Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple instances of dllhost.exe *32 slowing down computer


  • This topic is locked This topic is locked
9 replies to this topic

#1 jennp10

jennp10

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 18 March 2014 - 12:43 PM

I am running windows vista on a toshiba laptop... it has been running very slow for the past few days.  to the point where it won't do anything at all.  i have to keep task manager open and continuously end the dllhost.exe processes to get anything done.  please help.  i read the other posts on here with the same issue, but since you recommended different fixes i figured i'd better create a new post.  thanks! here are the documents from the dds scan.Attached File  attach.txt   13.06KB   0 downloadsAttached File  dds.txt   21.58KB   1 downloads



BC AdBot (Login to Remove)

 


#2 jennp10

jennp10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 18 March 2014 - 12:56 PM

from reading the other posts i also ran the FRST scan. here are the results of that.

 

FRST LOG

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Agere Systems) C:\Program Files\ltmoh\ltmoh.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
() C:\Program Files (x86)\Creative Storage Designer Home Hardware\AUClient.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Agere Systems) C:\Program Files\ltmoh\ltmoh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Twain Working Group) C:\Windows\twunk_32.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Twain Working Group) C:\Windows\twunk_32.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Farbar) C:\Users\Owner\Desktop\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-12-18] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1716008 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [LtMoh] - C:\Program Files\ltmoh\Ltmoh.exe [195112 2007-09-25] (Agere Systems)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1451520 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [UnThreat] - "C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe" -silent
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [422400 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1283384 2009-04-01] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NDSTray.exe] - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [cfFncEnabler.exe] - C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-22] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM-x32\...\Run: [D-Link SharePort] - C:\Program Files (x86)\D-Link\SharePort\SharePort.exe -mini
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\Run: [Google Update*] - [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\RunOnce: [Application Restart #7] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\MountPoints2: {2cb96bd3-43b4-11e1-b408-0026222ef525} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\MountPoints2: {46486ab7-9421-11de-8855-0026222ef525} - F:\LaunchU3.exe -a
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\MountPoints2: {536c40b7-dd86-11e1-97cf-0026222ef525} - D:\iLinker.exe
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\MountPoints2: {723eba70-6da7-11e1-bbdf-0026222ef525} - G:\LaunchU3.exe -a
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\ProgramData\Microsoft\Windows\DRM\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {D9120634-DD0F-4019-99D9-71580BF008C7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM - {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
SearchScopes: HKLM - {D9120634-DD0F-4019-99D9-71580BF008C7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 - DefaultScope {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
SearchScopes: HKLM-x32 - {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
SearchScopes: HKCU - DefaultScope {D9120634-DD0F-4019-99D9-71580BF008C7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
SearchScopes: HKCU - {D9120634-DD0F-4019-99D9-71580BF008C7} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/CA/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/CA/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: HKLM-x32 {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://virtualkitchenshowroom.homedepot.com/VS_EN_CA/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 6 U15) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2013-11-07]
CHR Extension: (VisualBee V.1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoealncnigkgnfjlfakeadlamcmldmka [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-07-23]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]
CHR HKCU\...\Chrome\Extension: [hoealncnigkgnfjlfakeadlamcmldmka] - C:\Users\Owner\AppData\Local\CRE\hoealncnigkgnfjlfakeadlamcmldmka.crx [2013-02-05]
CHR HKLM-x32\...\Chrome\Extension: [hoealncnigkgnfjlfakeadlamcmldmka] - C:\Users\Owner\AppData\Local\CRE\hoealncnigkgnfjlfakeadlamcmldmka.crx [2013-02-05]

