Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware infection, restore point has dissappeared


  • This topic is locked This topic is locked
23 replies to this topic

#1 hamako

hamako

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 02 March 2014 - 01:13 PM

Hello,

 

 I've gotten help here before and now I'm back. And so is another infection that creates new tabs and windows with ads and creates video ads behind my Protopage windows. 

Nephew downloaded an emulator and have had trouble since.

  I went to restore from the system restore point created but that has dissappeared.

 

Any advice or help is appreciated.

 

Thanks, Cathy



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 02 March 2014 - 02:14 PM

Hello,

please run a FRST scan. That will help us diagnose your problems:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 hamako

hamako
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 02 March 2014 - 02:46 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 02
Ran by Cathy (administrator) on BENS on 02-03-2014 14:27:45
Running from C:\Users\Cathy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) c:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
() C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\WinRST\WinRST.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] - c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM-x32\...\Run: [DELLOSD] - C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2010-12-06] ()
HKLM-x32\...\Run: [Chicony_OSD] - C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [StickyNotesWidget] - c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe [666344 2011-03-18] ()
HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-01] (Sensible Vision )
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FAStartup] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKU\S-1-5-21-300985979-3815095824-1822543900-1000\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\S-1-5-21-300985979-3815095824-1822543900-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-300985979-3815095824-1822543900-1000\...\Run: [CloudSystemBooster] - C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2014-02-24] (Anvisoft)
HKU\S-1-5-21-300985979-3815095824-1822543900-1000\...\MountPoints2: {75027748-bca0-11e0-885b-806e6f6e6963} - D:\windows\setup.exe
Lsa: [Notification Packages] scecli FAPassSync

==================== Internet (Whitelisted) ====================

ProxyServer: http=http://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtBtByC0B0C0D0DtC0EtDtN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=956197339&ir=
SearchScopes: HKLM - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtBtByC0B0C0D0DtC0EtDtN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=956197339&ir=
SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2

FireFox:
========
FF ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\xws2lt6k.default-1393728804818
FF Homepage: hxxp://www.protopage.com/disyahoo
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ []
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-02-24] (Anvisoft)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [98304 2011-05-27] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-02-10] (Trusteer Ltd.)
R2 SavingsbullFilterService64; c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe [210432 2014-02-12] ()
R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-21] ()

