 2014-02-22 00:50 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Malwarebytes
2014-02-22 00:48 - 2014-02-22 00:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-22 00:48 - 2014-02-22 00:48 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 00:48 - 2014-02-22 00:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-22 00:48 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-22 00:40 - 2014-02-22 00:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Timothy Davis\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-21 11:20 - 2014-02-22 00:28 - 00002856 _____ () C:\Windows\setupact.log
2014-02-21 11:20 - 2014-02-21 11:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 17:51 - 2014-02-25 14:21 - 00000083 _____ () C:\Windows\system32\eler.yvj
2014-02-20 17:50 - 2014-02-20 17:50 - 00028672 _____ () C:\Windows\system32\tfbns.cyc
2014-02-20 16:31 - 2014-02-25 11:18 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-20 16:31 - 2014-02-20 16:31 - 00000064 _____ () C:\Windows\system32\ncae.adq
2014-02-20 16:13 - 2014-02-20 16:24 - 00003021 _____ () C:\Users\Timothy Davis\Desktop\avgrep.txt
2014-02-20 15:58 - 2014-02-20 15:58 - 168079221 _____ () C:\Windows\MEMORY.DMP
2014-02-20 15:58 - 2014-02-20 15:58 - 00139136 _____ () C:\Windows\Minidump\Mini022014-01.dmp
2014-02-20 15:48 - 2014-02-20 15:48 - 00000000 ____D () C:\Windows\system32\bleep you
2014-02-20 13:55 - 2014-02-20 17:50 - 00000098 _____ () C:\Windows\system32\wcyun.jff
2014-02-20 13:38 - 2014-02-20 13:38 - 00102437 ____S () C:\Windows\system32\ptboayb.oog
2014-02-17 01:12 - 2014-02-17 01:12 - 00001832 _____ () C:\Users\Timothy Davis\Desktop\Skype.lnk
2014-02-16 00:54 - 2014-02-16 00:54 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-15 00:36 - 2014-02-15 00:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-05 18:10 - 2014-02-20 03:49 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\402 Bass Ln
2014-02-01 00:15 - 2014-02-01 00:15 - 00000000 ____D () C:\found.006
2014-01-31 03:43 - 2014-01-31 03:43 - 00000812 _____ () C:\Users\Public\Desktop\Market Samurai.lnk
2014-01-31 03:42 - 2014-01-31 03:43 - 00000000 ____D () C:\Program Files\Market Samurai
2014-01-29 16:39 - 2014-01-29 16:39 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\MarketSamurai
2014-01-28 07:14 - 2014-01-28 07:14 - 00000111 _____ () C:\lxdx.log

==================== One Month Modified Files and Folders =======

2014-02-25 14:34 - 2014-02-25 14:31 - 00032205 _____ () C:\Users\Timothy Davis\Desktop\FRST.txt
2014-02-25 14:31 - 2014-02-25 14:28 - 00000000 ____D () C:\FRST
2014-02-25 14:26 - 2014-02-25 14:26 - 01144320 _____ (Farbar) C:\Users\Timothy Davis\Desktop\FRST.exe
2014-02-25 14:21 - 2014-02-20 17:51 - 00000083 _____ () C:\Windows\system32\eler.yvj
2014-02-25 14:14 - 2012-04-02 22:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-25 13:18 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 13:18 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 12:44 - 2014-02-25 12:43 - 00015840 _____ () C:\Users\Timothy Davis\Desktop\dds.txt
2014-02-25 12:44 - 2014-02-25 12:43 - 00006872 _____ () C:\Users\Timothy Davis\Desktop\attach.txt
2014-02-25 12:30 - 2014-02-25 12:29 - 00688992 ____R (Swearware) C:\Users\Timothy Davis\Desktop\dds.com
2014-02-25 12:30 - 2012-11-01 08:34 - 01961316 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 11:26 - 2011-09-22 19:04 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Dropbox
2014-02-25 11:26 - 2011-09-21 12:55 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Skype
2014-02-25 11:25 - 2011-09-22 19:08 - 00000000 ___RD () C:\Users\Timothy Davis\Desktop\Dropbox
2014-02-25 11:25 - 2011-09-19 10:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-25 11:21 - 2010-01-06 11:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 11:18 - 2014-02-20 16:31 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-25 11:18 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 00:18 - 2006-11-02 08:01 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-24 15:56 - 2014-02-24 11:06 - 00001792 _____ () C:\Windows\PFRO.log
2014-02-24 14:51 - 2014-02-24 14:51 - 00001365 _____ () C:\Users\Timothy Davis\Desktop\JRT.txt
2014-02-24 14:38 - 2014-02-24 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-02-24 14:36 - 2014-02-24 14:36 - 01037734 _____ (Thisisu) C:\Users\Timothy Davis\Desktop\JRT.exe
2014-02-24 14:13 - 2014-02-24 14:13 - 00002792 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_141352.txt
2014-02-24 13:56 - 2014-02-23 12:43 - 03818496 _____ () C:\Users\Timothy Davis\Desktop\RogueKiller.exe
2014-02-24 12:39 - 2014-02-24 12:23 - 00000000 ____D () C:\AdwCleaner
2014-02-24 12:23 - 2014-02-24 12:23 - 01241834 _____ () C:\Users\Timothy Davis\Desktop\AdwCleaner.exe
2014-02-24 12:20 - 2014-02-24 07:59 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Local\CrashDumps
2014-02-24 12:16 - 2014-02-24 12:16 - 00003337 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_D_02242014_121636.txt
2014-02-24 12:16 - 2014-02-24 12:16 - 00003264 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_121615.txt
2014-02-24 12:16 - 2014-02-23 13:25 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\RK_Quarantine
2014-02-24 11:29 - 2014-02-24 11:29 - 01153912 _____ (Emsi Software GmbH) C:\Users\Timothy Davis\Desktop\BlitzBlank.exe
2014-02-24 11:14 - 2010-01-06 11:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 11:03 - 2014-02-24 11:03 - 00022296 _____ () C:\Users\Timothy Davis\Desktop\combo.txt
2014-02-24 10:17 - 2014-02-24 10:17 - 00022296 _____ () C:\ComboFix.txt
2014-02-24 10:17 - 2014-02-24 09:22 - 00000000 ____D () C:\Qoobox
2014-02-24 10:17 - 2009-05-21 18:49 - 00000000 ____D () C:\Users\Incomplete
2014-02-24 10:17 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-02-24 10:17 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-02-24 10:13 - 2014-02-24 09:19 - 00000000 ____D () C:\Windows\erdnt
2014-02-24 10:10 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-24 10:02 - 2009-03-25 15:31 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-02-24 09:18 - 2014-02-24 09:18 - 05184582 ____R (Swearware) C:\Users\Timothy Davis\Desktop\ComboFix.exe
2014-02-24 09:18 - 2014-02-24 09:18 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\backups
2014-02-24 09:10 - 2014-02-24 09:01 - 00014950 _____ () C:\Users\Timothy Davis\Desktop\hijackthis.log
2014-02-24 08:44 - 2014-02-24 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Timothy Davis\Desktop\HijackThis.exe
2014-02-24 08:37 - 2012-01-12 00:47 - 00139888 _____ () C:\Users\Timothy Davis\.ranktracker.properties
2014-02-24 08:37 - 2012-01-12 00:35 - 00000000 ____D () C:\Users\Timothy Davis\.ranktracker
2014-02-24 08:37 - 2007-09-04 07:26 - 00000000 ____D () C:\Users\Timothy Davis
2014-02-23 13:37 - 2014-02-23 13:37 - 00003211 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02232014_133740.txt
2014-02-23 12:32 - 2014-02-23 12:32 - 00001732 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-23 12:32 - 2014-02-23 12:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-23 12:23 - 2006-11-02 05:33 - 00755430 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-22 15:36 - 2014-02-22 15:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-22 15:35 - 2014-02-22 15:35 - 00004238 _____ () C:\Windows\system32\.crusader
2014-02-22 15:06 - 2014-02-22 15:06 - 09988304 _____ (SurfRight B.V.) C:\Users\Timothy Davis\Desktop\HitmanPro.exe
2014-02-22 00:50 - 2014-02-22 00:50 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Malwarebytes
2014-02-22 00:49 - 2014-02-22 00:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-22 00:48 - 2014-02-22 00:48 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 00:48 - 2014-02-22 00:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-22 00:40 - 2014-02-22 00:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Timothy Davis\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-22 00:28 - 2014-02-21 11:20 - 00002856 _____ () C:\Windows\setupact.log
2014-02-21 11:20 - 2014-02-21 11:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 22:28 - 2012-07-22 17:25 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-20 20:14 - 2012-04-02 22:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 20:14 - 2011-06-01 01:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 17:50 - 2014-02-20 17:50 - 00028672 _____ () C:\Windows\system32\tfbns.cyc
2014-02-20 17:50 - 2014-02-20 13:55 - 00000098 _____ () C:\Windows\system32\wcyun.jff
2014-02-20 16:31 - 2014-02-20 16:31 - 00000064 _____ () C:\Windows\system32\ncae.adq
2014-02-20 16:27 - 2012-05-30 20:28 - 00000680 _____ () C:\Users\Timothy Davis\AppData\Local\d3d9caps.dat
2014-02-20 16:24 - 2014-02-20 16:13 - 00003021 _____ () C:\Users\Timothy Davis\Desktop\avgrep.txt
2014-02-20 15:59 - 2006-11-02 07:47 - 00413584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-20 15:58 - 2014-02-20 15:58 - 168079221 _____ () C:\Windows\MEMORY.DMP
2014-02-20 15:58 - 2014-02-20 15:58 - 00139136 _____ () C:\Windows\Minidump\Mini022014-01.dmp
2014-02-20 15:58 - 2009-04-01 20:07 - 00000000 ____D () C:\Windows\Minidump
2014-02-20 15:48 - 2014-02-20 15:48 - 00000000 ____D () C:\Windows\system32\bleep you
2014-02-20 13:38 - 2014-02-20 13:38 - 00102437 ____S () C:\Windows\system32\ptboayb.oog
2014-02-20 03:49 - 2014-02-05 18:10 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\402 Bass Ln
2014-02-20 02:36 - 2012-02-24 14:24 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\Web Development
2014-02-18 12:11 - 2013-09-27 01:59 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\2615 Hilliard dr
2014-02-17 10:36 - 2013-10-24 15:49 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\Virtual Assets Inc
2014-02-17 10:36 - 2013-09-19 10:32 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\Mondrian Docs
2014-02-17 01:12 - 2014-02-17 01:12 - 00001832 _____ () C:\Users\Timothy Davis\Desktop\Skype.lnk
2014-02-16 23:08 - 2011-06-15 22:37 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Real
2014-02-16 00:54 - 2014-02-16 00:54 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-15 14:35 - 2012-04-25 08:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 00:37 - 2014-02-15 00:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-07 12:38 - 2013-12-10 17:50 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\TheWaterBottleStore.com
2014-02-06 18:35 - 2011-09-22 19:05 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-03 03:01 - 2011-06-09 19:29 - 00000000 ____D () C:\ProgramData\DivX
2014-02-03 03:00 - 2011-06-09 19:29 - 00000000 ____D () C:\Program Files\DivX
2014-02-02 11:21 - 2007-09-04 11:51 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Local\Adobe
2014-02-01 00:15 - 2014-02-01 00:15 - 00000000 ____D () C:\found.006
2014-01-31 14:37 - 2013-09-11 11:44 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\1020 n Ransom 1003 w 5th
2014-01-31 03:43 - 2014-01-31 03:43 - 00000812 _____ () C:\Users\Public\Desktop\Market Samurai.lnk
2014-01-31 03:43 - 2014-01-31 03:42 - 00000000 ____D () C:\Program Files\Market Samurai
2014-01-29 16:39 - 2014-01-29 16:39 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\MarketSamurai
2014-01-29 16:28 - 2011-09-25 02:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-01-28 07:14 - 2014-01-28 07:14 - 00000111 _____ () C:\lxdx.log