==================== Services (Whitelisted) =================

R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 Creative Connectors: Creative Project Planner Home Hardware update permissions manager. 6801.; C:\Program Files (x86)\Creative Storage Designer Home Hardware\AUClient.exe [589824 2011-11-04] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-02-10] (Trusteer Ltd.)
R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\???\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2007-06-18] (LeapFrog)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-12-19] (http://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)
R0 LPCFilter; C:\Windows\SysWOW64\DRIVERS\LPCFilter.sys [32040 2008-05-07] (COMPAL ELECTRONIC INC.)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-12-12] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-02-10] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-02-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-02-10] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [573440 2009-07-09] (Realtek Semiconductor Corporation                           )
S3 U6000ALL; C:\Windows\System32\DRIVERS\dmdcap.sys [276480 2007-06-08] ()
S3 DlinkUDSMBus; SysWOW64\Drivers\DlinkUDSMBus.sys [X]
S1 fbujfugf; \??\C:\Windows\system32\drivers\fbujfugf.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-18 13:45 - 2014-03-18 13:45 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64 (1).exe
2014-03-18 13:36 - 2014-03-18 13:36 - 00022102 _____ () C:\Users\Owner\Desktop\dds.txt
2014-03-18 13:36 - 2014-03-18 13:36 - 00013378 _____ () C:\Users\Owner\Desktop\attach.txt
2014-03-18 13:32 - 2014-03-18 13:32 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-03-18 13:14 - 2014-03-18 13:48 - 00026197 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-03-18 13:14 - 2014-03-18 13:14 - 00036198 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-03-18 13:03 - 2014-03-18 13:13 - 00036198 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-03-18 12:49 - 2014-03-18 13:47 - 00000000 ____D () C:\FRST
2014-03-18 12:49 - 2014-03-18 13:13 - 00043549 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-03-14 20:22 - 2014-03-14 20:22 - 00111104 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Roaming\oipus.dll
2014-03-13 03:03 - 2014-02-23 03:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 03:03 - 2014-02-23 02:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 03:03 - 2014-02-23 02:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 03:03 - 2014-02-23 02:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 03:03 - 2014-02-23 02:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 03:03 - 2014-02-23 02:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 03:03 - 2014-02-23 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 03:03 - 2014-02-23 02:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 03:03 - 2014-02-23 02:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 03:03 - 2014-02-23 02:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 03:03 - 2014-02-23 02:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 03:03 - 2014-02-23 02:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 03:03 - 2014-02-23 02:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 03:03 - 2014-02-23 02:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 03:03 - 2014-02-23 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 03:03 - 2014-02-23 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 03:03 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 03:03 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 03:03 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 03:03 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 03:03 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 03:03 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 03:03 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-13 03:03 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 03:03 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 03:03 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 03:03 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 03:03 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 03:03 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 03:03 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 03:03 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-13 03:03 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 07:30 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 07:30 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 07:30 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 07:30 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 07:30 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 07:30 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-12 07:30 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-02-26 03:58 - 2014-02-26 04:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8701BF82-796C-4D19-BE53-6FF75376AC99}
2014-02-25 15:54 - 2014-02-25 15:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A5B2E829-DFD2-49ED-8927-1094212CE328}
2014-02-24 15:31 - 2014-02-24 15:31 - 00001801 _____ () C:\Users\Public\Desktop\One Touch Video Capture.lnk
2014-02-24 15:31 - 2014-02-24 15:31 - 00000000 ____D () C:\Program Files (x86)\One Touch Video Capture
2014-02-24 15:31 - 2009-12-07 15:37 - 00372736 _____ () C:\Windows\SysWOW64\GTTunerCard.dll
2014-02-24 15:31 - 2009-10-21 18:08 - 00151552 _____ () C:\Windows\SysWOW64\ThumbExtract.dll
2014-02-24 15:31 - 2007-01-06 11:03 - 00270336 _____ () C:\Windows\SysWOW64\lame.ax
2014-02-24 15:31 - 2005-08-13 08:34 - 00151505 _____ (Conexant) C:\Windows\SysWOW64\UYVYCnvt.ax
2014-02-24 15:31 - 2005-05-13 20:20 - 00000144 _____ () C:\Windows\SysWOW64\vssver.scc
2014-02-24 15:31 - 2005-05-11 14:08 - 00005758 _____ () C:\Windows\SysWOW64\N.prx
2014-02-24 15:31 - 2005-02-24 11:17 - 00069632 _____ (GDCL http://www.gdcl.co.uk) C:\Windows\SysWOW64\OvTool.dll
2014-02-24 15:31 - 2004-12-11 15:32 - 00005856 _____ () C:\Windows\SysWOW64\P.prx
2014-02-24 15:31 - 2004-10-14 16:16 - 00053248 _____ (MyCompanyName) C:\Windows\SysWOW64\snap.ax
2014-02-24 15:31 - 2004-09-28 16:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inftee.ax
2014-02-24 15:31 - 2004-09-08 18:39 - 00002618 _____ () C:\Windows\SysWOW64\A.prx
2014-02-24 15:31 - 2004-07-29 03:19 - 00175104 _____ () C:\Windows\SysWOW64\lame_enc.dll
2014-02-24 15:31 - 2004-06-25 15:53 - 00135680 _____ (Honest Technology) C:\Windows\SysWOW64\HTMpegVD.ax
2014-02-24 15:31 - 2004-06-05 17:16 - 00061440 _____ (MyCompanyName) C:\Windows\SysWOW64\TOP10Disp.ax
2014-02-24 15:31 - 2004-05-24 11:34 - 00061440 _____ (Geniatech) C:\Windows\SysWOW64\DispOptim.ax
2014-02-24 15:31 - 2004-05-03 16:39 - 00053248 _____ (Geniatech) C:\Windows\SysWOW64\DownSize.ax
2014-02-24 15:31 - 2004-04-30 23:16 - 00101376 _____ (Honest Technology ) C:\Windows\SysWOW64\HTMpegAD.ax
2014-02-24 15:31 - 2004-01-02 18:30 - 00083456 _____ (Honest Technology) C:\Windows\SysWOW64\htmpeg2enc.ax
2014-02-24 15:31 - 2004-01-02 18:29 - 00339968 _____ (Honest Technology) C:\Windows\SysWOW64\mpeg2enc.dll
2014-02-24 15:31 - 2004-01-01 21:56 - 00114688 _____ (Honest Technology) C:\Windows\SysWOW64\HTMpegTimeshift.ax
2014-02-24 15:31 - 2004-01-01 21:56 - 00053248 _____ (Honest Technology) C:\Windows\SysWOW64\HTFileAsync.ax
2014-02-24 15:31 - 2003-12-16 04:08 - 00057437 _____ (InterVideo Inc.) C:\Windows\SysWOW64\ividownscale.ax
2014-02-24 15:31 - 2003-08-18 10:25 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dump.ax
2014-02-24 15:31 - 2003-04-16 19:00 - 00073728 _____ () C:\Windows\SysWOW64\wavdest.ax
2014-02-24 15:31 - 2002-06-04 15:57 - 00077824 _____ (honest Technology) C:\Windows\SysWOW64\htdeinterlacer.ax
2014-02-24 15:31 - 2002-01-22 11:26 - 00053248 _____ (honest technology) C:\Windows\SysWOW64\ht_invert.ax
2014-02-24 15:31 - 2001-09-21 01:00 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4c32.dll
2014-02-24 15:31 - 2001-09-21 01:00 - 00239888 _____ (Microcrap Corporation) C:\Windows\SysWOW64\MPG4ds32.ax
2014-02-24 15:29 - 2014-02-24 15:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diamond One Touch Video Capture Software
2014-02-24 15:29 - 2014-02-24 15:29 - 00000000 ____D () C:\Program Files (x86)\Diamond One Touch Video Capture Software
2014-02-24 15:20 - 2014-02-24 15:21 - 00000000 ____D () C:\Program Files (x86)\Mydrv
2014-02-24 15:20 - 2007-06-08 01:06 - 00276480 _____ () C:\Windows\system32\Drivers\dmdcap.sys
2014-02-20 21:27 - 2014-02-20 21:27 - 00033745 _____ () C:\WindowsHvc_____.pfb
2014-02-20 09:55 - 2014-01-22 10:34 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2014-02-20 09:53 - 2014-02-20 11:14 - 00000000 ____D () C:\Program Files (x86)\UnThreat AntiVirus
2014-02-20 09:52 - 2014-02-20 09:53 - 00971184 _____ (Scandium Security Inc.) C:\Users\Owner\Downloads\UnThreatFreeSetup.exe
2014-02-18 22:25 - 2014-02-18 22:25 - 00000156 _____ () C:\Users\Owner\Desktop\Network_Security_Settings.txt
2014-02-18 13:28 - 2014-02-18 13:29 - 00274416 _____ () C:\Windows\Minidump\Mini021814-01.dmp
2014-02-16 11:34 - 2014-02-16 11:37 - 00025376 _____ () C:\Users\Owner\Downloads\Tigger.ttf