==================== Drivers (Whitelisted) ====================

R1 Netfilter64; C:\Windows\System32\drivers\Netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-03] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-02-10] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-02-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-02-10] (Trusteer Ltd.)
S3 RkHit; C:\Windows\SysWOW64\drivers\RKHit.sys [34736 2010-12-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-09-23] (Trend Micro Inc.)
S3 cpuz134; \??\C:\Users\Cathy\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\AMPPAL.sys 9921E78BC29634235F4BF5809E7E8CDE
C:\Windows\System32\DRIVERS\amppal.sys 9921E78BC29634235F4BF5809E7E8CDE
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btmaux.sys 270FBA230E78E25726D065A924589A72
C:\Windows\System32\DRIVERS\btmhsf.sys 40C6FEC49D1CC4D112368A2BCD2BCBB7
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys DF214BFF646880D0EB31BDC86136B29B
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\facap.sys 2C1D443E14F376E8331F52F135DCA9EF
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\iBtFltCoex.sys FC47F5CF561BF0FD897EFD1A9604DCCF
C:\Windows\System32\DRIVERS\igdkmd64.sys 0D1B8C64BDF0E5CDC523A1409FFB5EF0
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\intelaud.sys CADDF0927DAC63EDAE48F5C35A61D87D
C:\Windows\System32\drivers\RTKVHD64.sys 230836EEFCE6D6DE9947384FC5B3FAC0
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\itecir.sys 8D990A44B4F2B68E2C56A3724EC3EB84
C:\Windows\System32\DRIVERS\iwdbus.sys 716F66336F10885D935B08174DC54242
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B
C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys C38B8AE57F78915905064A9A24DC1586
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\drivers\Netfilter64.sys 3E71B9D55EDE56BF5E11E923C0D09874
C:\Windows\System32\DRIVERS\NETwNs64.sys AC69618DE5BCCE8747C9AB0AAE1003C1
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys 000D82CC258E2D341605A6F350C4D1E6
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys BCDB116C40D3C4C8D4D3EF2EFE3BE27C
C:\Windows\System32\Drivers\RapportKE64.sys 9A8F69CEEC2062FCD156F53B867BDCEA
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 52EF7E3508EEF387100127AA75D28969
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 6D76E6433574B058ADCB0C50DF834492
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\SysWOW64\drivers\RKHit.sys 330E42B31708CA5A7BAD26FF96DE2DAE
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUVStor.sys CE0A1D8A59410E698140821E4E69DA0D
C:\Windows\System32\DRIVERS\Rt64win7.sys AFC12DFA4C7B089673AD67402CA19EDB
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys C6CC9297BD53E5229653303E556AA539
C:\Windows\System32\DRIVERS\Sftplaylh.sys 390AA7BC52CEE43F6790CDEA1E776703
C:\Windows\System32\DRIVERS\Sftredirlh.sys 617E29A0B0A2807466560D4C4E338D3E
C:\Windows\System32\DRIVERS\Sftvollh.sys 8F571F016FA1976F445147E9E6C8AE9B
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tmtdi.sys 065CB7D9278D778FB9EF62CEAD01433F
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys FB251567F41BC61988B26731DEC19E4B
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 19AD7990C0B67E48DAC5B26F99628223
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-02 14:26 - 2014-03-02 14:26 - 00000000 ____D () C:\Users\Cathy\Downloads\FRST-OlderVersion
2014-03-02 14:25 - 2014-03-02 14:27 - 00000000 ____D () C:\FRST
2014-03-02 12:28 - 2014-03-02 12:28 - 00000056 _____ () C:\Windows\setupact.log
2014-03-02 12:28 - 2014-03-02 12:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 23:10 - 2014-03-02 12:28 - 00003332 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-300985979-3815095824-1822543900-1000
