Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need to get rid of Aluroot Rtk!


  • This topic is locked This topic is locked
23 replies to this topic

#1 adambk

adambk

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 06 March 2014 - 02:28 PM

Hello,

 

A couple of days ago, Avast notified me that the trojan, Aluroot Rtk, had infected my computer. I am running Windows Vista (SP1). I am not sure how I got it exactly, but I suspect that it happened while watching videos online. Please help me get rid of this since I am weary about editing registry keys.

 

Thank you,

Adam 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 06 March 2014 - 02:38 PM





Hello Adam

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 09 March 2014 - 01:45 PM


Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 adambk

adambk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 10 March 2014 - 12:41 PM

Hey,

 

I'm sorry for the delay, but I needed to backup files. I have school all day today, but I will try to continue with your instructions ASAP. Thank you for your quick response though! I am asking for just a bit more time. 

 

Thank you



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 10 March 2014 - 01:08 PM

no problem and i will check on you again later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 adambk

adambk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 11 March 2014 - 10:27 PM

Hey Gringo,

 

I ran the FRST and here are the logs: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014
Ran by Pat (administrator) on PAT-PC on 11-03-2014 23:16:02
Running from C:\Users\Pat\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [jswtrayutil] - "C:\Program Files\Jumpstart\jswtrayutil.exe"
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] - cfFncEnabler.exe
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe [1242424 2008-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-03] (Google)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [51048 2008-10-17] (Symantec Corporation)
HKLM\...\Run: [osCheck] - C:\Program Files\Norton 360\osCheck.exe [988512 2008-02-26] (Symantec Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [449608 2011-08-31] (Malwarebytes Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1047208 2011-08-31] (Malwarebytes Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-04] (AVAST Software)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2923979286-2321533518-2998126569-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\S-1-5-21-2923979286-2321533518-2998126569-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-04-19] (Google Inc.)
HKU\S-1-5-21-2923979286-2321533518-2998126569-1000\...\MountPoints2: {3c061339-7669-11de-8960-001e33b4e818} - mt.bat
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-03] (Google)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=DKpRKBbgjSfiG7ww4dshM24bSzM?q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4ndu8w7u.default
FF NewTab: hxxp://www.google.com/firefox
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4ndu8w7u.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-12]
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-11-27]
CHR Extension: (Google Search) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Zotero Connector) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2013-11-27]
CHR Extension: (AdBlock) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-27]
CHR Extension: (avast! Online Security) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-09]
CHR Extension: (Pocket Website) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2013-11-27]
CHR Extension: (tab packager by tab.bz) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2013-11-27]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-11-27]
CHR Extension: (Google Wallet) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Evernote Web Clipper) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-11-27]
CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-09]
 