Some content of TEMP:
====================
C:\Users\Timothy Davis\AppData\Local\temp\6_Offer_18.exe
C:\Users\Timothy Davis\AppData\Local\temp\DM1393266902.exe
C:\Users\Timothy Davis\AppData\Local\temp\ntdll_dump.dll
C:\Users\Timothy Davis\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2010-06-04 14:23] - [2009-04-11 01:28] - 0551424 ____A (Microsoft Corporation) 76BFEB5B0FDF0E8521C7A6AB4CBF9851

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-25 11:31

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-02-2014 01
Ran by Timothy Davis at 2014-02-25 14:36:32
Running from C:\Users\Timothy Davis\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

a shortcut to Courthouse Retrieval System (HKLM\...\Courthouse Retrieval System_is1) (Version:  - Courthouse Retrieval System, Inc.)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 10.0.0.7 - AVG Technologies)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version:  - )
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Check Printer Demo 5.7 (HKLM\...\Check Printer Home Edition Demo_is1) (Version: 5.7.0.3469 - Eftech, LLC.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{60098CE4-EB16-42D1-9FF6-923488C2AB26}) (Version:  - Microsoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
digiXMAS Submitter 3.7.3 (HKLM\...\digiXMAS Submitter_is1) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
DJ_AIO_ProductContext (Version: 82.0.203.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
F4100_Help (Version: 82.0.203.000 - Hewlett-Packard) Hidden
FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{DB07B90D-E8DA-4BB6-B984-FF5B163C6096}) (Version: 1.3.0 - HP)
HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{662A8F0D-EED2-4949-9A9F-6DF8DE38B0B8}) (Version: 1.0.17 - Hewlett-Packard)
HP LaserJet Toolbox (HKLM\...\{2E8A793D-E275-46A2-BAB3-35FB95ACED57}) (Version: 3.0.0 - Hewlett-Packard)
hppLaserJetService (Version: 001.003.000145 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (Version: 001.003.00073 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (Version: 1.0.0.2 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Image Resizer Powertoy Clone for Windows (HKLM\...\{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}) (Version: 2.1 - Brice Lambson)
iMeme 1.0 (HKLM\...\{66CA7D93-1FDD-4152-B241-42971934D8E0}_is1) (Version:  - Michael Fogleman)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.4.1.1 - Logitech)
Logitech Harmony Remote Software 7 (Version: 7.3.0.15 - Logitech) Hidden
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Market Samurai (HKLM\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.06 - Alliance Software Pty Ltd)
Market Samurai (Version: 0.93.06 - Alliance Software Pty Ltd) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Digital Image Starter Edition 2006 (HKLM\...\PictureItSuiteTrial_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 Editor (Version: 11.0.2018 - Microsoft Corporation) Hidden
Microsoft Digital Image Starter Edition 2006 Library (Version: 11.0.2018 - Microsoft Corporation) Hidden
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052B-02A4-4627-81F2-1818DA5D550D}) (Version:  - )
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
NetBeans IDE 7.0.1 (HKLM\...\nbi-nb-base-7.0.1.0.0) (Version: 7.0.1 - NetBeans.org)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Presto! PageManager 7.15.16 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Road Runner Install (HKLM\...\Road Runner Install_is1) (Version:  - Road runner)
Road Runner Medic 6.1 (HKLM\...\RoadRunnerMedic6.1_is1) (Version: 6.1.31 - )
ScanSoft OmniPage SE 4 (HKLM\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SEO PowerSuite (HKLM\...\seopowersuite) (Version:  - )
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SnagIt 8 (HKLM\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}) (Version: 2.00.0000 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0000 - Texas Instruments Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebEx (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - )

==================== Restore Points  =========================

18-02-2014 14:13:53 Scheduled Checkpoint
24-02-2014 14:23:24 ComboFix created restore point