2014-03-01 22:56 - 2014-03-01 22:56 - 00001274 _____ () C:\Users\Public\Desktop\Cloud System Booster.lnk
2014-03-01 22:55 - 2014-03-01 22:55 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-03-01 22:52 - 2014-03-01 22:55 - 15843784 _____ (Anvisoft) C:\Users\Cathy\Downloads\csbsetup.exe
2014-03-01 22:05 - 2014-03-01 22:06 - 00000000 ____D () C:\AdwCleaner
2014-03-01 22:04 - 2014-03-01 22:04 - 01037734 _____ (Thisisu) C:\Users\Cathy\Downloads\JRT.exe
2014-03-01 22:03 - 2014-03-01 22:03 - 01244192 _____ () C:\Users\Cathy\Downloads\adwcleaner.exe
2014-03-01 21:58 - 2014-03-01 21:58 - 00987425 _____ () C:\Users\Cathy\Downloads\SecurityCheck.exe
2014-03-01 07:32 - 2014-03-01 07:32 - 00000034 _____ () C:\Users\Cathy\Documents\amazonirsgiftcode.txt
2014-02-27 15:32 - 2014-02-27 15:32 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-25 07:05 - 2014-02-25 07:05 - 00000793 _____ () C:\Users\Cathy\Documents\CauliflowerCrustPizza.txt
2014-02-22 19:52 - 2014-03-01 23:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-22 19:20 - 2014-02-22 19:20 - 00000000 ____D () C:\Users\Cathy\AppData\Local\WinRST
2014-02-22 19:20 - 2014-02-22 19:20 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-02-22 18:55 - 2014-02-22 19:00 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-22 18:44 - 2014-03-02 14:28 - 330525394 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-02-22 18:44 - 2014-02-22 18:44 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-02-22 18:44 - 2014-02-22 18:44 - 00000000 _____ () C:\Windows\system32\Service.log
2014-02-22 18:43 - 2014-02-27 15:31 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-02-22 17:17 - 2014-02-22 17:17 - 00000000 ____D () C:\SUPERDelete
2014-02-22 14:16 - 2014-03-01 20:40 - 00002047 _____ () C:\Users\Cathy\Documents\inositolsamedosage.txt
2014-02-21 08:32 - 2014-02-22 14:16 - 00000000 ____D () C:\Users\Cathy\Documents\TurboTax
2014-02-21 08:29 - 2014-02-21 08:29 - 00000000 ____D () C:\Users\Cathy\AppData\Local\IsolatedStorage
2014-02-21 08:20 - 2014-02-21 08:20 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Intuit
2014-02-21 08:19 - 2014-02-21 21:33 - 00000313 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-21 08:08 - 2014-02-21 08:08 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
2014-02-21 08:01 - 2014-02-21 08:01 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2014-02-21 08:00 - 2014-02-21 08:07 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-21 07:54 - 2014-02-21 07:59 - 94408008 _____ () C:\Users\Cathy\Desktop\wturbotax1040dlxnsamz20130900101.exe
2014-02-21 07:53 - 2014-02-21 07:53 - 01054064 _____ (Amazon Services LLC) C:\Users\Cathy\Downloads\TurboTax_Deluxe_Fed_Efile_2013_with_Refund_Bonus_Offer_Downloader.exe
2014-02-20 16:20 - 2014-02-20 16:20 - 00003712 _____ () C:\Users\Cathy\Documents\strawberrycupcakesstrawberrymeringuebuttercream.txt
2014-02-19 19:57 - 2014-02-19 19:57 - 00001279 _____ () C:\Users\Cathy\Documents\lettertogrievinglori.txt
2014-02-19 17:59 - 2014-02-19 17:59 - 00000088 _____ () C:\Users\Cathy\Documents\notes.txt
2014-02-15 16:47 - 2014-02-15 16:47 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-14 09:26 - 2014-02-14 09:26 - 00002235 _____ () C:\Users\Cathy\Downloads\Boston Loves Impressionism voucher FINAL - Shortcut.lnk
2014-02-14 09:26 - 2014-02-14 09:26 - 00001121 _____ () C:\Users\Cathy\Desktop\Boston Loves Impressionism voucher FINAL - Shortcut.zip
2014-02-14 09:25 - 2014-02-14 09:25 - 00614574 _____ () C:\Users\Cathy\Downloads\Boston Loves Impressionism voucher FINAL.zip
2014-02-14 09:25 - 2014-02-14 09:25 - 00002291 _____ () C:\Users\Cathy\Desktop\Boston Loves Impressionism voucher FINAL - Shortcut.lnk
2014-02-10 07:49 - 2014-02-10 07:49 - 00000545 _____ () C:\Users\Cathy\Documents\ispsinotutility.txt