==================== One Month Modified Files and Folders =======

2014-03-18 13:48 - 2014-03-18 13:14 - 00026197 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-03-18 13:47 - 2014-03-18 12:49 - 00000000 ____D () C:\FRST
2014-03-18 13:45 - 2014-03-18 13:45 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64 (1).exe
2014-03-18 13:37 - 2009-08-11 11:48 - 01672229 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 13:36 - 2014-03-18 13:36 - 00022102 _____ () C:\Users\Owner\Desktop\dds.txt
2014-03-18 13:36 - 2014-03-18 13:36 - 00013378 _____ () C:\Users\Owner\Desktop\attach.txt
2014-03-18 13:32 - 2014-03-18 13:32 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-03-18 13:29 - 2011-05-07 11:01 - 00003698 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D49568AD-E5B2-4C22-8B97-639F5A800136}
2014-03-18 13:23 - 2006-11-02 08:46 - 00763480 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 13:17 - 2013-06-13 11:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 13:16 - 2010-09-15 09:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 13:16 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 13:16 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 13:16 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 13:14 - 2014-03-18 13:14 - 00036198 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-03-18 13:13 - 2014-03-18 13:03 - 00036198 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-03-18 13:13 - 2014-03-18 12:49 - 00043549 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-03-18 12:59 - 2009-10-18 15:56 - 00001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-03-18 12:08 - 2013-07-24 23:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 12:02 - 2009-09-12 09:13 - 00002569 _____ () C:\Users\Owner\Desktop\Microsoft Office Excel 2007.lnk
2014-03-18 11:57 - 2010-09-15 09:57 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 14:26 - 2006-11-02 08:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-16 13:12 - 2013-07-22 22:38 - 00001996 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 12:10 - 2006-11-02 11:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-14 20:22 - 2014-03-14 20:22 - 00111104 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Roaming\oipus.dll
2014-03-14 20:22 - 2009-08-26 07:39 - 00000000 ____D () C:\Users\Owner
2014-03-14 10:36 - 2006-11-02 11:42 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-13 10:01 - 2013-11-13 15:42 - 00024172 _____ () C:\Users\Owner\Desktop\pc financial main.xlsx
2014-03-13 03:47 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-03-13 03:29 - 2006-11-02 11:21 - 00431472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:24 - 2010-11-06 10:07 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-12 13:17 - 2013-06-13 11:52 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 13:17 - 2013-04-11 15:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:17 - 2013-04-11 15:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 12:34 - 2009-08-26 20:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-03-12 12:34 - 2009-08-26 07:40 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-27 20:46 - 2009-09-12 09:13 - 00002611 _____ () C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
2014-02-26 04:00 - 2014-02-26 03:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8701BF82-796C-4D19-BE53-6FF75376AC99}
2014-02-25 18:13 - 2009-10-11 09:05 - 00015872 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-25 15:57 - 2014-02-25 15:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A5B2E829-DFD2-49ED-8927-1094212CE328}
2014-02-25 15:57 - 2010-10-24 09:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-02-24 15:31 - 2014-02-24 15:31 - 00001801 _____ () C:\Users\Public\Desktop\One Touch Video Capture.lnk
2014-02-24 15:31 - 2014-02-24 15:31 - 00000000 ____D () C:\Program Files (x86)\One Touch Video Capture
2014-02-24 15:31 - 2009-05-08 04:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-24 15:29 - 2014-02-24 15:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diamond One Touch Video Capture Software
2014-02-24 15:29 - 2014-02-24 15:29 - 00000000 ____D () C:\Program Files (x86)\Diamond One Touch Video Capture Software
2014-02-24 15:21 - 2014-02-24 15:20 - 00000000 ____D () C:\Program Files (x86)\Mydrv
2014-02-23 21:41 - 2013-11-12 13:44 - 00000000 ____D () C:\Users\Owner\Desktop\print for bedroom photo wall
2014-02-23 03:12 - 2014-03-13 03:03 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 02:54 - 2014-03-13 03:03 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 02:52 - 2014-03-13 03:03 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 02:48 - 2014-03-13 03:03 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 02:48 - 2014-03-13 03:03 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 02:46 - 2014-03-13 03:03 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 02:46 - 2014-03-13 03:03 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 02:46 - 2014-03-13 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 02:45 - 2014-03-13 03:03 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 02:45 - 2014-03-13 03:03 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 02:45 - 2014-03-13 03:03 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 02:44 - 2014-03-13 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 02:44 - 2014-03-13 03:03 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 02:44 - 2014-03-13 03:03 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 02:44 - 2014-03-13 03:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 02:43 - 2014-03-13 03:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 01:50 - 2014-03-13 03:03 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 01:47 - 2014-03-13 03:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 01:43 - 2014-03-13 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 01:41 - 2014-03-13 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 01:40 - 2014-03-13 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 01:39 - 2014-03-13 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-23 01:38 - 2014-03-13 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-23 01:38 - 2014-03-13 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-23 01:38 - 2014-03-13 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 01:37 - 2014-03-13 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 01:37 - 2014-03-13 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 01:37 - 2014-03-13 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 01:37 - 2014-03-13 03:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-23 01:36 - 2014-03-13 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 01:36 - 2014-03-13 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-23 01:35 - 2014-03-13 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-22 16:18 - 2009-08-26 22:17 - 00000692 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2014-02-20 21:27 - 2014-02-20 21:27 - 00033745 _____ () C:\WindowsHvc_____.pfb
2014-02-20 11:22 - 2008-01-20 23:26 - 00249084 _____ () C:\Windows\PFRO.log
2014-02-20 11:14 - 2014-02-20 09:53 - 00000000 ____D () C:\Program Files (x86)\UnThreat AntiVirus
2014-02-20 09:53 - 2014-02-20 09:52 - 00971184 _____ (Scandium Security Inc.) C:\Users\Owner\Downloads\UnThreatFreeSetup.exe
2014-02-20 09:46 - 2011-01-31 13:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-18 22:27 - 2009-08-26 07:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-02-18 22:25 - 2014-02-18 22:25 - 00000156 _____ () C:\Users\Owner\Desktop\Network_Security_Settings.txt
2014-02-18 22:23 - 2010-05-31 11:44 - 00000000 ____D () C:\Program Files (x86)\D-Link
2014-02-18 13:29 - 2014-02-18 13:28 - 00274416 _____ () C:\Windows\Minidump\Mini021814-01.dmp
2014-02-18 13:28 - 2009-08-30 20:06 - 00000000 ____D () C:\Windows\Minidump
2014-02-18 13:28 - 2009-08-30 20:05 - 465426539 _____ () C:\Windows\MEMORY.DMP
2014-02-16 12:02 - 2009-08-26 07:40 - 00123184 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-16 11:37 - 2014-02-16 11:34 - 00025376 _____ () C:\Users\Owner\Downloads\Tigger.ttf
ZeroAccess:
C:\Users\Owner\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Alureon:
C:\Users\Owner\AppData\Local\Temp\scvwpdd\sqinmsx\wow.dll

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Owner\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Owner\AppData\Local\Temp\fvxsaile.exe
C:\Users\Owner\AppData\Local\Temp\GetCC.dll
C:\Users\Owner\AppData\Local\Temp\ICReinstall_PDFCreatorSetup.exe
C:\Users\Owner\AppData\Local\Temp\jna2008542654645873700.dll
C:\Users\Owner\AppData\Local\Temp\jna6277517275292719784.dll
C:\Users\Owner\AppData\Local\Temp\jna6431662741521009873.dll
C:\Users\Owner\AppData\Local\Temp\KoboSetup.exe
C:\Users\Owner\AppData\Local\Temp\LimeWireWin.exe
C:\Users\Owner\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Owner\AppData\Local\Temp\mhe1.exe
C:\Users\Owner\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Owner\AppData\Local\Temp\MSN8109.exe
C:\Users\Owner\AppData\Local\Temp\nos_uninstall_Adobe.dll
C:\Users\Owner\AppData\Local\Temp\SavingsVault-rev.exe
C:\Users\Owner\AppData\Local\Temp\SendMsg.dll
C:\Users\Owner\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Owner\AppData\Local\Temp\tbVisu.dll
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_7c390e70.exe
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_d99504cb.exe
C:\Users\Owner\AppData\Local\Temp\Update_Permissions_AUClient.exe
C:\Users\Owner\AppData\Local\Temp\vbmz6.exe
C:\Users\Owner\AppData\Local\Temp\_is5509.exe
C:\Users\Owner\AppData\Local\Temp\_is77E6.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-18 13:22