==================== Hosts content: ==========================

2012-05-30 23:25 - 2014-02-24 10:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0D5A8C2C-BE83-4122-99BA-850B3474ABFB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {27C423C9-EA41-44F2-89A6-45F2F646AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4156E4C3-1E56-40D2-A3D2-C5C182703203} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {443DB932-7B0A-45ED-BFFE-CC01D99FD35A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3794427647-3927051111-2602980719-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {5177029B-945D-4328-9D53-E706D47648B5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {540C35D2-78B5-4AC1-9FD7-C19CC4F85A21} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {57289684-4194-4AFF-8BAC-8EAA64402BAA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3794427647-3927051111-2602980719-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {87C4DD5A-0887-4294-9A49-1F130E3A676D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3794427647-3927051111-2602980719-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8CBEA1A4-8A97-408E-B5B4-7A5F7DCB043A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06] (Google Inc.)
Task: {A47DB7CF-C6E8-4C71-9BDF-625294E10A8C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3794427647-3927051111-2602980719-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BDD6E6E5-AEA0-4B36-B9F0-11CE6C7038D2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C4E685E7-C1C4-4470-B82D-B90D0EEA96F0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3794427647-3927051111-2602980719-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CCC04D01-C094-4AAE-BF02-ED61F3D645CE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3794427647-3927051111-2602980719-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E1BC99AA-3F3D-45D5-A1C7-3451FA92BC96} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3794427647-3927051111-2602980719-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E3B2D43F-C944-4A7D-9600-72A2FF7D5344} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Timothy Davis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E714FB38-8543-440E-8F45-7368A438D935} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Maddison => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-02 14:04 - 2010-03-31 10:50 - 00167936 _____ () C:\Windows\System32\HPM1210LM.DLL
2011-06-02 14:10 - 2010-03-31 10:50 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HPM1210PP.dll
2011-06-06 13:38 - 2009-10-16 17:12 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdxdrpp.dll
2011-06-06 13:31 - 2009-10-16 17:09 - 00811008 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxptpc.dll
2011-06-06 13:31 - 2009-10-16 17:12 - 00162816 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxdrui.dll
2009-10-15 10:13 - 2009-10-15 10:13 - 00061440 _____ () C:\Program Files\HP\HPLaserJetService\HPTools.dll
2009-10-15 10:13 - 2009-10-15 10:13 - 00964096 _____ () C:\Program Files\HP\HPLaserJetService\LEDMXMLObjects.dll
2011-06-02 13:52 - 2010-04-28 10:49 - 00081920 _____ () C:\Windows\system32\mvusbews.dll
2006-11-02 05:25 - 2006-12-11 22:04 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2013-11-14 19:48 - 2013-11-14 19:48 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-11-14 19:49 - 2013-11-14 19:49 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-02-15 00:36 - 2014-02-15 00:37 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2011-06-02 14:04 - 2012-09-29 12:24 - 02396160 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\hpm1210su.dll
2011-06-02 14:04 - 2012-09-29 12:54 - 00794624 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HPM1210GC.dll
2014-02-20 20:14 - 2014-02-20 20:14 - 16265096 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk => C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Timothy Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Timothy Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Timothy Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CollaborationHost => "C:\Windows\system32\p2phost.exe" -s
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HPUsageTrackingLEDM => "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
MSCONFIG\startupreg: IAAnotif => "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: medicsp2 => "C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" /P medicsp2
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: ROC_roc_dec12 => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
MSCONFIG\startupreg: Search Protection => "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SMSERIAL => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
MSCONFIG\startupreg: Sprint SmartView => "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdSync.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: WPCUMI => C:\Windows\system32\WpcUmi.exe
MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
MSCONFIG\startupreg: YSearchProtection => "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #100
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #101
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #103
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2014 01:43:05 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\68> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/25/2014 01:43:05 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\68> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/25/2014 01:43:05 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\60> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/25/2014 01:43:05 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\60> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/25/2014 01:43:04 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\5B> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/25/2014 01:43:04 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\5B> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/25/2014 01:43:02 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\4F> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/25/2014 01:43:02 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\4F> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/25/2014 01:43:02 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\4B> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/25/2014 01:43:02 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\4B> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (02/25/2014 11:34:24 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (02/25/2014 11:24:50 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (02/25/2014 11:20:12 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/25/2014 11:18:40 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: 2147942402

Error: (02/24/2014 10:29:55 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (02/24/2014 10:28:49 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (02/24/2014 10:18:17 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (02/24/2014 10:13:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/24/2014 10:11:36 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: 2147942402

Error: (02/24/2014 05:11:18 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks


Microsoft Office Sessions:
=========================
Error: (02/25/2014 01:43:05 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\68

Error: (02/25/2014 01:43:05 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\68

Error: (02/25/2014 01:43:05 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\60

Error: (02/25/2014 01:43:05 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\60

Error: (02/25/2014 01:43:04 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\5B

Error: (02/25/2014 01:43:04 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\5B

Error: (02/25/2014 01:43:02 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\4F

Error: (02/25/2014 01:43:02 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\4F

Error: (02/25/2014 01:43:02 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\4B

Error: (02/25/2014 01:43:02 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\TIMOTHY DAVIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BBSDKGW9.DEFAULT\CACHE\4\4B


CodeIntegrity Errors:
===================================
  Date: 2014-02-25 14:33:37.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-25 14:33:35.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-25 14:33:34.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-25 14:33:32.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-25 14:33:30.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-25 14:33:28.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-25 14:33:27.261
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-25 14:33:25.706
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-24 15:28:31.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-24 15:28:29.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 89%
Total physical RAM: 2037.38 MB
Available physical RAM: 206.27 MB
Total Pagefile: 4318 MB
Available Pagefile: 1484.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:101.33 GB) (Free:28.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.46 GB) (Free:3.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: F5D4E939)

Partition: GPT Partition Type.

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 25 February 2014 - 03:10 PM

Start FRST again with administrator privileges.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When the search is finished a log file (Search.txt) is saved to the same directory FRST was run from.
    Copy and paste it in your next reply.


#7 greenlight20

greenlight20
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 25 February 2014 - 04:45 PM

Farbar Recovery Scan Tool (x86) Version: 24-02-2014 01
Ran by Timothy Davis at 2014-02-25 15:14:18
Running from C:\Users\Timothy Davis\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2010-06-04 14:23] - [2009-04-11 01:28] - 0550400 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009-04-17 17:58] - [2009-03-02 23:32] - 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2009-04-17 17:58] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2008-09-20 17:27] - [2008-01-19 02:36] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2009-04-17 17:58] - [2009-03-02 23:17] - 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5E

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009-04-17 17:58] - [2009-03-02 23:19] - 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CE

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll
[2006-11-02 03:50] - [2006-11-02 04:46] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F

C:\Windows\System32\rpcss.dll
[2010-06-04 14:23] - [2009-04-11 01:28] - 0551424 ____A (Microsoft Corporation) 76BFEB5B0FDF0E8521C7A6AB4CBF9851

=== End Of Search ===



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 25 February 2014 - 05:31 PM

The malware seems to interfere. Let's go to RE instead:


Move frst.exe to a flashdrive.
  • Plug the flashdrive into the infected PC and enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Edited by aharonov, 25 February 2014 - 05:31 PM.


#9 greenlight20

greenlight20
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 25 February 2014 - 07:42 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014 01
Ran by SYSTEM on MINWINPC on 25-02-2014 19:15:05
Running from E:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-22] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [40072 2007-05-03] (soft thinks)
HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Maddi\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-08-23] (Google Inc.)
HKU\Maddi\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Maddi\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex
HKU\Maddi\...\Policies\system: [LogonHoursAction] 2
HKU\Maddi\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Maddi\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Maddison\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKU\Maddison\...\Run: [RunSpySweeperScheduleAtStartup] - C:\Windows\system32\msfeedssync.exe [10752 2011-06-01] (Microsoft Corporation)
HKU\Maddison\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Maddison\...\Policies\system: [LogonHoursAction] 2
HKU\Maddison\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Maddison\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Timothy Davis\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Timothy Davis\...\Run: [googletalk] - C:\Users\Timothy Davis\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\Timothy Davis\...\Policies\system: [LogonHoursAction] 2
HKU\Timothy Davis\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Timothy Davis\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
GroupPolicyUsers\S-1-5-21-3794427647-3927051111-2602980719-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3794427647-3927051111-2602980719-1001\User: Group Policy restriction detected <======= ATTENTION