==================== One Month Modified Files and Folders =======

2014-03-02 14:28 - 2014-02-22 18:44 - 330525394 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-02 14:28 - 2013-12-22 19:15 - 00032302 _____ () C:\Users\Cathy\Downloads\FRST.txt
2014-03-02 14:28 - 2012-03-31 16:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 14:27 - 2014-03-02 14:25 - 00000000 ____D () C:\FRST
2014-03-02 14:26 - 2014-03-02 14:26 - 00000000 ____D () C:\Users\Cathy\Downloads\FRST-OlderVersion
2014-03-02 14:26 - 2013-12-22 18:51 - 02156544 _____ (Farbar) C:\Users\Cathy\Downloads\FRST64.exe
2014-03-02 13:38 - 2011-08-01 17:48 - 02581198 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 12:37 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-02 12:37 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-02 12:34 - 2009-07-14 00:13 - 00795790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 12:28 - 2014-03-02 12:28 - 00000056 _____ () C:\Windows\setupact.log
2014-03-02 12:28 - 2014-03-02 12:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-02 12:28 - 2014-03-01 23:10 - 00003332 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-300985979-3815095824-1822543900-1000
2014-03-02 12:28 - 2013-12-26 00:55 - 00003198 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-300985979-3815095824-1822543900-1000
2014-03-02 12:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-01 23:05 - 2014-02-22 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-01 23:05 - 2011-02-10 09:02 - 00000000 ____D () C:\Windows\panther
2014-03-01 22:56 - 2014-03-01 22:56 - 00001274 _____ () C:\Users\Public\Desktop\Cloud System Booster.lnk
2014-03-01 22:55 - 2014-03-01 22:55 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-03-01 22:55 - 2014-03-01 22:52 - 15843784 _____ (Anvisoft) C:\Users\Cathy\Downloads\csbsetup.exe
2014-03-01 22:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 22:06 - 2014-03-01 22:05 - 00000000 ____D () C:\AdwCleaner
2014-03-01 22:04 - 2014-03-01 22:04 - 01037734 _____ (Thisisu) C:\Users\Cathy\Downloads\JRT.exe
2014-03-01 22:03 - 2014-03-01 22:03 - 01244192 _____ () C:\Users\Cathy\Downloads\adwcleaner.exe
2014-03-01 21:58 - 2014-03-01 21:58 - 00987425 _____ () C:\Users\Cathy\Downloads\SecurityCheck.exe
2014-03-01 21:53 - 2013-06-19 07:04 - 00000000 ____D () C:\Users\Cathy\Desktop\Old Firefox Data
2014-03-01 20:40 - 2014-02-22 14:16 - 00002047 _____ () C:\Users\Cathy\Documents\inositolsamedosage.txt
2014-03-01 19:46 - 2012-01-15 15:19 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-03-01 07:32 - 2014-03-01 07:32 - 00000034 _____ () C:\Users\Cathy\Documents\amazonirsgiftcode.txt
2014-02-27 15:32 - 2014-02-27 15:32 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-27 15:31 - 2014-02-22 18:43 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-02-25 07:05 - 2014-02-25 07:05 - 00000793 _____ () C:\Users\Cathy\Documents\CauliflowerCrustPizza.txt
2014-02-22 19:20 - 2014-02-22 19:20 - 00000000 ____D () C:\Users\Cathy\AppData\Local\WinRST
2014-02-22 19:20 - 2014-02-22 19:20 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-02-22 19:05 - 2011-10-11 16:27 - 00000000 ___RD () C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-22 19:00 - 2014-02-22 18:55 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-22 18:44 - 2014-02-22 18:44 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-02-22 18:44 - 2014-02-22 18:44 - 00000000 _____ () C:\Windows\system32\Service.log
2014-02-22 18:01 - 2012-01-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-22 18:00 - 2012-01-15 15:16 - 00000000 ____D () C:\Users\Cathy\AppData\Local\Google
2014-02-22 17:36 - 2009-07-13 23:45 - 00274624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-22 17:17 - 2014-02-22 17:17 - 00000000 ____D () C:\SUPERDelete
2014-02-22 14:16 - 2014-02-21 08:32 - 00000000 ____D () C:\Users\Cathy\Documents\TurboTax
2014-02-21 21:33 - 2014-02-21 08:19 - 00000313 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-21 10:29 - 2012-03-31 16:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 10:29 - 2012-03-31 16:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 10:29 - 2011-08-01 17:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 08:29 - 2014-02-21 08:29 - 00000000 ____D () C:\Users\Cathy\AppData\Local\IsolatedStorage
2014-02-21 08:28 - 2011-10-11 16:24 - 00060496 _____ () C:\Users\Cathy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-21 08:20 - 2014-02-21 08:20 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Intuit
2014-02-21 08:08 - 2014-02-21 08:08 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
2014-02-21 08:07 - 2014-02-21 08:00 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-21 08:01 - 2014-02-21 08:01 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2014-02-21 07:59 - 2014-02-21 07:54 - 94408008 _____ () C:\Users\Cathy\Desktop\wturbotax1040dlxnsamz20130900101.exe
2014-02-21 07:53 - 2014-02-21 07:53 - 01054064 _____ (Amazon Services LLC) C:\Users\Cathy\Downloads\TurboTax_Deluxe_Fed_Efile_2013_with_Refund_Bonus_Offer_Downloader.exe
2014-02-20 16:20 - 2014-02-20 16:20 - 00003712 _____ () C:\Users\Cathy\Documents\strawberrycupcakesstrawberrymeringuebuttercream.txt
2014-02-19 19:57 - 2014-02-19 19:57 - 00001279 _____ () C:\Users\Cathy\Documents\lettertogrievinglori.txt
2014-02-19 17:59 - 2014-02-19 17:59 - 00000088 _____ () C:\Users\Cathy\Documents\notes.txt
2014-02-19 07:03 - 2013-12-25 07:47 - 00001453 _____ () C:\Users\Cathy\Desktop\somepswd.txt
2014-02-15 16:47 - 2014-02-15 16:47 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-14 09:26 - 2014-02-14 09:26 - 00002235 _____ () C:\Users\Cathy\Downloads\Boston Loves Impressionism voucher FINAL - Shortcut.lnk
2014-02-14 09:26 - 2014-02-14 09:26 - 00001121 _____ () C:\Users\Cathy\Desktop\Boston Loves Impressionism voucher FINAL - Shortcut.zip
2014-02-14 09:25 - 2014-02-14 09:25 - 00614574 _____ () C:\Users\Cathy\Downloads\Boston Loves Impressionism voucher FINAL.zip
2014-02-14 09:25 - 2014-02-14 09:25 - 00002291 _____ () C:\Users\Cathy\Desktop\Boston Loves Impressionism voucher FINAL - Shortcut.lnk
2014-02-10 11:35 - 2012-03-19 08:27 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-02-10 07:49 - 2014-02-10 07:49 - 00000545 _____ () C:\Users\Cathy\Documents\ispsinotutility.txt
2014-02-07 21:01 - 2013-04-04 05:49 - 00001446 _____ () C:\Users\Cathy\Documents\SloppyJoes.txt
2014-02-04 02:14 - 2013-12-22 19:32 - 00000086 _____ () C:\Windows\system32\lwsz.elz