==================== End Of Log ============================

 

ADDITION LOG

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Owner at 2014-03-18 13:49:32
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{76EA46DB-14BD-43CB-92CD-F25CE66D5279}) (Version: 0.8.35 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Storage Designer Home Hardware 1.2 (HKLM-x32\...\{AA9C0D68-A8D7-452C-A351-CC2C94DC1DA5}_is1) (Version:  - Creative Connectors, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Diamond One Touch Video Capture Software (HKLM-x32\...\Diamond One Touch Video Capture Software) (Version: 15.0.498.0 - Diamond Multimedia)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iPhone Configuration Utility (HKLM-x32\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}) (Version: 10.5.3.3 - Apple Inc.)
Java™ 6 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java™ 6 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.1.6 - Kobo Inc.)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)
LeapFrog Connect (x32 Version: 5.2.4.18506 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
LightScribe  1.4.124.1 (x32 Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{A336F8B0-7ADD-48E8-98A2-296040C1EC3F}) (Version: 3.1.3.0 - Apple Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My TOSHIBA (HKLM-x32\...\{AE8FFD41-8BFC-47D3-829E-77D23BFF09FF}) (Version: 2.0.0.0 - TOSHIBA)
One Touch Video Capture (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 1.00.0000 - One Touch Video Capture)
PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)
Quicken 2012 (HKLM-x32\...\{0D1414C8-9B0B-4146-BD87-8163E9114F88}) (Version: 21.1.2.14 - Intuit)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Rapport (Version: 3.5.1205.18 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1304.48 - Trusteer) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM-x32\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0003 - Realtek)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SPIF225 USB to SATA Bridge 98 Driver Installer (HKLM-x32\...\{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}) (Version: 1.0.0.0 - Sunplus Technology Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.0.2.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.0.2.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.0.2.64 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.0.4.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.0.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.64.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.0.64.0 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.0.64.0 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version:  - )
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.00 - TOSHIBA Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.1.64 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version:  - Agere Systems)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.8.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.48 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
Utility Common Driver (x32 Version: 1.0.50.22C - TOSHIBA) Hidden
VC500 Driver (HKLM-x32\...\{DA71A94B-3617-4935-8BBE-1566B2174C95}) (Version: 1.00.0000 - My Company Name)
VoiceOver Kit (HKLM-x32\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

01-03-2014 05:00:08 Scheduled Checkpoint
02-03-2014 05:00:01 Scheduled Checkpoint
04-03-2014 12:08:01 Windows Update
05-03-2014 05:00:01 Scheduled Checkpoint
06-03-2014 05:00:02 Scheduled Checkpoint
07-03-2014 05:00:01 Scheduled Checkpoint
08-03-2014 05:00:02 Scheduled Checkpoint
09-03-2014 08:53:46 Scheduled Checkpoint
10-03-2014 12:26:25 Scheduled Checkpoint
11-03-2014 11:06:23 Windows Update
12-03-2014 12:03:05 Scheduled Checkpoint
13-03-2014 07:00:17 Windows Update
14-03-2014 04:00:12 Scheduled Checkpoint
14-03-2014 19:01:49 Scheduled Checkpoint
16-03-2014 17:13:07 Windows Defender Checkpoint
16-03-2014 18:20:35 Windows Update

==================== Hosts content: ==========================

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0332D221-10B6-4472-B01A-49B55EEC4BCC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {3B72A2D5-06C5-45E5-B311-F04F7DB6A541} - System32\Tasks\VisualBeeRecovery => C:\Users\Owner\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe
Task: {40BD2981-0499-4362-B9EE-F07DA4DC109E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7B7B3F08-4BED-4468-9747-1C4F2D7CF837} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15] (Google Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {85AAF646-EA64-4BC0-8356-AEE4F43BA58A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15] (Google Inc.)
Task: {9A0CF885-A831-4EC9-9D16-65655788D8F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {A969FC72-F465-4385-8DDE-E9796A0DA8B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CDA94FAD-62C9-4DFF-90C1-7A94B7428F9E} - \{BB65B0FB-5712-401b-B616-E69AC55E2757} No Task File
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-08-26 17:46 - 2006-10-06 07:27 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
2010-08-26 19:59 - 2007-02-28 03:53 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbkpp6c.dll
2010-05-31 12:17 - 2007-02-20 07:30 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbapp6c.dll
2009-03-07 16:15 - 2009-03-07 16:15 - 06986552 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-07-14 13:35 - 2008-07-14 13:35 - 00107832 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-05-08 04:04 - 2007-04-23 12:09 - 00016896 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2007-04-25 00:47 - 2007-04-25 00:47 - 00012288 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-02-10 15:32 - 2009-02-10 15:32 - 00076288 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-10-21 13:00 - 2011-11-04 11:32 - 00589824 _____ () C:\Program Files (x86)\Creative Storage Designer Home Hardware\AUClient.exe
2010-11-06 10:07 - 2009-09-08 17:12 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-06-02 19:56 - 2014-02-13 19:48 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2014 01:31:14 PM) (Source: Application Hang) (User: )
Description: The program rundll32.exe version 6.0.6000.16386 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a28
Start Time: 01cf42cfb5b7676f
Termination Time: 7

Error: (03/18/2014 01:17:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2014 01:04:35 PM) (Source: Outlook) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error: (03/18/2014 01:04:35 PM) (Source: Outlook) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.

Error: (03/18/2014 01:04:28 PM) (Source: Outlook) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error: (03/18/2014 01:04:28 PM) (Source: Outlook) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.

Error: (03/18/2014 00:45:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2014 00:44:38 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (03/18/2014 11:54:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2014 01:13:01 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7a9f0859-e197-4245-8e63-2ae81acd4e04}

System errors:
=============
Error: (03/18/2014 01:18:43 PM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Canon iP2700 series with shared resource name Canon iP2700 series. Error 1. The printer cannot be used by others on the network.

Error: (03/18/2014 01:18:43 PM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Quicken PDF Printer with shared resource name Quicken PDF Printer. Error 1. The printer cannot be used by others on the network.