========================== Services (Whitelisted) =================
 
S4 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-21] (Symantec Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-04] (AVAST Software)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-08] (CobianSoft, Luis Cobian)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149352 2008-10-17] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [55640 2007-08-21] (Symantec Corporation)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [164600 2008-05-28] (WildTangent, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-03] (Google)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-09-05] (Symantec Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-03-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-03-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-03-04] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-03-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-16] ()
S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22216 2011-08-31] (Malwarebytes Corporation)
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation)
S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [13616 2009-02-19] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2009-06-09] (Symantec Corporation)
S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [96560 2009-02-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2009-02-19] (Symantec Corporation)
S3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [41008 2009-02-19] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2009-02-19] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [184496 2009-02-19] (Symantec Corporation)
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-11 23:16 - 2014-03-11 23:17 - 00023809 _____ () C:\Users\Pat\Downloads\FRST.txt
2014-03-11 23:15 - 2014-03-11 23:16 - 00000000 ____D () C:\FRST
2014-03-11 23:14 - 2014-03-11 23:14 - 01145856 _____ (Farbar) C:\Users\Pat\Downloads\FRST.exe
2014-03-10 13:13 - 2014-03-10 13:13 - 00008405 _____ () C:\Users\Pat\Downloads\Lab_2_In_Class_2014 (1).R
2014-03-10 13:13 - 2014-03-10 13:13 - 00007848 _____ () C:\Users\Pat\Downloads\LAb_6_In_Class.R
2014-03-08 18:24 - 2014-03-08 19:36 - 2811837341 _____ () C:\Users\Pat\Desktop\Bkup_030814_1 2014-03-08 17;20;45 (Full).zip
2014-03-08 18:16 - 2014-03-08 18:17 - 00000046 ____N () C:\Users\Pat\Desktop\Bkup_030814 2014-03-08 17;13;36 (Full).zip
2014-03-08 17:59 - 2014-03-08 17:59 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-03-08 17:53 - 2014-03-08 17:54 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\Pat\Downloads\cbSetup.exe
2014-03-06 01:45 - 2014-03-06 01:47 - 00000735 ____N () C:\Users\Pat\Documents\refinedQ_FieldMethHW2.csv
2014-03-06 01:21 - 2014-03-06 03:14 - 00000542 ____N () C:\Users\Pat\Documents\FieldmethHW2.R
2014-03-06 01:20 - 2014-03-06 01:28 - 00030988 ____N () C:\Users\Pat\Documents\Boxplot_discharge_FieldMeth_HW2.jpeg
2014-03-06 00:32 - 2014-03-06 00:32 - 00000836 ____N () C:\Users\Pat\Downloads\Q.csv
2014-03-04 09:45 - 2014-03-11 22:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf37affe30ef10.job
2014-03-04 02:27 - 2014-03-04 02:27 - 00104410 ____N () C:\Users\Pat\Downloads\pw04.cap