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
S3 CASprint; C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe [124160 2008-10-15] (PCTEL)
S3 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S3 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-02-23] (SurfRight B.V.)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP)
S2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
S2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [589824 2009-10-16] ( )
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 SprintRcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [111872 2008-10-15] (PCTEL)
S2 sprtsvc_medicsp2; C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [202280 2007-03-07] (SupportSoft, Inc.)
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-31] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-01] (Intel Corporation)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-09-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-09] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2010-04-28] ()
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-01] (Intel® Corporation)
S3 Nmea; C:\Windows\System32\DRIVERS\pctnullport.sys [38680 2008-10-15] (PCTEL Inc.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2008-10-15] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32408 2008-10-15] (PCTEL Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation                           )
S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [649216 2007-01-02] (SigmaTel, Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [24840 2008-10-15] ()
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S3 catchme; \??\C:\Users\TIMOTH~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-25 12:14 - 2014-02-25 12:31 - 00002056 _____ () C:\Users\Timothy Davis\Desktop\Search.txt
2014-02-25 11:36 - 2014-02-25 11:39 - 00038899 _____ () C:\Users\Timothy Davis\Desktop\Addition.txt
2014-02-25 11:31 - 2014-02-25 11:39 - 00049484 _____ () C:\Users\Timothy Davis\Desktop\FRST.txt
2014-02-25 11:28 - 2014-02-25 11:39 - 00000000 ____D () C:\FRST
2014-02-25 11:26 - 2014-02-25 11:26 - 01144320 _____ (Farbar) C:\Users\Timothy Davis\Desktop\FRST.exe
2014-02-25 09:43 - 2014-02-25 09:44 - 00015840 _____ () C:\Users\Timothy Davis\Desktop\dds.txt
2014-02-25 09:43 - 2014-02-25 09:44 - 00006872 _____ () C:\Users\Timothy Davis\Desktop\attach.txt
2014-02-25 09:29 - 2014-02-25 09:30 - 00688992 ____R (Swearware) C:\Users\Timothy Davis\Desktop\dds.com
2014-02-24 11:51 - 2014-02-24 11:51 - 00001365 _____ () C:\Users\Timothy Davis\Desktop\JRT.txt
2014-02-24 11:38 - 2014-02-24 11:38 - 00000000 ____D () C:\Windows\ERUNT
2014-02-24 11:36 - 2014-02-24 11:36 - 01037734 _____ (Thisisu) C:\Users\Timothy Davis\Desktop\JRT.exe
2014-02-24 11:13 - 2014-02-24 11:13 - 00002792 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_141352.txt
2014-02-24 09:23 - 2014-02-24 09:39 - 00000000 ____D () C:\AdwCleaner
2014-02-24 09:23 - 2014-02-24 09:23 - 01241834 _____ () C:\Users\Timothy Davis\Desktop\AdwCleaner.exe
2014-02-24 09:16 - 2014-02-24 09:16 - 00003337 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_D_02242014_121636.txt
2014-02-24 09:16 - 2014-02-24 09:16 - 00003264 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_121615.txt
2014-02-24 08:29 - 2014-02-24 08:29 - 01153912 _____ (Emsi Software GmbH) C:\Users\Timothy Davis\Desktop\BlitzBlank.exe
2014-02-24 08:06 - 2014-02-24 12:56 - 00001792 _____ () C:\Windows\PFRO.log
2014-02-24 08:03 - 2014-02-24 08:03 - 00022296 _____ () C:\Users\Timothy Davis\Desktop\combo.txt
2014-02-24 07:17 - 2014-02-24 07:17 - 00022296 _____ () C:\ComboFix.txt
2014-02-24 06:22 - 2014-02-24 07:17 - 00000000 ____D () C:\Qoobox
2014-02-24 06:22 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-24 06:22 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-24 06:22 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-24 06:22 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-24 06:22 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-24 06:22 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-24 06:22 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-24 06:22 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-24 06:19 - 2014-02-24 07:13 - 00000000 ____D () C:\Windows\erdnt
2014-02-24 06:18 - 2014-02-24 06:18 - 05184582 ____R (Swearware) C:\Users\Timothy Davis\Desktop\ComboFix.exe
2014-02-24 06:18 - 2014-02-24 06:18 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\backups
2014-02-24 06:08 - 2014-02-24 06:08 - 00004204 _____ () C:\Users\Public\Documents\cc_20140224_090828.reg
2014-02-24 06:08 - 2014-02-24 06:08 - 00004204 _____ () C:\ProgramData\Documents\cc_20140224_090828.reg
2014-02-24 06:01 - 2014-02-24 06:10 - 00014950 _____ () C:\Users\Timothy Davis\Desktop\hijackthis.log
2014-02-24 05:44 - 2014-02-24 05:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Timothy Davis\Desktop\HijackThis.exe
2014-02-24 04:59 - 2014-02-24 09:20 - 00000000 ____D () C:\Users\Timothy Davis\Local Settings\Application Data\CrashDumps
2014-02-24 04:59 - 2014-02-24 09:20 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Local\CrashDumps
2014-02-23 10:37 - 2014-02-23 10:37 - 00003211 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02232014_133740.txt
2014-02-23 10:25 - 2014-02-24 09:16 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\RK_Quarantine
2014-02-23 09:43 - 2014-02-24 10:56 - 03818496 _____ () C:\Users\Timothy Davis\Desktop\RogueKiller.exe
2014-02-23 09:32 - 2014-02-23 09:32 - 00001732 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-23 09:32 - 2014-02-23 09:32 - 00001732 _____ () C:\ProgramData\Desktop\HitmanPro.lnk
2014-02-23 09:32 - 2014-02-23 09:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-22 12:35 - 2014-02-22 12:35 - 00004238 _____ () C:\Windows\System32\.crusader
2014-02-22 12:08 - 2014-02-22 12:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-22 12:06 - 2014-02-22 12:06 - 09988304 _____ (SurfRight B.V.) C:\Users\Timothy Davis\Desktop\HitmanPro.exe
2014-02-21 21:50 - 2014-02-21 21:50 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Malwarebytes
2014-02-21 21:48 - 2014-02-21 21:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 21:48 - 2014-02-21 21:48 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 21:48 - 2014-02-21 21:48 - 00000906 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 21:48 - 2014-02-21 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 21:48 - 2013-04-04 11:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-02-21 21:40 - 2014-02-21 21:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Timothy Davis\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-21 08:20 - 2014-02-25 16:05 - 00003570 _____ () C:\Windows\setupact.log
2014-02-21 08:20 - 2014-02-21 08:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 14:51 - 2014-02-25 15:23 - 00000078 _____ () C:\Windows\System32\eler.yvj
2014-02-20 14:50 - 2014-02-20 14:50 - 00028672 _____ () C:\Windows\System32\tfbns.cyc
2014-02-20 13:31 - 2014-02-25 16:09 - 00196608 _____ () C:\Windows\System32\Ikeext.etl
2014-02-20 13:31 - 2014-02-20 13:31 - 00000064 _____ () C:\Windows\System32\ncae.adq
2014-02-20 13:13 - 2014-02-20 13:24 - 00003021 _____ () C:\Users\Timothy Davis\Desktop\avgrep.txt
2014-02-20 12:58 - 2014-02-20 12:58 - 168079221 _____ () C:\Windows\MEMORY.DMP
2014-02-20 12:58 - 2014-02-20 12:58 - 00139136 _____ () C:\Windows\Minidump\Mini022014-01.dmp
2014-02-20 12:48 - 2014-02-20 12:48 - 00000000 ____D () C:\Windows\System32\bleep you
2014-02-20 10:55 - 2014-02-20 14:50 - 00000098 _____ () C:\Windows\System32\wcyun.jff
2014-02-20 10:38 - 2014-02-20 10:38 - 00102437 ____S () C:\Windows\System32\ptboayb.oog
2014-02-16 22:12 - 2014-02-16 22:12 - 00001832 _____ () C:\Users\Timothy Davis\Desktop\Skype.lnk
2014-02-15 21:54 - 2014-02-15 21:54 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-15 21:54 - 2014-02-15 21:54 - 00000842 _____ () C:\ProgramData\Desktop\AVG 2014.lnk
2014-02-14 21:36 - 2014-02-14 21:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-05 15:10 - 2014-02-20 00:49 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\402 Bass Ln
2014-01-31 21:15 - 2014-01-31 21:15 - 00000000 ____D () C:\found.006
2014-01-31 00:43 - 2014-01-31 00:43 - 00000812 _____ () C:\Users\Public\Desktop\Market Samurai.lnk
2014-01-31 00:43 - 2014-01-31 00:43 - 00000812 _____ () C:\ProgramData\Desktop\Market Samurai.lnk
2014-01-31 00:42 - 2014-01-31 00:43 - 00000000 ____D () C:\Program Files\Market Samurai
2014-01-29 13:39 - 2014-01-29 13:39 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\MarketSamurai
2014-01-28 04:14 - 2014-01-28 04:14 - 00000111 _____ () C:\lxdx.log