Error: (03/18/2014 01:18:17 PM) (Source: DCOM) (User: )
Description: {7F6316B4-4D69-4765-B0A3-B2598F2FA80A}

Error: (03/18/2014 01:17:18 PM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (03/18/2014 00:49:03 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/18/2014 00:45:11 PM) (Source: Service Control Manager) (User: )
Description: spldr
Wanarpv6

Error: (03/18/2014 00:45:11 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (03/18/2014 00:45:05 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/18/2014 00:44:38 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/18/2014 00:44:23 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:
=========================
Error: (12/09/2013 11:01:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 223 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-03-18 13:48:37.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-18 13:48:36.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-18 13:48:35.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-18 13:48:34.675
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-18 13:48:33.779
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-18 13:48:33.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-18 13:48:32.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-18 13:48:31.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-18 13:48:30.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKE64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-18 13:48:29.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKE64.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 78%
Total physical RAM: 2936.06 MB
Available physical RAM: 621.38 MB
Total Pagefile: 6088.34 MB
Available Pagefile: 3250.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (S3A7066D004) (Fixed) (Total:210.4 GB) (Free:47.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:9.78 GB) (Free:8.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: E766E766)

Partition: GPT Partition Type.

==================== End Of Log ============================



#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 18 March 2014 - 01:29 PM

Hello,

please run a scan with MBAR:


Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


#4 jennp10

jennp10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 18 March 2014 - 09:01 PM

Thanks!  Below are the results.  dllhost.exe is no longer in my processes list, computer is back to normal (probably better!)

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.18.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: TOSHIBAL500 [limited]

18/03/2014 2:43:26 PM
mbar-log-2014-03-18 (14-43-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 288137
Time elapsed: 3 hour(s), 41 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKLM\SOFTWARE\CLASSES\TYPELIB\{9233C3C0-1472-4091-A505-5580A23BB4AC} (Trojan.FakeAlert) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9233C3C0-1472-4091-A505-5580A23BB4AC} (Trojan.FakeAlert) -> Delete on reboot.
HKCU\SOFTWARE\PopRock (Trojan.Downloader) -> Delete on reboot.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\XML.XML (Trojan.FakeAlert) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\XML.XML.1 (Trojan.FakeAlert) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\XML.XML (Trojan.FakeAlert) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\XML.XML.1 (Trojan.FakeAlert) -> Delete on reboot.

Registry Values Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^‮❤ (Trojan.Zaccess) -> Data:  -> Delete on reboot.

Registry Data Items Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Hijack.SHELL32) -> Bad: (\\?\globalroot\Device\HarddiskVolume2\ProgramData\Microsoft\Windows\DRM\wow.dll) Good: (SHELL32.dll) -> Replace on reboot.

Folders Detected: 14
C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙ (Trojan.0Access) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ (Trojan.0Access) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96} (Trojan.0Access) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\L (Trojan.0Access) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\U (Trojan.0Access) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96} (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\    (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \... (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\‮ﯹ๛ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96} (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\l (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\u (Trojan.0Access) -> Delete on reboot.
C:\Program Files (x86)\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96} (Trojan.0Access) -> Delete on reboot.

Files Detected: 11
C:\Users\Owner\AppData\Roaming\oipus.dll (Trojan.Ransom.BNOGen) -> Delete on reboot.
C:\Users\Owner\AppData\Roaming\Adobe\acupx217.dll (TRojan.FakeMS) -> Delete on reboot.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe (TRojan.FakeMS) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_7c390e70.exe (Trojan.Zbot.RH) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_d99504cb.exe (Trojan.Agent.ED) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Temp\ICReinstall_PDFCreatorSetup.exe (Adware.Agent) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Temp\fvxsaile.exe (Trojan.Agent.ED) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Temp\GetCC.dll (MSIL.Solimba) -> Delete on reboot.
C:\Windows\Temp\UpdE213.tmp (Trojan.Agent.ED) -> Delete on reboot.
C:\Users\Owner\Downloads\Setup (1).exe (Adware.IBryte) -> Delete on reboot.
C:\Users\Owner\Downloads\Setup.exe (Adware.IBryte) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Non-administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_15

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3078680576, free: 1244377088

Downloaded database version: v2014.03.18.07
Downloaded database version: v2014.02.20.01
Initializing...
======================
------------ Kernel report ------------
     03/18/2014 14:43:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\system32\DRIVERS\rtl819xp.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\rtlprot.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800368b610
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8003292050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800368b610, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800502bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800368b610, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8003292050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E766E766

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 441247744
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 444321792  Numsec = 23566336
    Partition is not bootable
Hidden partition VBR is not infected.

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 467888128  Numsec = 20508672

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{9233C3C0-1472-4091-A505-5580A23BB4AC} --> [Trojan.FakeAlert]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9233C3C0-1472-4091-A505-5580A23BB4AC} --> [Trojan.FakeAlert]
Infected: C:\Users\Owner\AppData\Roaming\oipus.dll --> [Trojan.Ransom.BNOGen]
Infected: C:\Users\Owner\AppData\Roaming\Adobe\acupx217.dll --> [TRojan.FakeMS]
Infected: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe --> [TRojan.FakeMS]
Infected: C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_7c390e70.exe --> [Trojan.Zbot.RH]
Infected: C:\Users\Owner\AppData\Local\Temp\UpdateFlashPlayer_d99504cb.exe --> [Trojan.Agent.ED]
Infected: C:\Users\Owner\AppData\Local\Temp\ICReinstall_PDFCreatorSetup.exe --> [Adware.Agent]
Infected: C:\Users\Owner\AppData\Local\Temp\fvxsaile.exe --> [Trojan.Agent.ED]
Infected: C:\Users\Owner\AppData\Local\Temp\GetCC.dll --> [MSIL.Solimba]
Infected: C:\Windows\Temp\UpdE213.tmp --> [Trojan.Agent.ED]
Infected: C:\Users\Owner\Downloads\Setup (1).exe --> [Adware.IBryte]
Infected: C:\Users\Owner\Downloads\Setup.exe --> [Adware.IBryte]
Infected: HKCU\SOFTWARE\PopRock --> [Trojan.Downloader]
Infected: HKCU\SOFTWARE\XML --> [Trojan.FakeAlert]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel --> [Hijack.ControlPanelStyle]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^‮❤ --> [Trojan.Zaccess]
Infected: HKLM\SOFTWARE\CLASSES\XML.XML --> [Trojan.FakeAlert]
Infected: HKLM\SOFTWARE\CLASSES\XML.XML.1 --> [Trojan.FakeAlert]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\XML.XML --> [Trojan.FakeAlert]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\XML.XML.1 --> [Trojan.FakeAlert]
Infected: C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96} --> [Trojan.0Access]
Infected: C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\L --> [Trojan.0Access]
Infected: C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\U --> [Trojan.0Access]
Infected: C:\Users\Owner\AppData\Local\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\    --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\l --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\‮ﯹ๛\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\u --> [Trojan.0Access]
Infected: C:\Program Files (x86)\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96} --> [Trojan.0Access]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Hijack.SHELL32]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