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512512 ____A (Microsoft Corporation) 06861788843030EABBADFFC57C3568F1

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {7788c504-bc9e-11e0-add9-001fc69fa889}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {7788c506-bc9e-11e0-add9-001fc69fa889}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7788c504-bc9e-11e0-add9-001fc69fa889}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {7788c506-bc9e-11e0-add9-001fc69fa889}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{7788c507-bc9e-11e0-add9-001fc69fa889}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{7788c507-bc9e-11e0-add9-001fc69fa889}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {7788c504-bc9e-11e0-add9-001fc69fa889}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {7788c507-bc9e-11e0-add9-001fc69fa889}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2014-02-20 22:54

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2014 02
Ran by Cathy at 2014-03-02 14:28:24
Running from C:\Users\Cathy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP450 (HKLM\...\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}) (Version:  - )
CIR Registry (HKLM-x32\...\{AFA1FCA1-626E-403C-9BCA-968FECB62C4D}) (Version: 1.00.0000 - ITE)
Cloud System Booster (HKLM-x32\...\Cloud System Booster) (Version: 3.2 - Anvisoft)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.2124 - CyberLink Corp.)
CyberLink YouPaint (x32 Version: 1.2.2124 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell KM632 Wireless Keyboard Caps Lock Indicator (HKLM-x32\...\{55586382-6704-4237-AAA7-85FF9C055022}) (Version: 2.1.9.0401 - Dell)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Touch Software Suite Games (HKLM-x32\...\{6FB3428E-23AA-4CA1-BA9D-E6D5F3F692E4}) (Version: 1.5.133.0 - Fingertapps)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.46 - Creative Technology Ltd)
DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.10 - DELL)
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Face Recognition (HKLM\...\{2C5BEF49-4219-4751-9106-39604462939D}) (Version: 3.0.85.1 - Sensible Vision)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2401 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19800.9.10 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
PCSafeDoctor (HKLM-x32\...\PCSafeDoctor_is1) (Version: 2.0 - pcsafedoctor.com, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rapport (Version: 3.5.1205.20 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1304.48 - Trusteer) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6382 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden
SavingsbullFilter (Version: 1.0.0.0 - SavingsBull Filter) Hidden <==== ATTENTION
StickyNotes (HKLM-x32\...\{B0789AE7-70D4-454A-90D1-5BA5728E254A}) (Version: 1.5.135.0 - Dell)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1016 - SUPERAntiSpyware.com)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.8.21200.33.104 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.13500 - Nero AG)
TheSkyX First Light Edition (HKLM-x32\...\{ECE3188A-3B11-4332-B1B9-43FAA9A02626}) (Version: 10.1.6 - Software Bisque)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.48 - Trusteer)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1755 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0463 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0162 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax 2013 wriiper (x32 Version: 013.000.1031 - Intuit Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-02-22 18:59 - 00008953 ____A C:\Windows\system32\Drivers\etc\hosts
216.239.32.20 google.com www.google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
216.239.32.20 google.com www.google.bi
216.239.32.20 google.com www.google.bj
216.239.32.20 google.com www.google.com.bn
216.239.32.20 google.com www.google.com.bo
216.239.32.20 google.com www.google.com.br
216.239.32.20 google.com www.google.bs
216.239.32.20 google.com www.google.bt
216.239.32.20 google.com www.google.co.bw
216.239.32.20 google.com www.google.by