==================== One Month Modified Files and Folders =======

2014-02-25 16:10 - 2006-11-02 04:47 - 00003168 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 16:10 - 2006-11-02 04:47 - 00003168 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 16:09 - 2014-02-20 13:31 - 00196608 _____ () C:\Windows\System32\Ikeext.etl
2014-02-25 16:08 - 2012-11-01 05:34 - 01961788 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 16:08 - 2006-11-02 02:33 - 00755430 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-25 16:05 - 2014-02-21 08:20 - 00003570 _____ () C:\Windows\setupact.log
2014-02-25 15:46 - 2011-09-19 07:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-25 15:23 - 2014-02-20 14:51 - 00000078 _____ () C:\Windows\System32\eler.yvj
2014-02-25 12:31 - 2014-02-25 12:14 - 00002056 _____ () C:\Users\Timothy Davis\Desktop\Search.txt
2014-02-25 11:39 - 2014-02-25 11:36 - 00038899 _____ () C:\Users\Timothy Davis\Desktop\Addition.txt
2014-02-25 11:39 - 2014-02-25 11:31 - 00049484 _____ () C:\Users\Timothy Davis\Desktop\FRST.txt
2014-02-25 11:39 - 2014-02-25 11:28 - 00000000 ____D () C:\FRST
2014-02-25 11:26 - 2014-02-25 11:26 - 01144320 _____ (Farbar) C:\Users\Timothy Davis\Desktop\FRST.exe
2014-02-25 09:44 - 2014-02-25 09:43 - 00015840 _____ () C:\Users\Timothy Davis\Desktop\dds.txt
2014-02-25 09:44 - 2014-02-25 09:43 - 00006872 _____ () C:\Users\Timothy Davis\Desktop\attach.txt
2014-02-25 09:30 - 2014-02-25 09:29 - 00688992 ____R (Swearware) C:\Users\Timothy Davis\Desktop\dds.com
2014-02-25 08:26 - 2011-09-22 16:04 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Dropbox
2014-02-25 08:26 - 2011-09-21 09:55 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Skype
2014-02-25 08:25 - 2011-09-22 16:08 - 00000000 ___RD () C:\Users\Timothy Davis\Desktop\Dropbox
2014-02-24 12:56 - 2014-02-24 08:06 - 00001792 _____ () C:\Windows\PFRO.log
2014-02-24 11:51 - 2014-02-24 11:51 - 00001365 _____ () C:\Users\Timothy Davis\Desktop\JRT.txt
2014-02-24 11:38 - 2014-02-24 11:38 - 00000000 ____D () C:\Windows\ERUNT
2014-02-24 11:36 - 2014-02-24 11:36 - 01037734 _____ (Thisisu) C:\Users\Timothy Davis\Desktop\JRT.exe
2014-02-24 11:13 - 2014-02-24 11:13 - 00002792 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_141352.txt
2014-02-24 10:56 - 2014-02-23 09:43 - 03818496 _____ () C:\Users\Timothy Davis\Desktop\RogueKiller.exe
2014-02-24 09:39 - 2014-02-24 09:23 - 00000000 ____D () C:\AdwCleaner
2014-02-24 09:23 - 2014-02-24 09:23 - 01241834 _____ () C:\Users\Timothy Davis\Desktop\AdwCleaner.exe
2014-02-24 09:20 - 2014-02-24 04:59 - 00000000 ____D () C:\Users\Timothy Davis\Local Settings\Application Data\CrashDumps
2014-02-24 09:20 - 2014-02-24 04:59 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Local\CrashDumps
2014-02-24 09:16 - 2014-02-24 09:16 - 00003337 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_D_02242014_121636.txt
2014-02-24 09:16 - 2014-02-24 09:16 - 00003264 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_121615.txt
2014-02-24 09:16 - 2014-02-23 10:25 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\RK_Quarantine
2014-02-24 08:29 - 2014-02-24 08:29 - 01153912 _____ (Emsi Software GmbH) C:\Users\Timothy Davis\Desktop\BlitzBlank.exe
2014-02-24 08:03 - 2014-02-24 08:03 - 00022296 _____ () C:\Users\Timothy Davis\Desktop\combo.txt
2014-02-24 07:17 - 2014-02-24 07:17 - 00022296 _____ () C:\ComboFix.txt
2014-02-24 07:17 - 2014-02-24 06:22 - 00000000 ____D () C:\Qoobox
2014-02-24 07:17 - 2009-05-21 15:49 - 00000000 ____D () C:\users\Incomplete
2014-02-24 07:17 - 2006-11-02 03:18 - 00000000 __RHD () C:\users\Default
2014-02-24 07:17 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public
2014-02-24 07:13 - 2014-02-24 06:19 - 00000000 ____D () C:\Windows\erdnt
2014-02-24 07:10 - 2006-11-02 02:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-24 06:18 - 2014-02-24 06:18 - 05184582 ____R (Swearware) C:\Users\Timothy Davis\Desktop\ComboFix.exe
2014-02-24 06:18 - 2014-02-24 06:18 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\backups
2014-02-24 06:10 - 2014-02-24 06:01 - 00014950 _____ () C:\Users\Timothy Davis\Desktop\hijackthis.log
2014-02-24 06:08 - 2014-02-24 06:08 - 00004204 _____ () C:\Users\Public\Documents\cc_20140224_090828.reg
2014-02-24 06:08 - 2014-02-24 06:08 - 00004204 _____ () C:\ProgramData\Documents\cc_20140224_090828.reg
2014-02-24 05:44 - 2014-02-24 05:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Timothy Davis\Desktop\HijackThis.exe
2014-02-24 05:37 - 2012-01-11 21:47 - 00139888 _____ () C:\Users\Timothy Davis\.ranktracker.properties
2014-02-24 05:37 - 2012-01-11 21:35 - 00000000 ____D () C:\Users\Timothy Davis\.ranktracker
2014-02-24 05:37 - 2007-09-04 04:26 - 00000000 ____D () C:\users\Timothy Davis
2014-02-23 10:37 - 2014-02-23 10:37 - 00003211 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02232014_133740.txt
2014-02-23 09:32 - 2014-02-23 09:32 - 00001732 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-23 09:32 - 2014-02-23 09:32 - 00001732 _____ () C:\ProgramData\Desktop\HitmanPro.lnk
2014-02-23 09:32 - 2014-02-23 09:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-22 12:36 - 2014-02-22 12:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-22 12:35 - 2014-02-22 12:35 - 00004238 _____ () C:\Windows\System32\.crusader
2014-02-22 12:06 - 2014-02-22 12:06 - 09988304 _____ (SurfRight B.V.) C:\Users\Timothy Davis\Desktop\HitmanPro.exe
2014-02-21 21:50 - 2014-02-21 21:50 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Malwarebytes
2014-02-21 21:49 - 2014-02-21 21:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 21:48 - 2014-02-21 21:48 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 21:48 - 2014-02-21 21:48 - 00000906 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-21 21:48 - 2014-02-21 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 21:40 - 2014-02-21 21:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Timothy Davis\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-21 08:20 - 2014-02-21 08:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 19:28 - 2012-07-22 14:25 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-20 19:28 - 2012-07-22 14:25 - 00001971 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-02-20 17:14 - 2012-04-02 19:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-02-20 17:14 - 2011-05-31 22:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-02-20 14:50 - 2014-02-20 14:50 - 00028672 _____ () C:\Windows\System32\tfbns.cyc
2014-02-20 14:50 - 2014-02-20 10:55 - 00000098 _____ () C:\Windows\System32\wcyun.jff
2014-02-20 13:31 - 2014-02-20 13:31 - 00000064 _____ () C:\Windows\System32\ncae.adq
2014-02-20 13:27 - 2012-05-30 17:28 - 00000680 _____ () C:\Users\Timothy Davis\Local Settings\Application Data\d3d9caps.dat
2014-02-20 13:27 - 2012-05-30 17:28 - 00000680 _____ () C:\Users\Timothy Davis\AppData\Local\d3d9caps.dat
2014-02-20 13:24 - 2014-02-20 13:13 - 00003021 _____ () C:\Users\Timothy Davis\Desktop\avgrep.txt
2014-02-20 12:59 - 2006-11-02 04:47 - 00413584 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-02-20 12:58 - 2014-02-20 12:58 - 168079221 _____ () C:\Windows\MEMORY.DMP
2014-02-20 12:58 - 2014-02-20 12:58 - 00139136 _____ () C:\Windows\Minidump\Mini022014-01.dmp
2014-02-20 12:58 - 2009-04-01 17:07 - 00000000 ____D () C:\Windows\Minidump
2014-02-20 12:48 - 2014-02-20 12:48 - 00000000 ____D () C:\Windows\System32\bleep you
2014-02-20 10:38 - 2014-02-20 10:38 - 00102437 ____S () C:\Windows\System32\ptboayb.oog
2014-02-20 00:49 - 2014-02-05 15:10 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\402 Bass Ln
2014-02-19 23:36 - 2012-02-24 11:24 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\Web Development
2014-02-18 09:11 - 2013-09-26 22:59 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\2615 Hilliard dr
2014-02-17 07:36 - 2013-10-24 12:49 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\Virtual Assets Inc
2014-02-17 07:36 - 2013-09-19 07:32 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\Mondrian Docs
2014-02-16 22:12 - 2014-02-16 22:12 - 00001832 _____ () C:\Users\Timothy Davis\Desktop\Skype.lnk
2014-02-16 20:08 - 2011-06-15 19:37 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Real
2014-02-15 21:54 - 2014-02-15 21:54 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-15 21:54 - 2014-02-15 21:54 - 00000842 _____ () C:\ProgramData\Desktop\AVG 2014.lnk
2014-02-15 11:35 - 2012-04-25 05:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-14 21:37 - 2014-02-14 21:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-07 09:38 - 2013-12-10 14:50 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\TheWaterBottleStore.com
2014-02-03 00:01 - 2011-06-09 16:29 - 00000000 ____D () C:\ProgramData\DivX
2014-02-03 00:00 - 2011-06-09 16:29 - 00000000 ____D () C:\Program Files\DivX
2014-02-02 08:21 - 2007-09-04 08:51 - 00000000 ____D () C:\Users\Timothy Davis\Local Settings\Application Data\Adobe
2014-02-02 08:21 - 2007-09-04 08:51 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Local\Adobe
2014-01-31 21:15 - 2014-01-31 21:15 - 00000000 ____D () C:\found.006
2014-01-31 11:37 - 2013-09-11 08:44 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\1020 n Ransom 1003 w 5th
2014-01-31 00:43 - 2014-01-31 00:43 - 00000812 _____ () C:\Users\Public\Desktop\Market Samurai.lnk
2014-01-31 00:43 - 2014-01-31 00:43 - 00000812 _____ () C:\ProgramData\Desktop\Market Samurai.lnk
2014-01-31 00:43 - 2014-01-31 00:42 - 00000000 ____D () C:\Program Files\Market Samurai
2014-01-29 13:39 - 2014-01-29 13:39 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\MarketSamurai
2014-01-29 13:28 - 2011-09-24 23:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-01-28 04:14 - 2014-01-28 04:14 - 00000111 _____ () C:\lxdx.log