 



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 19 March 2014 - 05:21 AM

Ok, now please run FRST again:


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#6 jennp10

jennp10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 19 March 2014 - 08:07 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Owner (administrator) on TOSHIBAL500 on 19-03-2014 08:42:26
Running from C:\Users\Owner\Desktop\Malware Removal - 2014-03-18
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
() C:\Program Files (x86)\Creative Storage Designer Home Hardware\AUClient.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Agere Systems) C:\Program Files\ltmoh\ltmoh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Owner\Desktop\Malware Removal - 2014-03-18\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-12-18] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1716008 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [LtMoh] - C:\Program Files\ltmoh\Ltmoh.exe [195112 2007-09-25] (Agere Systems)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1451520 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [UnThreat] - "C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe" -silent
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [422400 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1283384 2009-04-01] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NDSTray.exe] - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [cfFncEnabler.exe] - C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-22] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM-x32\...\Run: [D-Link SharePort] - C:\Program Files (x86)\D-Link\SharePort\SharePort.exe -mini
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [152064 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\RunOnce: [Application Restart #7] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\MountPoints2: {2cb96bd3-43b4-11e1-b408-0026222ef525} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\MountPoints2: {46486ab7-9421-11de-8855-0026222ef525} - F:\LaunchU3.exe -a
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\MountPoints2: {536c40b7-dd86-11e1-97cf-0026222ef525} - D:\iLinker.exe
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...\MountPoints2: {723eba70-6da7-11e1-bbdf-0026222ef525} - G:\LaunchU3.exe -a
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/CA/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/CA/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 6 U15) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (20-20 3D Viewer for Virtual Studio) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc [2013-11-07]
CHR Extension: (VisualBee V.1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoealncnigkgnfjlfakeadlamcmldmka [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-07-23]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]
CHR HKCU\...\Chrome\Extension: [hoealncnigkgnfjlfakeadlamcmldmka] - C:\Users\Owner\AppData\Local\CRE\hoealncnigkgnfjlfakeadlamcmldmka.crx [2013-02-05]
CHR HKLM-x32\...\Chrome\Extension: [hoealncnigkgnfjlfakeadlamcmldmka] - C:\Users\Owner\AppData\Local\CRE\hoealncnigkgnfjlfakeadlamcmldmka.crx [2013-02-05]
 