There are 162 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {42D0AC5F-08AF-4157-BAC6-6E05B7CF9F0C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-300985979-3815095824-1822543900-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {64497A71-20E1-4CCD-9AC9-483A2E1643A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {88D2B553-441B-4307-BE44-B69FB2C8B459} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AEBA22CB-DD28-4DFB-AB57-9E54E1FCD38F} - System32\Tasks\{0C7E5147-4BFF-4B4A-A1A1-4863C68F6311} => C:\Users\Public\Desktop\Trend_Micro.exe [2012-08-17] (Trend Micro Inc.)
Task: {C1E38A34-C806-4B94-931E-1F807BE57525} - System32\Tasks\{A8DE6BE6-85ED-DF46-140C-41729D593F64} => C:\Users\Cathy\AppData\Roaming\jgmuy.exe
Task: {C391FC6F-95A8-4B29-B6B5-69B9A31BDAED} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {D3FA3893-C7ED-4223-845F-D95D128E0BC7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-300985979-3815095824-1822543900-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-29] (RealNetworks, Inc.)
Task: {E5712E4A-1FE6-497A-AA61-377A1DE7C535} - System32\Tasks\{3B0C0C13-76FC-4F7A-84CE-6A9666FBE041} => C:\Users\Public\Desktop\Trend_Micro.exe [2012-08-17] (Trend Micro Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-11-01 22:40 - 2010-11-01 22:40 - 00092808 _____ () C:\Windows\system32\FAIEExtension.DLL
2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-08-01 18:01 - 2011-05-27 17:33 - 00098304 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2011-08-01 18:01 - 2011-06-08 20:05 - 00017408 _____ () C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
2014-02-12 14:16 - 2014-02-12 14:16 - 00210432 _____ () c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
2014-02-02 11:26 - 2014-02-02 11:26 - 00317952 _____ () c:\Program Files\SavingsbullFilter\ProtocolFilters.dll
2013-11-19 00:42 - 2013-11-19 00:42 - 00110080 _____ () c:\Program Files\SavingsbullFilter\nfapi.dll
2014-02-22 19:20 - 2014-02-21 12:13 - 00059904 _____ () C:\Program Files (x86)\WinRST\WinRST.exe
2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-08-01 19:32 - 2011-05-21 15:32 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-20 11:07 - 2014-02-20 21:16 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-02-24 01:00 - 2014-02-24 01:00 - 00018616 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\Public.dll
2013-11-27 04:33 - 2013-11-27 04:33 - 00156344 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\ui.dll
2013-11-27 04:33 - 2013-11-27 04:33 - 00090808 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\libglognc.dll
2014-02-24 01:00 - 2014-02-24 01:00 - 00028856 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\extentions\TestExtention.dll
2014-02-22 19:52 - 2014-02-22 19:53 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-21 10:29 - 2014-02-21 10:29 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\66085997.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\66085997.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Dell Webcam Central => Disable_By_"C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Google Update => "C:\Users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft WPD Enhanced Storage Password Driver
Description: Microsoft WPD Enhanced Storage Password Driver
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: (Enhanced Storage Device)
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Virtual WiFi Miniport Adapter #3
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2014 00:45:32 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (03/02/2014 00:38:42 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (03/02/2014 00:28:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 09:31:16 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (03/02/2014 09:28:33 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (03/02/2014 09:18:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/02/2014 00:29:45 PM) (Source: Service Control Manager) (User: )
Description: The WinRST service hung on starting.

Error: (03/02/2014 00:28:18 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (03/02/2014 00:28:17 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (03/02/2014 00:28:16 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (03/02/2014 00:28:15 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/02/2014 00:28:09 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorCertDrv) (User: NT AUTHORITY)
Description: Password device is not compatible with Windows.

Error: (03/02/2014 09:19:53 AM) (Source: Service Control Manager) (User: )
Description: The WinRST service hung on starting.

Error: (03/02/2014 09:18:26 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (03/02/2014 09:18:25 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (03/02/2014 09:18:25 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (03/02/2014 00:45:32 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (03/02/2014 00:38:42 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (03/02/2014 00:28:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2014 09:31:16 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (03/02/2014 09:28:33 AM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (03/02/2014 09:18:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 4001.09 MB
Available physical RAM: 1514.54 MB
Total Pagefile: 8000.38 MB
Available Pagefile: 5137.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.22 GB) (Free:11.48 GB) NTFS
Drive d: (TheSkyX First Li) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 3C42F125)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 02 March 2014 - 05:14 PM

Hello,

I see several problems on your computer. We have to tackle them one by one.
Please run FRST from RE to start with:


Move FRST to a flash drive.
  • Plug the flashdrive into the infected PC.
Enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#5 hamako

hamako
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 02 March 2014 - 06:00 PM

I found the flag drive letter as 'F'. f:\frst...is not recognized as an internal or external command, operable program or batch file.

#6 hamako

hamako
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 02 March 2014 - 07:41 PM

Still can't get the flash drive to work. I changed the letter to 'j', tried it as 'e' instead of 'f', added suffix of '64', and got various responses including the initial one posted in the prior message and also, "THE DEVICE IS NOT READY"



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 03 March 2014 - 05:37 AM

So everything worked well until the point where you are in the command prompt and enter the command?
Have you copied frst64.exe directly to the flash drive and not in a sub-directory?
Have you used the correct drive letter of your flash drive? (It's written in the description how to find it.)
The command you should use is e:\frst64.exe (with e standing for the correct drive letter).

#8 hamako

hamako
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 03 March 2014 - 07:03 AM

Please run FRST from RE to start with:
Move FRST to a flash drive.

I don't know what 'RE' is.

 

<Have you copied frst64.exe directly to the flash drive and not in a sub-directory?>

 

I'm so sorry, I have no idea. First, I've never used a flash drive before.
I these were instructions to copy to a flash drive.



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 03 March 2014 - 07:26 AM

Ok, let's try something else then:
  • Start FRST with Administrator privileges.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When finished, a log file (Search.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

Edited by aharonov, 03 March 2014 - 07:27 AM.


#10 hamako

hamako
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 03 March 2014 - 09:02 AM

Farbar Recovery Scan Tool (x64) Version: 02-03-2014 02
Ran by Cathy at 2014-03-03 08:52:41
Running from C:\Users\Cathy\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512512 ____A (Microsoft Corporation) 06861788843030EABBADFFC57C3568F1

====== End Of Search ======



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 03 March 2014 - 09:36 AM

Please download this attached Attached File  fixlist.txt   172bytes   6 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.