Some content of TEMP:
====================
C:\Users\Timothy Davis\AppData\Local\Temp\6_Offer_18.exe
C:\Users\Timothy Davis\AppData\Local\Temp\DM1393266902.exe
C:\Users\Timothy Davis\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Timothy Davis\AppData\Local\Temp\Quarantine.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-06-04 11:23] - [2009-04-10 22:28] - 0551424 ____A (Microsoft Corporation) 76BFEB5B0FDF0E8521C7A6AB4CBF9851

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-18 06:14:18
Restore point made on: 2014-02-24 06:25:07

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 2037.5 MB
Available physical RAM: 1739.43 MB
Total Pagefile: 1969.38 MB
Available Pagefile: 1834.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:101.33 GB) (Free:28.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (USB DISK) (Removable) (Total:7.27 GB) (Free:7.27 GB) FAT32
Drive x: (RECOVERY) (Fixed) (Total:10.46 GB) (Free:3.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: F5D4E939)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 2C6B7369)
No partition Table on disk 1.


LastRegBack: 2014-02-25 08:31

==================== End Of Log ============================



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 26 February 2014 - 04:02 AM

Good. Now let's do the same search again, but this time in RE:


Start your computer in the System Recovery Options again and open FRST.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When the search is finished a log file (Search.txt) is save on your flash drive.
    Copy and paste it in your next reply.


#11 greenlight20

greenlight20
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 26 February 2014 - 03:12 PM

Farbar Recovery Scan Tool (x86) Version: 24-02-2014 01
Ran by SYSTEM at 2014-02-26 14:32:56
Running from E:\
Boot Mode: Recovery

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2010-06-04 11:23] - [2009-04-10 22:28] - 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009-04-17 14:58] - [2009-03-02 20:32] - 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2009-04-17 14:58] - [2009-03-02 20:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2008-09-20 14:27] - [2008-01-18 23:36] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2009-04-17 14:58] - [2009-03-02 20:17] - 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5E

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009-04-17 14:58] - [2009-03-02 20:19] - 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CE

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F

C:\Windows\System32\rpcss.dll
[2010-06-04 11:23] - [2009-04-10 22:28] - 0551424 ____A (Microsoft Corporation) 76BFEB5B0FDF0E8521C7A6AB4CBF9851

X:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F

X:\Windows\System32\rpcss.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F

=== End Of Search ===



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 26 February 2014 - 03:20 PM

Great. Now we can kill it.


Step 1

Please download this attached Attached File  fixlist.txt   684bytes   3 downloads and save it on the same flash drive as FRST.

  • Plug in the flash drive to the infected computer, enter the System Recovery Options and open FRST.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) is saved on the flash drive.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Start your computer back in normal mode. Move FRST from your flash drive to the Desktop again.
Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#13 greenlight20

greenlight20
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 26 February 2014 - 03:56 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-02-2014 01
Ran by SYSTEM at 2014-02-26 15:38:10 Run:1
Running from E:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
2014-02-20 14:51 - 2014-02-25 15:23 - 00000078 _____ () C:\Windows\System32\eler.yvj
2014-02-20 14:50 - 2014-02-20 14:50 - 00028672 _____ () C:\Windows\System32\tfbns.cyc
2014-02-20 13:31 - 2014-02-25 16:09 - 00196608 _____ () C:\Windows\System32\Ikeext.etl
2014-02-20 13:31 - 2014-02-20 13:31 - 00000064 _____ () C:\Windows\System32\ncae.adq
2014-02-20 10:55 - 2014-02-20 14:50 - 00000098 _____ () C:\Windows\System32\wcyun.jff
2014-02-20 10:38 - 2014-02-20 10:38 - 00102437 ____S () C:\Windows\System32\ptboayb.oog
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll C:\Windows\System32\rpcss.dll
*****************

C:\Windows\System32\eler.yvj => Moved successfully.
C:\Windows\System32\tfbns.cyc => Moved successfully.
C:\Windows\System32\Ikeext.etl => Moved successfully.
C:\Windows\System32\ncae.adq => Moved successfully.
C:\Windows\System32\wcyun.jff => Moved successfully.
C:\Windows\System32\ptboayb.oog => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