==================== Services (Whitelisted) =================
 
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 Creative Connectors: Creative Project Planner Home Hardware update permissions manager. 6801.; C:\Program Files (x86)\Creative Storage Designer Home Hardware\AUClient.exe [589824 2011-11-04] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-02-10] (Trusteer Ltd.)
R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)
U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\???\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2007-06-18] (LeapFrog)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-12-19] (http://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)
R0 LPCFilter; C:\Windows\SysWOW64\DRIVERS\LPCFilter.sys [32040 2008-05-07] (COMPAL ELECTRONIC INC.)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-12-12] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-02-10] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-02-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-02-10] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [573440 2009-07-09] (Realtek Semiconductor Corporation                           )
S3 U6000ALL; C:\Windows\System32\DRIVERS\dmdcap.sys [276480 2007-06-08] ()
S3 DlinkUDSMBus; SysWOW64\Drivers\DlinkUDSMBus.sys [X]
S1 fbujfugf; \??\C:\Windows\system32\drivers\fbujfugf.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-18 22:02 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Owner\Desktop\Malware Removal - 2014-03-18
2014-03-18 14:43 - 2014-03-18 21:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-18 14:43 - 2014-03-18 14:43 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 14:43 - 2014-03-18 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 14:41 - 2014-03-18 14:41 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 13:03 - 2014-03-18 13:13 - 00036198 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-03-18 12:49 - 2014-03-19 08:42 - 00000000 ____D () C:\FRST
2014-03-18 12:49 - 2014-03-18 13:13 - 00043549 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-03-13 03:03 - 2014-02-23 03:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 03:03 - 2014-02-23 02:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 03:03 - 2014-02-23 02:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 03:03 - 2014-02-23 02:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 03:03 - 2014-02-23 02:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 03:03 - 2014-02-23 02:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 03:03 - 2014-02-23 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 03:03 - 2014-02-23 02:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 03:03 - 2014-02-23 02:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 03:03 - 2014-02-23 02:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 03:03 - 2014-02-23 02:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 03:03 - 2014-02-23 02:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 03:03 - 2014-02-23 02:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 03:03 - 2014-02-23 02:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 03:03 - 2014-02-23 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 03:03 - 2014-02-23 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 03:03 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 03:03 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 03:03 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 03:03 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 03:03 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 03:03 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 03:03 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-13 03:03 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 03:03 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 03:03 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 03:03 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 03:03 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 03:03 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 03:03 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 03:03 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-13 03:03 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 07:30 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 07:30 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 07:30 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 07:30 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 07:30 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 07:30 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-12 07:30 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-02-26 03:58 - 2014-02-26 04:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8701BF82-796C-4D19-BE53-6FF75376AC99}
2014-02-25 15:54 - 2014-02-25 15:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A5B2E829-DFD2-49ED-8927-1094212CE328}
2014-02-24 15:31 - 2014-02-24 15:31 - 00001801 _____ () C:\Users\Public\Desktop\One Touch Video Capture.lnk
2014-02-24 15:31 - 2014-02-24 15:31 - 00000000 ____D () C:\Program Files (x86)\One Touch Video Capture
2014-02-24 15:31 - 2009-12-07 15:37 - 00372736 _____ () C:\Windows\SysWOW64\GTTunerCard.dll
2014-02-24 15:31 - 2009-10-21 18:08 - 00151552 _____ () C:\Windows\SysWOW64\ThumbExtract.dll
2014-02-24 15:31 - 2007-01-06 11:03 - 00270336 _____ () C:\Windows\SysWOW64\lame.ax
2014-02-24 15:31 - 2005-08-13 08:34 - 00151505 _____ (Conexant) C:\Windows\SysWOW64\UYVYCnvt.ax
2014-02-24 15:31 - 2005-05-13 20:20 - 00000144 _____ () C:\Windows\SysWOW64\vssver.scc
2014-02-24 15:31 - 2005-05-11 14:08 - 00005758 _____ () C:\Windows\SysWOW64\N.prx
2014-02-24 15:31 - 2005-02-24 11:17 - 00069632 _____ (GDCL http://www.gdcl.co.uk) C:\Windows\SysWOW64\OvTool.dll
2014-02-24 15:31 - 2004-12-11 15:32 - 00005856 _____ () C:\Windows\SysWOW64\P.prx
2014-02-24 15:31 - 2004-10-14 16:16 - 00053248 _____ (MyCompanyName) C:\Windows\SysWOW64\snap.ax
2014-02-24 15:31 - 2004-09-28 16:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inftee.ax
2014-02-24 15:31 - 2004-09-08 18:39 - 00002618 _____ () C:\Windows\SysWOW64\A.prx
2014-02-24 15:31 - 2004-07-29 03:19 - 00175104 _____ () C:\Windows\SysWOW64\lame_enc.dll
2014-02-24 15:31 - 2004-06-25 15:53 - 00135680 _____ (Honest Technology) C:\Windows\SysWOW64\HTMpegVD.ax
2014-02-24 15:31 - 2004-06-05 17:16 - 00061440 _____ (MyCompanyName) C:\Windows\SysWOW64\TOP10Disp.ax
2014-02-24 15:31 - 2004-05-24 11:34 - 00061440 _____ (Geniatech) C:\Windows\SysWOW64\DispOptim.ax
2014-02-24 15:31 - 2004-05-03 16:39 - 00053248 _____ (Geniatech) C:\Windows\SysWOW64\DownSize.ax
2014-02-24 15:31 - 2004-04-30 23:16 - 00101376 _____ (Honest Technology ) C:\Windows\SysWOW64\HTMpegAD.ax
2014-02-24 15:31 - 2004-01-02 18:30 - 00083456 _____ (Honest Technology) C:\Windows\SysWOW64\htmpeg2enc.ax
2014-02-24 15:31 - 2004-01-02 18:29 - 00339968 _____ (Honest Technology) C:\Windows\SysWOW64\mpeg2enc.dll
2014-02-24 15:31 - 2004-01-01 21:56 - 00114688 _____ (Honest Technology) C:\Windows\SysWOW64\HTMpegTimeshift.ax
2014-02-24 15:31 - 2004-01-01 21:56 - 00053248 _____ (Honest Technology) C:\Windows\SysWOW64\HTFileAsync.ax
2014-02-24 15:31 - 2003-12-16 04:08 - 00057437 _____ (InterVideo Inc.) C:\Windows\SysWOW64\ividownscale.ax
2014-02-24 15:31 - 2003-08-18 10:25 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dump.ax
2014-02-24 15:31 - 2003-04-16 19:00 - 00073728 _____ () C:\Windows\SysWOW64\wavdest.ax
2014-02-24 15:31 - 2002-06-04 15:57 - 00077824 _____ (honest Technology) C:\Windows\SysWOW64\htdeinterlacer.ax
2014-02-24 15:31 - 2002-01-22 11:26 - 00053248 _____ (honest technology) C:\Windows\SysWOW64\ht_invert.ax
2014-02-24 15:31 - 2001-09-21 01:00 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4c32.dll
2014-02-24 15:31 - 2001-09-21 01:00 - 00239888 _____ (Microcrap Corporation) C:\Windows\SysWOW64\MPG4ds32.ax
2014-02-24 15:29 - 2014-02-24 15:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diamond One Touch Video Capture Software
2014-02-24 15:29 - 2014-02-24 15:29 - 00000000 ____D () C:\Program Files (x86)\Diamond One Touch Video Capture Software
2014-02-24 15:20 - 2014-02-24 15:21 - 00000000 ____D () C:\Program Files (x86)\Mydrv
2014-02-24 15:20 - 2007-06-08 01:06 - 00276480 _____ () C:\Windows\system32\Drivers\dmdcap.sys
2014-02-20 21:27 - 2014-02-20 21:27 - 00033745 _____ () C:\WindowsHvc_____.pfb
2014-02-20 09:55 - 2014-01-22 10:34 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2014-02-20 09:53 - 2014-02-20 11:14 - 00000000 ____D () C:\Program Files (x86)\UnThreat AntiVirus
2014-02-20 09:52 - 2014-02-20 09:53 - 00971184 _____ (Scandium Security Inc.) C:\Users\Owner\Downloads\UnThreatFreeSetup.exe
2014-02-18 22:25 - 2014-02-18 22:25 - 00000156 _____ () C:\Users\Owner\Desktop\Network_Security_Settings.txt
2014-02-18 13:28 - 2014-02-18 13:29 - 00274416 _____ () C:\Windows\Minidump\Mini021814-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-03-19 08:42 - 2014-03-18 22:02 - 00000000 ____D () C:\Users\Owner\Desktop\Malware Removal - 2014-03-18
2014-03-19 08:42 - 2014-03-18 12:49 - 00000000 ____D () C:\FRST
2014-03-19 08:37 - 2011-05-07 11:01 - 00003698 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D49568AD-E5B2-4C22-8B97-639F5A800136}
2014-03-19 08:17 - 2013-06-13 11:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-19 07:56 - 2010-09-15 09:57 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 07:19 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 07:19 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 03:00 - 2009-08-11 11:48 - 01686041 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 22:13 - 2009-09-12 09:13 - 00002569 _____ () C:\Users\Owner\Desktop\Microsoft Office Excel 2007.lnk
2014-03-18 21:56 - 2010-09-15 09:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 21:26 - 2006-11-02 08:46 - 00763670 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 21:22 - 2006-11-02 11:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-18 21:20 - 2014-03-18 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-18 21:19 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 21:18 - 2009-08-26 20:57 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-03-18 21:18 - 2008-01-20 23:26 - 00257004 _____ () C:\Windows\PFRO.log
2014-03-18 21:18 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\tapi
2014-03-18 21:17 - 2006-11-02 11:42 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-18 18:48 - 2009-08-26 07:40 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 14:43 - 2014-03-18 14:43 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 14:43 - 2014-03-18 14:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-18 14:41 - 2014-03-18 14:41 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 13:13 - 2014-03-18 13:03 - 00036198 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-03-18 13:13 - 2014-03-18 12:49 - 00043549 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-03-18 12:59 - 2009-10-18 15:56 - 00001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-03-18 12:08 - 2013-07-24 23:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-16 14:26 - 2006-11-02 08:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-16 13:12 - 2013-07-22 22:38 - 00001996 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 20:22 - 2009-08-26 07:39 - 00000000 ____D () C:\Users\Owner
2014-03-13 10:01 - 2013-11-13 15:42 - 00024172 _____ () C:\Users\Owner\Desktop\pc financial main.xlsx
2014-03-13 03:47 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-03-13 03:29 - 2006-11-02 11:21 - 00431472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:24 - 2010-11-06 10:07 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-12 13:17 - 2013-06-13 11:52 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 13:17 - 2013-04-11 15:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:17 - 2013-04-11 15:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-27 20:46 - 2009-09-12 09:13 - 00002611 _____ () C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
2014-02-26 04:00 - 2014-02-26 03:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8701BF82-796C-4D19-BE53-6FF75376AC99}
2014-02-25 18:13 - 2009-10-11 09:05 - 00015872 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-25 15:57 - 2014-02-25 15:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A5B2E829-DFD2-49ED-8927-1094212CE328}
2014-02-25 15:57 - 2010-10-24 09:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-02-24 15:31 - 2014-02-24 15:31 - 00001801 _____ () C:\Users\Public\Desktop\One Touch Video Capture.lnk
2014-02-24 15:31 - 2014-02-24 15:31 - 00000000 ____D () C:\Program Files (x86)\One Touch Video Capture
2014-02-24 15:31 - 2009-05-08 04:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-24 15:29 - 2014-02-24 15:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diamond One Touch Video Capture Software
2014-02-24 15:29 - 2014-02-24 15:29 - 00000000 ____D () C:\Program Files (x86)\Diamond One Touch Video Capture Software
2014-02-24 15:21 - 2014-02-24 15:20 - 00000000 ____D () C:\Program Files (x86)\Mydrv
2014-02-23 21:41 - 2013-11-12 13:44 - 00000000 ____D () C:\Users\Owner\Desktop\print for bedroom photo wall
2014-02-23 03:12 - 2014-03-13 03:03 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 02:54 - 2014-03-13 03:03 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 02:52 - 2014-03-13 03:03 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 02:48 - 2014-03-13 03:03 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 02:48 - 2014-03-13 03:03 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 02:46 - 2014-03-13 03:03 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 02:46 - 2014-03-13 03:03 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 02:46 - 2014-03-13 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 02:45 - 2014-03-13 03:03 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 02:45 - 2014-03-13 03:03 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 02:45 - 2014-03-13 03:03 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 02:44 - 2014-03-13 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 02:44 - 2014-03-13 03:03 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 02:44 - 2014-03-13 03:03 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 02:44 - 2014-03-13 03:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 02:43 - 2014-03-13 03:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 01:50 - 2014-03-13 03:03 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 01:47 - 2014-03-13 03:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 01:43 - 2014-03-13 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 01:41 - 2014-03-13 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 01:40 - 2014-03-13 03:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 01:39 - 2014-03-13 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-23 01:38 - 2014-03-13 03:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-23 01:38 - 2014-03-13 03:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-23 01:38 - 2014-03-13 03:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 01:37 - 2014-03-13 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 01:37 - 2014-03-13 03:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 01:37 - 2014-03-13 03:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 01:37 - 2014-03-13 03:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-23 01:36 - 2014-03-13 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 01:36 - 2014-03-13 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-23 01:35 - 2014-03-13 03:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-22 16:18 - 2009-08-26 22:17 - 00000692 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2014-02-20 21:27 - 2014-02-20 21:27 - 00033745 _____ () C:\WindowsHvc_____.pfb
2014-02-20 11:14 - 2014-02-20 09:53 - 00000000 ____D () C:\Program Files (x86)\UnThreat AntiVirus
2014-02-20 09:53 - 2014-02-20 09:52 - 00971184 _____ (Scandium Security Inc.) C:\Users\Owner\Downloads\UnThreatFreeSetup.exe
2014-02-20 09:46 - 2011-01-31 13:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-18 22:27 - 2009-08-26 07:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2014-02-18 22:25 - 2014-02-18 22:25 - 00000156 _____ () C:\Users\Owner\Desktop\Network_Security_Settings.txt
2014-02-18 22:23 - 2010-05-31 11:44 - 00000000 ____D () C:\Program Files (x86)\D-Link
2014-02-18 13:29 - 2014-02-18 13:28 - 00274416 _____ () C:\Windows\Minidump\Mini021814-01.dmp
2014-02-18 13:28 - 2009-08-30 20:06 - 00000000 ____D () C:\Windows\Minidump
2014-02-18 13:28 - 2009-08-30 20:05 - 465426539 _____ () C:\Windows\MEMORY.DMP
ZeroAccess:
C:\Users\Owner\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Alureon:
C:\Users\Owner\AppData\Local\Temp\scvwpdd\sqinmsx\wow.dll
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Owner\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Owner\AppData\Local\Temp\jna2008542654645873700.dll
C:\Users\Owner\AppData\Local\Temp\jna6277517275292719784.dll
C:\Users\Owner\AppData\Local\Temp\jna6431662741521009873.dll
C:\Users\Owner\AppData\Local\Temp\KoboSetup.exe
C:\Users\Owner\AppData\Local\Temp\LimeWireWin.exe
C:\Users\Owner\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Owner\AppData\Local\Temp\mhe1.exe
C:\Users\Owner\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Owner\AppData\Local\Temp\MSN8109.exe
C:\Users\Owner\AppData\Local\Temp\nos_uninstall_Adobe.dll
C:\Users\Owner\AppData\Local\Temp\SavingsVault-rev.exe
C:\Users\Owner\AppData\Local\Temp\SendMsg.dll
C:\Users\Owner\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Owner\AppData\Local\Temp\tbVisu.dll
C:\Users\Owner\AppData\Local\Temp\Update_Permissions_AUClient.exe
C:\Users\Owner\AppData\Local\Temp\vbmz6.exe
C:\Users\Owner\AppData\Local\Temp\_is5509.exe
C:\Users\Owner\AppData\Local\Temp\_is77E6.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-18 21:25
 