#12 hamako

hamako
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 03 March 2014 - 08:34 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 02
Ran by Cathy at 2014-03-03 20:26:14 Run:1
Running from C:\Users\Cathy\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
Reboot:
*****************

C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll


The system needed a reboot.

==== End of Fixlog ====



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 04 March 2014 - 04:07 AM

Ok, now reboot your computer an run a fresh FRST scan:


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#14 hamako

hamako
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 04 March 2014 - 07:44 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 02
Ran by Cathy (administrator) on BENS on 04-03-2014 07:40:03
Running from C:\Users\Cathy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) c:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
() C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\WinRST\WinRST.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) c:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] - c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM-x32\...\Run: [DELLOSD] - C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2010-12-06] ()
HKLM-x32\...\Run: [Chicony_OSD] - C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [StickyNotesWidget] - c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe [666344 2011-03-18] ()
HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-01] (Sensible Vision )
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FAStartup] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKU\S-1-5-21-300985979-3815095824-1822543900-1000\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\S-1-5-21-300985979-3815095824-1822543900-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-300985979-3815095824-1822543900-1000\...\Run: [CloudSystemBooster] - C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2014-02-24] (Anvisoft)
Lsa: [Notification Packages] scecli FAPassSync

==================== Internet (Whitelisted) ====================

ProxyServer: http=http://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtBtByC0B0C0D0DtC0EtDtN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=956197339&ir=
SearchScopes: HKLM - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzzzyDtAtB0EtBtByC0B0C0D0DtC0EtDtN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=956197339&ir=
SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SSOIEAddonBHO Class - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2

FireFox:
========
FF ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\xws2lt6k.default-1393728804818
FF Homepage: hxxp://www.protopage.com/disyahoo
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ []
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-02-24] (Anvisoft)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [98304 2011-05-27] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-02-10] (Trusteer Ltd.)
R2 SavingsbullFilterService64; c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe [210432 2014-02-12] ()
R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-21] ()

==================== Drivers (Whitelisted) ====================

R1 Netfilter64; C:\Windows\System32\drivers\Netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-03] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-02-10] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-02-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-02-10] (Trusteer Ltd.)
S3 RkHit; C:\Windows\SysWOW64\drivers\RKHit.sys [34736 2010-12-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-09-23] (Trend Micro Inc.)
S3 cpuz134; \??\C:\Users\Cathy\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-03 08:50 - 2014-03-03 09:00 - 00000631 _____ () C:\Users\Cathy\Downloads\Search.txt
2014-03-02 14:43 - 2014-03-02 14:43 - 00048843 _____ () C:\Users\Cathy\Downloads\Shortcut.txt
2014-03-02 14:28 - 2014-03-02 14:43 - 00030261 _____ () C:\Users\Cathy\Downloads\Addition.txt
2014-03-02 14:26 - 2014-03-02 14:26 - 00000000 ____D () C:\Users\Cathy\Downloads\FRST-OlderVersion
2014-03-02 14:25 - 2014-03-04 07:40 - 00000000 ____D () C:\FRST
2014-03-02 12:28 - 2014-03-04 07:38 - 00001298 _____ () C:\Windows\setupact.log
2014-03-02 12:28 - 2014-03-02 12:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 23:10 - 2014-03-04 07:38 - 00003332 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-300985979-3815095824-1822543900-1000
2014-03-01 22:56 - 2014-03-01 22:56 - 00001274 _____ () C:\Users\Public\Desktop\Cloud System Booster.lnk
2014-03-01 22:55 - 2014-03-01 22:55 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-03-01 22:52 - 2014-03-01 22:55 - 15843784 _____ (Anvisoft) C:\Users\Cathy\Downloads\csbsetup.exe
2014-03-01 22:05 - 2014-03-01 22:06 - 00000000 ____D () C:\AdwCleaner
2014-03-01 22:04 - 2014-03-01 22:04 - 01037734 _____ (Thisisu) C:\Users\Cathy\Downloads\JRT.exe
2014-03-01 22:03 - 2014-03-01 22:03 - 01244192 _____ () C:\Users\Cathy\Downloads\adwcleaner.exe
2014-03-01 21:58 - 2014-03-01 21:58 - 00987425 _____ () C:\Users\Cathy\Downloads\SecurityCheck.exe
2014-03-01 07:32 - 2014-03-01 07:32 - 00000034 _____ () C:\Users\Cathy\Documents\amazonirsgiftcode.txt
2014-02-27 15:32 - 2014-02-27 15:32 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-25 07:05 - 2014-02-25 07:05 - 00000793 _____ () C:\Users\Cathy\Documents\CauliflowerCrustPizza.txt
2014-02-22 19:52 - 2014-03-01 23:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-22 19:20 - 2014-02-22 19:20 - 00000000 ____D () C:\Users\Cathy\AppData\Local\WinRST
2014-02-22 19:20 - 2014-02-22 19:20 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-02-22 18:55 - 2014-02-22 19:00 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-22 18:44 - 2014-03-04 07:40 - 464896868 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-02-22 18:44 - 2014-02-22 18:44 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-02-22 18:44 - 2014-02-22 18:44 - 00000000 _____ () C:\Windows\system32\Service.log
2014-02-22 18:43 - 2014-02-27 15:31 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-02-22 17:17 - 2014-02-22 17:17 - 00000000 ____D () C:\SUPERDelete
2014-02-22 14:16 - 2014-03-01 20:40 - 00002047 _____ () C:\Users\Cathy\Documents\inositolsamedosage.txt
2014-02-21 08:32 - 2014-02-22 14:16 - 00000000 ____D () C:\Users\Cathy\Documents\TurboTax
2014-02-21 08:29 - 2014-02-21 08:29 - 00000000 ____D () C:\Users\Cathy\AppData\Local\IsolatedStorage
2014-02-21 08:20 - 2014-02-21 08:20 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Intuit
2014-02-21 08:19 - 2014-02-21 21:33 - 00000313 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-21 08:08 - 2014-02-21 08:08 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
2014-02-21 08:01 - 2014-02-21 08:01 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2014-02-21 08:00 - 2014-02-21 08:07 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-21 07:54 - 2014-02-21 07:59 - 94408008 _____ () C:\Users\Cathy\Desktop\wturbotax1040dlxnsamz20130900101.exe
2014-02-21 07:53 - 2014-02-21 07:53 - 01054064 _____ (Amazon Services LLC) C:\Users\Cathy\Downloads\TurboTax_Deluxe_Fed_Efile_2013_with_Refund_Bonus_Offer_Downloader.exe
2014-02-20 16:20 - 2014-02-20 16:20 - 00003712 _____ () C:\Users\Cathy\Documents\strawberrycupcakesstrawberrymeringuebuttercream.txt
2014-02-19 19:57 - 2014-02-19 19:57 - 00001279 _____ () C:\Users\Cathy\Documents\lettertogrievinglori.txt
2014-02-19 17:59 - 2014-02-19 17:59 - 00000088 _____ () C:\Users\Cathy\Documents\notes.txt
2014-02-15 16:47 - 2014-02-15 16:47 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-14 09:26 - 2014-02-14 09:26 - 00002235 _____ () C:\Users\Cathy\Downloads\Boston Loves Impressionism voucher FINAL - Shortcut.lnk
2014-02-14 09:26 - 2014-02-14 09:26 - 00001121 _____ () C:\Users\Cathy\Desktop\Boston Loves Impressionism voucher FINAL - Shortcut.zip
2014-02-14 09:25 - 2014-02-14 09:25 - 00614574 _____ () C:\Users\Cathy\Downloads\Boston Loves Impressionism voucher FINAL.zip
2014-02-14 09:25 - 2014-02-14 09:25 - 00002291 _____ () C:\Users\Cathy\Desktop\Boston Loves Impressionism voucher FINAL - Shortcut.lnk
2014-02-10 07:49 - 2014-02-10 07:49 - 00000545 _____ () C:\Users\Cathy\Documents\ispsinotutility.txt