2014-03-04 02:10 - 2014-03-04 02:10 - 00422649 ____N () C:\Users\Pat\Downloads\download (1).htm
2014-03-04 02:10 - 2014-03-04 02:10 - 00422634 ____N () C:\Users\Pat\Downloads\download.htm
2014-03-03 15:47 - 2014-03-03 15:47 - 00010891 ____N () C:\Users\Pat\Downloads\Lab_5_2014_In_Class.R
2014-03-02 23:58 - 2014-03-02 23:58 - 00018447 ____N () C:\Users\Pat\Downloads\Initial_Model-2014-03-02.zip
2014-03-02 23:58 - 2014-03-02 23:58 - 00000000 ____D () C:\Users\Pat\Downloads\Initial_Model-2014-03-02
2014-02-26 03:07 - 2014-02-26 03:07 - 00004089 ____N () C:\Users\Pat\Downloads\HOMER Cost Breakdown.xlsx
2014-02-26 01:01 - 2014-02-26 01:01 - 00006218 ____N () C:\Users\Pat\Downloads\1_CPV_1MW.hmr
2014-02-25 21:42 - 2014-02-27 16:52 - 00000000 ____D () C:\Program Files\AethLabs
2014-02-24 16:24 - 2014-02-24 16:24 - 03771478 ____N () C:\Users\Pat\Downloads\chap7-2014-02-24.zip
2014-02-24 16:14 - 2014-02-24 16:14 - 05107162 ____N () C:\Users\Pat\Downloads\Lab4_Vector_Data_Input_Editing (1).rar
2014-02-21 18:43 - 2014-02-22 18:46 - 00000000 ____D () C:\Users\Pat\Downloads\DEEP5 (5)
2014-02-21 18:43 - 2014-02-21 18:43 - 02399022 ____N () C:\Users\Pat\Downloads\DEEP5 (5).zip
2014-02-20 16:39 - 2014-02-20 16:41 - 49668247 ____N () C:\Users\Pat\Downloads\Building_Energy_Modeling-2014-02-20.zip
2014-02-20 04:18 - 2014-02-20 04:18 - 07208822 ____N () C:\Users\Pat\Downloads\Lecture-09+Carbon+mineralization+_Park_.pptx
2014-02-19 16:11 - 2014-02-21 00:55 - 00006178 ____N () C:\Users\Pat\Documents\Lecture_5_example.R
2014-02-17 20:37 - 2014-02-17 20:37 - 00000000 ____D () C:\Users\Pat\Downloads\pete
2014-02-17 20:37 - 2012-01-08 20:20 - 01679125 ____N () C:\Users\Pat\Downloads\california_boundary_shapefile.rar
2014-02-17 20:37 - 2004-09-07 11:55 - 00430080 ____N () C:\Users\Pat\Downloads\Pete.mxd
2014-02-17 20:36 - 2014-02-17 20:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-02-17 20:20 - 2014-02-17 20:20 - 05107162 ____N () C:\Users\Pat\Downloads\Lab4_Vector_Data_Input_Editing.rar
2014-02-17 14:05 - 2014-02-17 14:05 - 00004047 ____N () C:\Users\Pat\Downloads\Lab_4_2014_In_Class (1).R
2014-02-17 14:02 - 2014-02-17 14:02 - 00004047 ____N () C:\Users\Pat\Downloads\Lab_4_2014_In_Class.R
2014-02-17 03:53 - 2014-02-17 03:53 - 00001667 ____N () C:\Users\Pat\Downloads\aaascript.R
2014-02-13 17:17 - 2014-02-13 17:17 - 01787392 ____N () C:\Users\Pat\Downloads\Lecture2.ppt
2014-02-12 23:40 - 2014-02-12 23:40 - 00337767 ____N () C:\Users\Pat\Downloads\Kaylie PreProposal.zip
2014-02-12 19:16 - 2014-02-12 19:16 - 00004867 ____N () C:\Users\Pat\Downloads\HW1Data.csv
2014-02-12 16:40 - 2014-02-12 16:40 - 00043008 ____N () C:\Users\Pat\Downloads\class2.xls
2014-02-12 15:57 - 2014-02-12 15:57 - 00074752 ____N () C:\Users\Pat\Downloads\class1.xls
2014-02-11 16:07 - 2014-02-11 16:07 - 00004594 ____N () C:\Users\Pat\Downloads\1_CPV (2).hmr
2014-02-10 15:42 - 2014-02-10 15:42 - 00004458 ____N () C:\Users\Pat\Downloads\Lab_3_2014_In_Class.R
2014-02-10 00:15 - 2014-02-26 03:32 - 00000000 ____D () C:\Users\Pat\Documents\HOMER Results_Post-Review
2014-02-09 23:05 - 2014-02-09 23:05 - 00008765 ____N () C:\Users\Pat\Downloads\1_CdTe (7).hmr
 