==== End of Fixlog ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 01
Ran by Timothy Davis (administrator) on SCOTTPATTERSON on 26-02-2014 15:47:45
Running from C:\Users\Timothy Davis\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
( ) C:\Windows\system32\lxdxcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SupportSoft, Inc.) C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Dropbox, Inc.) C:\Users\Timothy Davis\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll",DllRegisterServer
HKLM\...\Runonce: [B Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] - "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [40072 2007-05-03] (soft thinks)
HKU\S-1-5-21-3794427647-3927051111-2602980719-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3794427647-3927051111-2602980719-1000\...\Run: [googletalk] - C:\Users\Timothy Davis\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-3794427647-3927051111-2602980719-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3794427647-3927051111-2602980719-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3794427647-3927051111-2602980719-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Timothy Davis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3794427647-3927051111-2602980719-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3794427647-3927051111-2602980719-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {F597B92D-1F5B-4CBA-B315-A68A99D761D5} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll (Gateway Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default
FF Homepage: ww.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Timothy Davis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Timothy Davis\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-02-18]
FF Extension: ReImage Helper - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\bbrs_006@blabbers.com [2012-05-30]
FF Extension: Xmarks - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\foxmarks@kei.com [2014-01-11]
FF Extension: Wappalyzer - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\wappalyzer@crunchlabz.com [2014-02-11]
FF Extension: Google Toolbar for Firefox - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-01]
FF Extension: Autofill Forms - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\autofillForms@blueimp.net.xpi [2011-11-08]
FF Extension: DT Whois - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\beysim@beysim.net.xpi [2011-12-28]
FF Extension: Cache Status - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\cache@status.org.xpi [2011-08-21]
FF Extension: Ghostery - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\firefox@ghostery.com.xpi [2014-01-02]
FF Extension: RankChecker - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\rankchecker@seobook.com.xpi [2011-09-17]
FF Extension: Seo Toolbar - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\seotoolbar@seobook.com.xpi [2011-07-04]
FF Extension: FastestFox - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\smarterwiki@wikiatic.com.xpi [2011-06-01]
FF Extension: MozBar - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\toolbar@seomoz.org.xpi [2011-06-01]
FF Extension: X-notifier - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-03-16]
FF Extension: New Tab Homepage - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2011-11-08]
FF Extension: googlebar - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}.xpi [2011-08-08]
FF Extension: NoScript - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-01]
FF Extension: Googlebar Lite - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2011-11-08]
FF Extension: FireFTP - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-09-08]
FF Extension: Interclue - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\Firefox\Profiles\bbsdkgw9.default\Extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi [2011-06-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-12]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (         "name": "",) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\chromeNPAPI.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Timothy Davis\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U6) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.60.24) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (Mozbar) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2013-04-20]
CHR Extension: (PageRank Status) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2013-09-26]
CHR Extension: (RealDownloader) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-12]
CHR Extension: (Skype Click to Call) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-01-28]
CHR Extension: (Google Wallet) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (SEO for Chrome) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2013-04-20]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-06-09]
CHR Extension: (Majestic SEO Backlink Analyzer) - C:\Users\Timothy Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2013-04-20]
CHR HKLM\...\Chrome\Extension: [gmdfpnpdmnjaffhcdbobdjpolhpacaem] - C:\Program Files\ReImageCompanion\blabbers-ch.crx [2013-04-20]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
S3 CASprint; C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe [124160 2008-10-15] (PCTEL)
S3 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S3 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-02-23] (SurfRight B.V.)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP)
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [589824 2009-10-16] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 SprintRcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [111872 2008-10-15] (PCTEL)
R2 sprtsvc_medicsp2; C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [202280 2007-03-07] (SupportSoft, Inc.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2010-04-28] ()
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 Nmea; C:\Windows\System32\DRIVERS\pctnullport.sys [38680 2008-10-15] (PCTEL Inc.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2008-10-15] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32408 2008-10-15] (PCTEL Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation                           )
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [649216 2007-01-02] (SigmaTel, Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [24840 2008-10-15] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 catchme; \??\C:\Users\TIMOTH~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 15:47 - 2014-02-26 15:47 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\FRST-OlderVersion
2014-02-26 15:41 - 2014-02-26 15:41 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-26 15:17 - 2014-02-26 15:17 - 00143544 _____ () C:\Windows\Minidump\Mini022614-01.dmp
2014-02-25 15:14 - 2014-02-25 15:31 - 00002056 _____ () C:\Users\Timothy Davis\Desktop\Search.txt
2014-02-25 14:36 - 2014-02-25 14:39 - 00038899 _____ () C:\Users\Timothy Davis\Desktop\Addition.txt
2014-02-25 14:31 - 2014-02-26 15:47 - 00031177 _____ () C:\Users\Timothy Davis\Desktop\FRST.txt
2014-02-25 14:28 - 2014-02-26 15:47 - 00000000 ____D () C:\FRST
2014-02-25 14:26 - 2014-02-26 15:47 - 01143808 _____ (Farbar) C:\Users\Timothy Davis\Desktop\FRST.exe
2014-02-25 12:43 - 2014-02-25 12:44 - 00015840 _____ () C:\Users\Timothy Davis\Desktop\dds.txt
2014-02-25 12:43 - 2014-02-25 12:44 - 00006872 _____ () C:\Users\Timothy Davis\Desktop\attach.txt
2014-02-25 12:29 - 2014-02-25 12:30 - 00688992 ____R (Swearware) C:\Users\Timothy Davis\Desktop\dds.com
2014-02-24 14:51 - 2014-02-24 14:51 - 00001365 _____ () C:\Users\Timothy Davis\Desktop\JRT.txt
2014-02-24 14:38 - 2014-02-24 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-02-24 14:36 - 2014-02-24 14:36 - 01037734 _____ (Thisisu) C:\Users\Timothy Davis\Desktop\JRT.exe
2014-02-24 14:13 - 2014-02-24 14:13 - 00002792 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_141352.txt
2014-02-24 12:23 - 2014-02-24 12:39 - 00000000 ____D () C:\AdwCleaner
2014-02-24 12:23 - 2014-02-24 12:23 - 01241834 _____ () C:\Users\Timothy Davis\Desktop\AdwCleaner.exe
2014-02-24 12:16 - 2014-02-24 12:16 - 00003337 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_D_02242014_121636.txt
2014-02-24 12:16 - 2014-02-24 12:16 - 00003264 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_121615.txt
2014-02-24 11:29 - 2014-02-24 11:29 - 01153912 _____ (Emsi Software GmbH) C:\Users\Timothy Davis\Desktop\BlitzBlank.exe
2014-02-24 11:06 - 2014-02-24 15:56 - 00001792 _____ () C:\Windows\PFRO.log
2014-02-24 11:03 - 2014-02-24 11:03 - 00022296 _____ () C:\Users\Timothy Davis\Desktop\combo.txt
2014-02-24 10:17 - 2014-02-24 10:17 - 00022296 _____ () C:\ComboFix.txt
2014-02-24 09:22 - 2014-02-24 10:17 - 00000000 ____D () C:\Qoobox
2014-02-24 09:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-24 09:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-24 09:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-24 09:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-24 09:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-24 09:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-24 09:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-24 09:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-24 09:19 - 2014-02-24 10:13 - 00000000 ____D () C:\Windows\erdnt
2014-02-24 09:18 - 2014-02-24 09:18 - 05184582 ____R (Swearware) C:\Users\Timothy Davis\Desktop\ComboFix.exe
2014-02-24 09:18 - 2014-02-24 09:18 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\backups
2014-02-24 09:01 - 2014-02-24 09:10 - 00014950 _____ () C:\Users\Timothy Davis\Desktop\hijackthis.log
2014-02-24 08:44 - 2014-02-24 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Timothy Davis\Desktop\HijackThis.exe
2014-02-24 07:59 - 2014-02-26 10:16 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Local\CrashDumps
2014-02-23 13:37 - 2014-02-23 13:37 - 00003211 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02232014_133740.txt
2014-02-23 13:25 - 2014-02-24 12:16 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\RK_Quarantine
2014-02-23 12:43 - 2014-02-24 13:56 - 03818496 _____ () C:\Users\Timothy Davis\Desktop\RogueKiller.exe
2014-02-23 12:32 - 2014-02-23 12:32 - 00001732 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-23 12:32 - 2014-02-23 12:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-22 15:35 - 2014-02-22 15:35 - 00004238 _____ () C:\Windows\system32\.crusader
2014-02-22 15:08 - 2014-02-22 15:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-22 15:06 - 2014-02-22 15:06 - 09988304 _____ (SurfRight B.V.) C:\Users\Timothy Davis\Desktop\HitmanPro.exe
2014-02-22 00:50 - 2014-02-22 00:50 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Malwarebytes
2014-02-22 00:48 - 2014-02-22 00:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-22 00:48 - 2014-02-22 00:48 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 00:48 - 2014-02-22 00:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-22 00:48 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-22 00:40 - 2014-02-22 00:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Timothy Davis\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-21 11:20 - 2014-02-25 19:05 - 00003570 _____ () C:\Windows\setupact.log
2014-02-21 11:20 - 2014-02-21 11:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 16:13 - 2014-02-20 16:24 - 00003021 _____ () C:\Users\Timothy Davis\Desktop\avgrep.txt
2014-02-20 15:58 - 2014-02-26 15:16 - 206101869 _____ () C:\Windows\MEMORY.DMP
2014-02-20 15:58 - 2014-02-20 15:58 - 00139136 _____ () C:\Windows\Minidump\Mini022014-01.dmp
2014-02-20 15:48 - 2014-02-20 15:48 - 00000000 ____D () C:\Windows\system32\bleep you
2014-02-17 01:12 - 2014-02-17 01:12 - 00001832 _____ () C:\Users\Timothy Davis\Desktop\Skype.lnk
2014-02-16 00:54 - 2014-02-16 00:54 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-15 00:36 - 2014-02-15 00:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-05 18:10 - 2014-02-20 03:49 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\402 Bass Ln
2014-02-01 00:15 - 2014-02-01 00:15 - 00000000 ____D () C:\found.006
2014-01-31 03:43 - 2014-01-31 03:43 - 00000812 _____ () C:\Users\Public\Desktop\Market Samurai.lnk
2014-01-31 03:42 - 2014-01-31 03:43 - 00000000 ____D () C:\Program Files\Market Samurai
2014-01-29 16:39 - 2014-01-29 16:39 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\MarketSamurai
2014-01-28 07:14 - 2014-01-28 07:14 - 00000111 _____ () C:\lxdx.log