==================== One Month Modified Files and Folders =======

2014-03-04 07:40 - 2014-03-02 14:25 - 00000000 ____D () C:\FRST
2014-03-04 07:40 - 2014-02-22 18:44 - 464896868 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-04 07:40 - 2013-12-22 19:15 - 00014594 _____ () C:\Users\Cathy\Downloads\FRST.txt
2014-03-04 07:38 - 2014-03-02 12:28 - 00001298 _____ () C:\Windows\setupact.log
2014-03-04 07:38 - 2014-03-01 23:10 - 00003332 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-300985979-3815095824-1822543900-1000
2014-03-04 07:38 - 2013-12-26 00:55 - 00003198 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-300985979-3815095824-1822543900-1000
2014-03-04 07:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 07:28 - 2012-03-31 16:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-04 06:37 - 2011-08-01 17:48 - 02590512 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 20:38 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 20:38 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 20:33 - 2009-07-14 00:13 - 00795790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 09:00 - 2014-03-03 08:50 - 00000631 _____ () C:\Users\Cathy\Downloads\Search.txt
2014-03-02 17:31 - 2013-09-08 12:34 - 00001404 _____ () C:\Users\Cathy\Documents\somepswd.txt
2014-03-02 14:43 - 2014-03-02 14:43 - 00048843 _____ () C:\Users\Cathy\Downloads\Shortcut.txt
2014-03-02 14:43 - 2014-03-02 14:28 - 00030261 _____ () C:\Users\Cathy\Downloads\Addition.txt
2014-03-02 14:26 - 2014-03-02 14:26 - 00000000 ____D () C:\Users\Cathy\Downloads\FRST-OlderVersion
2014-03-02 14:26 - 2013-12-22 18:51 - 02156544 _____ (Farbar) C:\Users\Cathy\Downloads\FRST64.exe
2014-03-02 12:28 - 2014-03-02 12:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 23:05 - 2014-02-22 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-01 23:05 - 2011-02-10 09:02 - 00000000 ____D () C:\Windows\panther
2014-03-01 22:56 - 2014-03-01 22:56 - 00001274 _____ () C:\Users\Public\Desktop\Cloud System Booster.lnk
2014-03-01 22:55 - 2014-03-01 22:55 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-03-01 22:55 - 2014-03-01 22:52 - 15843784 _____ (Anvisoft) C:\Users\Cathy\Downloads\csbsetup.exe
2014-03-01 22:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 22:06 - 2014-03-01 22:05 - 00000000 ____D () C:\AdwCleaner
2014-03-01 22:04 - 2014-03-01 22:04 - 01037734 _____ (Thisisu) C:\Users\Cathy\Downloads\JRT.exe
2014-03-01 22:03 - 2014-03-01 22:03 - 01244192 _____ () C:\Users\Cathy\Downloads\adwcleaner.exe
2014-03-01 21:58 - 2014-03-01 21:58 - 00987425 _____ () C:\Users\Cathy\Downloads\SecurityCheck.exe
2014-03-01 21:53 - 2013-06-19 07:04 - 00000000 ____D () C:\Users\Cathy\Desktop\Old Firefox Data
2014-03-01 20:40 - 2014-02-22 14:16 - 00002047 _____ () C:\Users\Cathy\Documents\inositolsamedosage.txt
2014-03-01 19:46 - 2012-01-15 15:19 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-03-01 07:32 - 2014-03-01 07:32 - 00000034 _____ () C:\Users\Cathy\Documents\amazonirsgiftcode.txt
2014-02-27 15:32 - 2014-02-27 15:32 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-27 15:31 - 2014-02-22 18:43 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-02-25 07:05 - 2014-02-25 07:05 - 00000793 _____ () C:\Users\Cathy\Documents\CauliflowerCrustPizza.txt
2014-02-22 19:20 - 2014-02-22 19:20 - 00000000 ____D () C:\Users\Cathy\AppData\Local\WinRST
2014-02-22 19:20 - 2014-02-22 19:20 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-02-22 19:05 - 2011-10-11 16:27 - 00000000 ___RD () C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-22 19:00 - 2014-02-22 18:55 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-22 18:44 - 2014-02-22 18:44 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-02-22 18:44 - 2014-02-22 18:44 - 00000000 _____ () C:\Windows\system32\Service.log
2014-02-22 18:01 - 2012-01-15 15:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-22 18:00 - 2012-01-15 15:16 - 00000000 ____D () C:\Users\Cathy\AppData\Local\Google
2014-02-22 17:36 - 2009-07-13 23:45 - 00274624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-22 17:17 - 2014-02-22 17:17 - 00000000 ____D () C:\SUPERDelete
2014-02-22 14:16 - 2014-02-21 08:32 - 00000000 ____D () C:\Users\Cathy\Documents\TurboTax
2014-02-21 21:33 - 2014-02-21 08:19 - 00000313 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-21 10:29 - 2012-03-31 16:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 10:29 - 2012-03-31 16:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 10:29 - 2011-08-01 17:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 08:29 - 2014-02-21 08:29 - 00000000 ____D () C:\Users\Cathy\AppData\Local\IsolatedStorage
2014-02-21 08:28 - 2011-10-11 16:24 - 00060496 _____ () C:\Users\Cathy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-21 08:20 - 2014-02-21 08:20 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Intuit
2014-02-21 08:08 - 2014-02-21 08:08 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
2014-02-21 08:07 - 2014-02-21 08:00 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-21 08:01 - 2014-02-21 08:01 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2014-02-21 07:59 - 2014-02-21 07:54 - 94408008 _____ () C:\Users\Cathy\Desktop\wturbotax1040dlxnsamz20130900101.exe
2014-02-21 07:53 - 2014-02-21 07:53 - 01054064 _____ (Amazon Services LLC) C:\Users\Cathy\Downloads\TurboTax_Deluxe_Fed_Efile_2013_with_Refund_Bonus_Offer_Downloader.exe
2014-02-20 16:20 - 2014-02-20 16:20 - 00003712 _____ () C:\Users\Cathy\Documents\strawberrycupcakesstrawberrymeringuebuttercream.txt
2014-02-19 19:57 - 2014-02-19 19:57 - 00001279 _____ () C:\Users\Cathy\Documents\lettertogrievinglori.txt
2014-02-19 17:59 - 2014-02-19 17:59 - 00000088 _____ () C:\Users\Cathy\Documents\notes.txt
2014-02-19 07:03 - 2013-12-25 07:47 - 00001453 _____ () C:\Users\Cathy\Desktop\somepswd.txt
2014-02-15 16:47 - 2014-02-15 16:47 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-14 09:26 - 2014-02-14 09:26 - 00002235 _____ () C:\Users\Cathy\Downloads\Boston Loves Impressionism voucher FINAL - Shortcut.lnk
2014-02-14 09:26 - 2014-02-14 09:26 - 00001121 _____ () C:\Users\Cathy\Desktop\Boston Loves Impressionism voucher FINAL - Shortcut.zip
2014-02-14 09:25 - 2014-02-14 09:25 - 00614574 _____ () C:\Users\Cathy\Downloads\Boston Loves Impressionism voucher FINAL.zip
2014-02-14 09:25 - 2014-02-14 09:25 - 00002291 _____ () C:\Users\Cathy\Desktop\Boston Loves Impressionism voucher FINAL - Shortcut.lnk
2014-02-10 11:35 - 2012-03-19 08:27 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-02-10 07:49 - 2014-02-10 07:49 - 00000545 _____ () C:\Users\Cathy\Documents\ispsinotutility.txt
2014-02-07 21:01 - 2013-04-04 05:49 - 00001446 _____ () C:\Users\Cathy\Documents\SloppyJoes.txt
2014-02-04 02:14 - 2013-12-22 19:32 - 00000086 _____ () C:\Windows\system32\lwsz.elz

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-03 10:09

==================== End Of Log ============================



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 04 March 2014 - 08:10 AM

Great! It looks like this worked.
Let's continue: Please do the following steps. What problems and symptoms are still present afterwards?


Step 1

Please download this attached Attached File  fixlist.txt   1.58KB   2 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download Malwarebytes Anti-Malware and save it to your Desktop.

  • Execute the downloaded setup to install MBAM on your computer.
  • Start MBAM with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

 

 

 

Step 3

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!


Edited by aharonov, 04 March 2014 - 08:11 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users