==================== One Month Modified Files and Folders =======
 
2014-03-11 23:17 - 2014-03-11 23:16 - 00023809 _____ () C:\Users\Pat\Downloads\FRST.txt
2014-03-11 23:16 - 2014-03-11 23:15 - 00000000 ____D () C:\FRST
2014-03-11 23:14 - 2014-03-11 23:14 - 01145856 _____ (Farbar) C:\Users\Pat\Downloads\FRST.exe
2014-03-11 23:00 - 2009-04-19 02:50 - 01940607 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 22:49 - 2006-11-02 06:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 22:47 - 2013-09-03 00:17 - 00000000 ___RD () C:\Users\Pat\Dropbox
2014-03-11 22:47 - 2013-09-03 00:10 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox
2014-03-11 22:45 - 2014-03-04 09:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf37affe30ef10.job
2014-03-11 22:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\tracing
2014-03-11 22:44 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 22:44 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 22:44 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 16:46 - 2006-11-02 08:58 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-11 16:38 - 2006-11-02 08:49 - 00067845 _____ () C:\Windows\setupact.log
2014-03-11 12:36 - 2010-02-10 11:48 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 13:14 - 2014-01-27 15:51 - 00000000 ____D () C:\Users\Pat\Documents\Environmental Data Analysis & Modeling
2014-03-10 13:13 - 2014-03-10 13:13 - 00008405 _____ () C:\Users\Pat\Downloads\Lab_2_In_Class_2014 (1).R
2014-03-10 13:13 - 2014-03-10 13:13 - 00007848 _____ () C:\Users\Pat\Downloads\LAb_6_In_Class.R
2014-03-08 19:36 - 2014-03-08 18:24 - 2811837341 _____ () C:\Users\Pat\Desktop\Bkup_030814_1 2014-03-08 17;20;45 (Full).zip
2014-03-08 18:17 - 2014-03-08 18:16 - 00000046 ____N () C:\Users\Pat\Desktop\Bkup_030814 2014-03-08 17;13;36 (Full).zip
2014-03-08 17:59 - 2014-03-08 17:59 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2014-03-08 17:54 - 2014-03-08 17:53 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\Pat\Downloads\cbSetup.exe
2014-03-08 02:11 - 2006-11-02 08:44 - 00423128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 03:14 - 2014-03-06 01:21 - 00000542 ____N () C:\Users\Pat\Documents\FieldmethHW2.R
2014-03-06 03:07 - 2013-12-08 14:12 - 00001942 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-06 01:47 - 2014-03-06 01:45 - 00000735 ____N () C:\Users\Pat\Documents\refinedQ_FieldMethHW2.csv
2014-03-06 01:28 - 2014-03-06 01:20 - 00030988 ____N () C:\Users\Pat\Documents\Boxplot_discharge_FieldMeth_HW2.jpeg
2014-03-06 00:32 - 2014-03-06 00:32 - 00000836 ____N () C:\Users\Pat\Downloads\Q.csv
2014-03-05 23:09 - 2013-08-15 17:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-05 23:06 - 2006-11-02 06:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-04 12:13 - 2013-11-17 20:13 - 00000000 ____D () C:\Users\Pat\Documents\eQUEST 3-65 Data
2014-03-04 12:13 - 2009-05-30 14:06 - 00000000 ____D () C:\Users\Pat
2014-03-04 12:13 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-03-04 12:13 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-04 12:13 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-03-04 12:13 - 2006-11-02 06:22 - 40370176 _____ () C:\Windows\system32\config\software_previous
2014-03-04 12:13 - 2006-11-02 06:22 - 29884416 _____ () C:\Windows\system32\config\system_previous
2014-03-04 12:07 - 2006-11-02 06:22 - 32505856 _____ () C:\Windows\system32\config\components_previous