==================== One Month Modified Files and Folders =======

2014-02-26 15:50 - 2014-02-25 14:31 - 00031177 _____ () C:\Users\Timothy Davis\Desktop\FRST.txt
2014-02-26 15:47 - 2014-02-26 15:47 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\FRST-OlderVersion
2014-02-26 15:47 - 2014-02-25 14:28 - 00000000 ____D () C:\FRST
2014-02-26 15:47 - 2014-02-25 14:26 - 01143808 _____ (Farbar) C:\Users\Timothy Davis\Desktop\FRST.exe
2014-02-26 15:47 - 2011-09-22 19:08 - 00000000 ___RD () C:\Users\Timothy Davis\Desktop\Dropbox
2014-02-26 15:47 - 2011-09-22 19:04 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Dropbox
2014-02-26 15:47 - 2011-09-21 12:55 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Skype
2014-02-26 15:43 - 2010-01-06 11:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 15:41 - 2014-02-26 15:41 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-26 15:41 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 15:41 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 15:41 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 15:33 - 2006-11-02 08:01 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 15:32 - 2012-11-01 08:34 - 01983117 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 15:17 - 2014-02-26 15:17 - 00143544 _____ () C:\Windows\Minidump\Mini022614-01.dmp
2014-02-26 15:17 - 2009-04-01 20:07 - 00000000 ____D () C:\Windows\Minidump
2014-02-26 15:16 - 2014-02-20 15:58 - 206101869 _____ () C:\Windows\MEMORY.DMP
2014-02-26 15:14 - 2012-04-02 22:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 14:57 - 2006-11-02 05:33 - 00755430 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 10:16 - 2014-02-24 07:59 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Local\CrashDumps
2014-02-26 10:07 - 2011-09-19 10:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-25 19:05 - 2014-02-21 11:20 - 00003570 _____ () C:\Windows\setupact.log
2014-02-25 15:31 - 2014-02-25 15:14 - 00002056 _____ () C:\Users\Timothy Davis\Desktop\Search.txt
2014-02-25 14:39 - 2014-02-25 14:36 - 00038899 _____ () C:\Users\Timothy Davis\Desktop\Addition.txt
2014-02-25 12:44 - 2014-02-25 12:43 - 00015840 _____ () C:\Users\Timothy Davis\Desktop\dds.txt
2014-02-25 12:44 - 2014-02-25 12:43 - 00006872 _____ () C:\Users\Timothy Davis\Desktop\attach.txt
2014-02-25 12:30 - 2014-02-25 12:29 - 00688992 ____R (Swearware) C:\Users\Timothy Davis\Desktop\dds.com
2014-02-24 15:56 - 2014-02-24 11:06 - 00001792 _____ () C:\Windows\PFRO.log
2014-02-24 14:51 - 2014-02-24 14:51 - 00001365 _____ () C:\Users\Timothy Davis\Desktop\JRT.txt
2014-02-24 14:38 - 2014-02-24 14:38 - 00000000 ____D () C:\Windows\ERUNT
2014-02-24 14:36 - 2014-02-24 14:36 - 01037734 _____ (Thisisu) C:\Users\Timothy Davis\Desktop\JRT.exe
2014-02-24 14:13 - 2014-02-24 14:13 - 00002792 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_141352.txt
2014-02-24 13:56 - 2014-02-23 12:43 - 03818496 _____ () C:\Users\Timothy Davis\Desktop\RogueKiller.exe
2014-02-24 12:39 - 2014-02-24 12:23 - 00000000 ____D () C:\AdwCleaner
2014-02-24 12:23 - 2014-02-24 12:23 - 01241834 _____ () C:\Users\Timothy Davis\Desktop\AdwCleaner.exe
2014-02-24 12:16 - 2014-02-24 12:16 - 00003337 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_D_02242014_121636.txt
2014-02-24 12:16 - 2014-02-24 12:16 - 00003264 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02242014_121615.txt
2014-02-24 12:16 - 2014-02-23 13:25 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\RK_Quarantine
2014-02-24 11:29 - 2014-02-24 11:29 - 01153912 _____ (Emsi Software GmbH) C:\Users\Timothy Davis\Desktop\BlitzBlank.exe
2014-02-24 11:14 - 2010-01-06 11:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 11:03 - 2014-02-24 11:03 - 00022296 _____ () C:\Users\Timothy Davis\Desktop\combo.txt
2014-02-24 10:17 - 2014-02-24 10:17 - 00022296 _____ () C:\ComboFix.txt
2014-02-24 10:17 - 2014-02-24 09:22 - 00000000 ____D () C:\Qoobox
2014-02-24 10:17 - 2009-05-21 18:49 - 00000000 ____D () C:\Users\Incomplete
2014-02-24 10:17 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-02-24 10:17 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-02-24 10:13 - 2014-02-24 09:19 - 00000000 ____D () C:\Windows\erdnt
2014-02-24 10:10 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-24 10:02 - 2009-03-25 15:31 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-02-24 09:18 - 2014-02-24 09:18 - 05184582 ____R (Swearware) C:\Users\Timothy Davis\Desktop\ComboFix.exe
2014-02-24 09:18 - 2014-02-24 09:18 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\backups
2014-02-24 09:10 - 2014-02-24 09:01 - 00014950 _____ () C:\Users\Timothy Davis\Desktop\hijackthis.log
2014-02-24 08:44 - 2014-02-24 08:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Timothy Davis\Desktop\HijackThis.exe
2014-02-24 08:37 - 2012-01-12 00:47 - 00139888 _____ () C:\Users\Timothy Davis\.ranktracker.properties
2014-02-24 08:37 - 2012-01-12 00:35 - 00000000 ____D () C:\Users\Timothy Davis\.ranktracker
2014-02-24 08:37 - 2007-09-04 07:26 - 00000000 ____D () C:\Users\Timothy Davis
2014-02-23 13:37 - 2014-02-23 13:37 - 00003211 _____ () C:\Users\Timothy Davis\Desktop\RKreport[0]_S_02232014_133740.txt
2014-02-23 12:32 - 2014-02-23 12:32 - 00001732 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-23 12:32 - 2014-02-23 12:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-22 15:36 - 2014-02-22 15:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-22 15:35 - 2014-02-22 15:35 - 00004238 _____ () C:\Windows\system32\.crusader
2014-02-22 15:06 - 2014-02-22 15:06 - 09988304 _____ (SurfRight B.V.) C:\Users\Timothy Davis\Desktop\HitmanPro.exe
2014-02-22 00:50 - 2014-02-22 00:50 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Malwarebytes
2014-02-22 00:49 - 2014-02-22 00:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-22 00:48 - 2014-02-22 00:48 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-22 00:48 - 2014-02-22 00:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-22 00:40 - 2014-02-22 00:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Timothy Davis\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-21 11:20 - 2014-02-21 11:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 22:28 - 2012-07-22 17:25 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-20 20:14 - 2012-04-02 22:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 20:14 - 2011-06-01 01:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 16:27 - 2012-05-30 20:28 - 00000680 _____ () C:\Users\Timothy Davis\AppData\Local\d3d9caps.dat
2014-02-20 16:24 - 2014-02-20 16:13 - 00003021 _____ () C:\Users\Timothy Davis\Desktop\avgrep.txt
2014-02-20 15:59 - 2006-11-02 07:47 - 00413584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-20 15:58 - 2014-02-20 15:58 - 00139136 _____ () C:\Windows\Minidump\Mini022014-01.dmp
2014-02-20 15:48 - 2014-02-20 15:48 - 00000000 ____D () C:\Windows\system32\bleep you
2014-02-20 03:49 - 2014-02-05 18:10 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\402 Bass Ln
2014-02-20 02:36 - 2012-02-24 14:24 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\Web Development
2014-02-18 12:11 - 2013-09-27 01:59 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\2615 Hilliard dr
2014-02-17 10:36 - 2013-10-24 15:49 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\Virtual Assets Inc
2014-02-17 10:36 - 2013-09-19 10:32 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\Mondrian Docs
2014-02-17 01:12 - 2014-02-17 01:12 - 00001832 _____ () C:\Users\Timothy Davis\Desktop\Skype.lnk
2014-02-16 23:08 - 2011-06-15 22:37 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Real
2014-02-16 00:54 - 2014-02-16 00:54 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-15 14:35 - 2012-04-25 08:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 00:37 - 2014-02-15 00:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-07 12:38 - 2013-12-10 17:50 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\TheWaterBottleStore.com
2014-02-06 18:35 - 2011-09-22 19:05 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-03 03:01 - 2011-06-09 19:29 - 00000000 ____D () C:\ProgramData\DivX
2014-02-03 03:00 - 2011-06-09 19:29 - 00000000 ____D () C:\Program Files\DivX
2014-02-02 11:21 - 2007-09-04 11:51 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Local\Adobe
2014-02-01 00:15 - 2014-02-01 00:15 - 00000000 ____D () C:\found.006
2014-01-31 14:37 - 2013-09-11 11:44 - 00000000 ____D () C:\Users\Timothy Davis\Desktop\1020 n Ransom 1003 w 5th
2014-01-31 03:43 - 2014-01-31 03:43 - 00000812 _____ () C:\Users\Public\Desktop\Market Samurai.lnk
2014-01-31 03:43 - 2014-01-31 03:42 - 00000000 ____D () C:\Program Files\Market Samurai
2014-01-29 16:39 - 2014-01-29 16:39 - 00000000 ____D () C:\Users\Timothy Davis\AppData\Roaming\MarketSamurai
2014-01-29 16:28 - 2011-09-25 02:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-01-28 07:14 - 2014-01-28 07:14 - 00000111 _____ () C:\lxdx.log

Some content of TEMP:
====================
C:\Users\Timothy Davis\AppData\Local\temp\6_Offer_18.exe
C:\Users\Timothy Davis\AppData\Local\temp\DM1393266902.exe
C:\Users\Timothy Davis\AppData\Local\temp\ntdll_dump.dll
C:\Users\Timothy Davis\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 15:47

==================== End Of Log ============================



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 AM

Posted 26 February 2014 - 04:08 PM

This worked well.
How is your computer running now? What problems or symptoms are still present?
Let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#15 greenlight20

greenlight20
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 26 February 2014 - 05:14 PM

everything appears to work.

I can't run eset, it says it is not a valid win/32 program






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users