2014-03-04 12:07 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-03-04 09:37 - 2011-12-12 00:17 - 00001844 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-04 09:36 - 2011-12-12 00:17 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-04 09:36 - 2011-12-12 00:17 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-04 09:36 - 2011-12-12 00:17 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-04 09:36 - 2011-12-12 00:17 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-03-04 09:36 - 2011-12-12 00:17 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-03-04 09:36 - 2011-12-12 00:16 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-04 09:36 - 2011-12-12 00:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-04 08:42 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-03-04 08:42 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-03-04 02:27 - 2014-03-04 02:27 - 00104410 ____N () C:\Users\Pat\Downloads\pw04.cap
2014-03-04 02:10 - 2014-03-04 02:10 - 00422649 ____N () C:\Users\Pat\Downloads\download (1).htm
2014-03-04 02:10 - 2014-03-04 02:10 - 00422634 ____N () C:\Users\Pat\Downloads\download.htm
2014-03-03 15:47 - 2014-03-03 15:47 - 00010891 ____N () C:\Users\Pat\Downloads\Lab_5_2014_In_Class.R
2014-03-02 23:58 - 2014-03-02 23:58 - 00018447 ____N () C:\Users\Pat\Downloads\Initial_Model-2014-03-02.zip
2014-03-02 23:58 - 2014-03-02 23:58 - 00000000 ____D () C:\Users\Pat\Downloads\Initial_Model-2014-03-02
2014-02-28 02:15 - 2013-11-17 20:13 - 00000000 ____D () C:\Users\Pat\Documents\eQUEST 3-65 Projects
2014-02-27 17:05 - 2009-04-19 02:07 - 00019020 _____ () C:\Windows\DPINST.LOG
2014-02-27 16:52 - 2014-02-25 21:42 - 00000000 ____D () C:\Program Files\AethLabs
2014-02-26 03:32 - 2014-02-10 00:15 - 00000000 ____D () C:\Users\Pat\Documents\HOMER Results_Post-Review
2014-02-26 03:07 - 2014-02-26 03:07 - 00004089 ____N () C:\Users\Pat\Downloads\HOMER Cost Breakdown.xlsx
2014-02-26 01:01 - 2014-02-26 01:01 - 00006218 ____N () C:\Users\Pat\Downloads\1_CPV_1MW.hmr
2014-02-24 16:24 - 2014-02-24 16:24 - 03771478 ____N () C:\Users\Pat\Downloads\chap7-2014-02-24.zip
2014-02-24 16:14 - 2014-02-24 16:14 - 05107162 ____N () C:\Users\Pat\Downloads\Lab4_Vector_Data_Input_Editing (1).rar
2014-02-22 18:46 - 2014-02-21 18:43 - 00000000 ____D () C:\Users\Pat\Downloads\DEEP5 (5)
2014-02-21 18:43 - 2014-02-21 18:43 - 02399022 ____N () C:\Users\Pat\Downloads\DEEP5 (5).zip
2014-02-21 00:55 - 2014-02-19 16:11 - 00006178 ____N () C:\Users\Pat\Documents\Lecture_5_example.R
2014-02-20 16:41 - 2014-02-20 16:39 - 49668247 ____N () C:\Users\Pat\Downloads\Building_Energy_Modeling-2014-02-20.zip
2014-02-20 04:18 - 2014-02-20 04:18 - 07208822 ____N () C:\Users\Pat\Downloads\Lecture-09+Carbon+mineralization+_Park_.pptx
2014-02-17 20:37 - 2014-02-17 20:37 - 00000000 ____D () C:\Users\Pat\Downloads\pete
2014-02-17 20:36 - 2014-02-17 20:36 - 00000000 ____D () C:\Program Files\7-Zip
2014-02-17 20:20 - 2014-02-17 20:20 - 05107162 ____N () C:\Users\Pat\Downloads\Lab4_Vector_Data_Input_Editing.rar
2014-02-17 14:05 - 2014-02-17 14:05 - 00004047 ____N () C:\Users\Pat\Downloads\Lab_4_2014_In_Class (1).R
2014-02-17 14:02 - 2014-02-17 14:02 - 00004047 ____N () C:\Users\Pat\Downloads\Lab_4_2014_In_Class.R
2014-02-17 03:53 - 2014-02-17 03:53 - 00001667 ____N () C:\Users\Pat\Downloads\aaascript.R
2014-02-16 13:26 - 2010-04-22 08:51 - 00000000 ____D () C:\Windows\Minidump
2014-02-16 13:25 - 2008-01-20 23:02 - 00198856 _____ () C:\Windows\PFRO.log
2014-02-13 17:17 - 2014-02-13 17:17 - 01787392 ____N () C:\Users\Pat\Downloads\Lecture2.ppt
2014-02-12 23:40 - 2014-02-12 23:40 - 00337767 ____N () C:\Users\Pat\Downloads\Kaylie PreProposal.zip
2014-02-12 19:16 - 2014-02-12 19:16 - 00004867 ____N () C:\Users\Pat\Downloads\HW1Data.csv
2014-02-12 16:40 - 2014-02-12 16:40 - 00043008 ____N () C:\Users\Pat\Downloads\class2.xls
2014-02-12 15:57 - 2014-02-12 15:57 - 00074752 ____N () C:\Users\Pat\Downloads\class1.xls
2014-02-11 16:07 - 2014-02-11 16:07 - 00004594 ____N () C:\Users\Pat\Downloads\1_CPV (2).hmr
2014-02-10 15:42 - 2014-02-10 15:42 - 00004458 ____N () C:\Users\Pat\Downloads\Lab_3_2014_In_Class.R
2014-02-09 23:05 - 2014-02-09 23:05 - 00008765 ____N () C:\Users\Pat\Downloads\1_CdTe (7).hmr
 
Some content of TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Pat\AppData\Local\Temp\xs6xypnu.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-11 22:49
 
==================== End Of Log ============================
 
 
 
 
And here is the "Addition" file (wasn't sure if you meant copy and paste or to actually attach it):
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2014
Ran by Pat at 2014-03-11 23:17:24
Running from C:\Users\Pat\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 (Disabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
1-2-3PDFConverter (HKLM\...\1-2-3PDFConverter) (Version: 4.1.0.0 - 123PDFConverter)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.183.7 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Links (HKLM\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
AppCore (Version: 2.0.0.79 - Symantec Corporation) Hidden
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
ccCommon (Version: 107.0.5.5 - Symantec) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM\...\CobBackup11) (Version:  - )
Cockatrice (HKLM\...\Cockatrice) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Docx Reader version 1.0 (HKLM\...\{055F11CE-CA33-41AE-9580-C73985941C9D}_is1) (Version: 1.0 - docxreader.com)
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 9704 (Build 2184) - Speedbit Ltd.)
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
eQUEST 3-65 (HKLM\...\{C736C310-ADF0-4D99-8397-478FDDB4D3F9}) (Version: 3.65.16 - JJHirsch)
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HOMER 2.68 beta (HKLM\...\HOMER_is1) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.300 - Oracle)
Java™ 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
LiveUpdate (Symantec Corporation) (HKLM\...\PsuedoLiveUpdate) (Version: 3.4.1.234 - Symantec Corporation)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.238 - Symantec Corporation) Hidden
Malwarebytes' Anti-Malware version 1.51.2.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.51.2.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 18.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 18.0.2 (x86 en-US)) (Version: 18.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0.2 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetZero Internet Access Installer (HKLM\...\{99D518AB-77F2-405B-B52A-18FC22394CF8}) (Version: 1.0.874 - TOSHIBA Corporation)
Norton 360 (Symantec Corporation) (HKLM\...\SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}) (Version: 2.0.0.242 - Symantec Corporation)
Norton 360 (Version: 2.0.0.242 - Symantec Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Symantec Technical Support Controls (Version: 3.5.3 - Symantec Corporation) Hidden
SymNet (Version: 8.0.3.4 - Symantec Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
System Requirements Lab (HKLM\...\{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}) (Version: 4.5.1.0 - Husdawg, LLC)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Desktop Links (HKLM\...\{E1E56B8A-1AAF-422A-91DB-625059FB9863}) (Version: 1.7 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.24 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.24 - TOSHIBA Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2509470) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{EE6BBE8B-DCC9-4A46-BF00-455F3C8ECE69}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (KB2522999) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CC8A81F7-5A36-4DE9-ABB3-5499132062C5}) (Version:  - Microsoft)
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
20-02-2014 08:00:37 Windows Update
22-02-2014 08:00:46 Windows Update
23-02-2014 00:00:07 Scheduled Checkpoint
23-02-2014 08:00:44 Windows Update
24-02-2014 08:00:41 Windows Update
26-02-2014 01:43:50 Device Driver Package Install: FTDI Universal Serial Bus controllers
26-02-2014 01:45:09 Device Driver Package Install: FTDI Ports (COM & LPT)
26-02-2014 08:00:42 Windows Update
27-02-2014 20:53:53 Device Driver Package Install: FTDI Universal Serial Bus controllers
27-02-2014 20:54:40 Device Driver Package Install: FTDI Ports (COM & LPT)
28-02-2014 15:42:42 Scheduled Checkpoint
01-03-2014 08:00:36 Windows Update
02-03-2014 08:00:24 Windows Update
03-03-2014 00:10:40 Scheduled Checkpoint
03-03-2014 08:00:33 Windows Update
04-03-2014 13:15:21 avast! antivirus system restore point
04-03-2014 13:31:27 avast! antivirus system restore point
04-03-2014 13:31:28 Windows Update
06-03-2014 03:05:46 Windows Update
06-03-2014 08:00:23 Windows Update
07-03-2014 08:00:37 Windows Update
08-03-2014 17:55:54 Windows Update
10-03-2014 02:38:04 Windows Update
10-03-2014 07:01:23 Windows Update
11-03-2014 07:00:39 Windows Update
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0E56CB74-19BA-4DCF-81C5-91B55B93F55B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-10] (Google Inc.)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {79084EAD-22E2-4E41-8658-4121EDBCC594} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-04] (AVAST Software)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {B894B037-2A1B-4928-BF09-2AAA8721E425} - System32\Tasks\GoogleUpdateTaskMachineCore1cf37affe30ef10 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-10] (Google Inc.)
Task: {F1499741-8014-4FAE-8F38-87A74F3A8728} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-10] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf37affe30ef10.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-11 16:38 - 2014-03-11 12:06 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031103\algo.dll
2008-03-06 13:14 - 2008-03-06 13:14 - 05121912 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2007-12-15 00:40 - 2007-12-15 00:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-09-30 15:06 - 2006-10-10 14:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 15:03 - 2007-12-25 15:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 14:57 - 2006-10-07 14:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2008-09-30 15:33 - 2010-07-03 07:47 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2013-12-09 08:36 - 2013-12-09 08:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-06 00:32 - 2014-03-01 22:35 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2011-01-17 17:19 - 2011-12-07 04:06 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-03-06 00:32 - 2014-03-01 22:35 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-06 00:32 - 2014-03-01 22:35 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-06 00:32 - 2014-03-01 22:35 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-01-13 10:49 - 2014-01-13 10:49 - 04591616 _____ () C:\Users\Pat\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-01-13 10:49 - 2014-01-13 10:49 - 00112128 _____ () C:\Users\Pat\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/11/2014 10:45:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/08/2014 07:56:30 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6001.18164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b78
Start Time: 01cf3af7200e1659
Termination Time: 0
 
Error: (03/08/2014 06:20:06 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {535c4ff9-80c9-4c94-9803-f33d40849a57}
 
Error: (03/08/2014 06:12:53 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {535c4ff9-80c9-4c94-9803-f33d40849a57}
 
Error: (03/08/2014 01:52:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/08/2014 02:12:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/08/2014 02:10:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/08/2014 02:09:33 AM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (03/06/2014 00:02:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/05/2014 11:00:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (12/27/2013 04:08:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6612.1000. This session lasted 108 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-11 23:16:43.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 23:16:43.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 23:16:43.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 23:16:43.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 23:16:42.821
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 23:16:42.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 23:16:42.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 23:16:42.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-16 12:28:54.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-16 12:28:54.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 76%
Total physical RAM: 1915.25 MB
Available physical RAM: 450.33 MB
Total Pagefile: 4073.78 MB
Available Pagefile: 2319.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.78 MB
 
==================== Drives ================================
 
Drive c: (SQ004890V03) (Fixed) (Total:224.2 GB) (Free:141.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: CA1DE32B)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 

 

 

Thank you!



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 11 March 2014 - 10:48 PM



Hello adambk

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 adambk

adambk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 12 March 2014 - 12:55 AM

Hey,

 

Everything SEEMS fine, as it did sometimes before running these software. The only thing that I noticed was a dialog box that popped up from Malwarebytes' Anti-Malware saying "[Shell_NotifyIcon] Failed to perform desired action." I don't even use that thing.... anyway, here are the logs:

 

 

# AdwCleaner v3.021 - Report created 12/03/2014 at 01:31:33
# Updated 10/03/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 1 (32 bits)
# Username : Pat - PAT-PC
# Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
File Deleted : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4ndu8w7u.default\invalidprefs.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.19088
 
 
-\\ Mozilla Firefox v18.0.2 (en-US)
 
[ File : C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4ndu8w7u.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2670 octets] - [12/03/2014 01:29:58]
AdwCleaner[S0].txt - [2637 octets] - [12/03/2014 01:31:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2697 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by Pat on Wed 03/12/2014 at  1:43:16.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/12/2014 at  1:48:44.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 12 March 2014 - 07:57 AM


Hello adambk

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 15 March 2014 - 07:42 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 adambk

adambk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 17 March 2014 - 03:40 AM

Hi Gringo,

 

I tried running Combofix more than once with no success. First, my computer died in the middle of the process (the charger is messed up and sometimes stops charging). Even so, the scan was taking more than just a few minutes. It was taking a while. Then I charged up the laptop and tried again. I had to delete the output file that was partially created the first time by combofix for it to even get to the scanning part of the process. However, no matter how long i waited, the scanning would never end. In fact, when the message reads that scanning is starting and may take longer than 10 minutes, there seems to be no indication of any scanning take place at all. 

 

So I am not sure how to get it to finish the scan. I will try again now and see if I can fiddle with it. 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 17 March 2014 - 07:52 AM


Hello adambk

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 adambk

adambk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 17 March 2014 - 06:06 PM

Hey Gringo,

 

 

So the scan finished (I think), I rebooted in safe mode, but then nothing happens with combofix. I looked at the combofix folder and there a number of files that seemed to have been produced. Do you know the name of the log file, and might it be in there for me to access? 

 

I did receive messages towards the end of the scan saying something about a rootkit.zeroaccess! infection, which inserted itself into the tcp/ip stack.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 19 March 2014 - 08:24 AM


Hello adambk

I would like to see the report so lets see if we can find the report this way.

Extra Combofix Report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok
  • copy and paste the report into this topic for me to review
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 adambk

adambk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 22 March 2014 - 04:08 AM

Hi,

 

It seems that this file wasn't generated. I am not sure why the program can't complete its scan, but I've given it several tries in safe mode, and it still won't finish the task. I'm sorry for the hassle. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users