==================== End Of Log ============================


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 19 March 2014 - 08:55 AM

Ok, it's looking better already. :)


Step 1

Please download this attached Attached File  fixlist.txt   1.5KB   2 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

I don't see a running anti-virus program on your computer. I highly recommend that you download and install one anti-virus software (e.g. avast or MSE).
Then run a full scan with this newly installed antivirus program and post the log.



Step 3

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



#8 jennp10

jennp10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 20 March 2014 - 07:28 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by Owner at 2014-03-19 12:55:04 Run:2
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-941024731-3007839908-978433477-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
CHR Extension: (VisualBee V.1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoealncnigkgnfjlfakeadlamcmldmka [2013-07-23]
CHR HKCU\...\Chrome\Extension: [hoealncnigkgnfjlfakeadlamcmldmka] - C:\Users\Owner\AppData\Local\CRE\hoealncnigkgnfjlfakeadlamcmldmka.crx [2013-02-05]
CHR HKLM-x32\...\Chrome\Extension: [hoealncnigkgnfjlfakeadlamcmldmka] - C:\Users\Owner\AppData\Local\CRE\hoealncnigkgnfjlfakeadlamcmldmka.crx [2013-02-05]
U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\   \...\???\{51f8061a-1f38-27d3-adc4-779ddf5dca96}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Users\Owner\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Owner\AppData\Local\Temp\scvwpdd
C:\Users\Owner\AppData\Local\Temp\*.dll
C:\Users\Owner\AppData\Local\Temp\*.exe
Reboot:
*****************
 
HKU\S-1-5-21-941024731-3007839908-978433477-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoealncnigkgnfjlfakeadlamcmldmka directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\hoealncnigkgnfjlfakeadlamcmldmka => Key not found.
"C:\Users\Owner\AppData\Local\CRE\hoealncnigkgnfjlfakeadlamcmldmka.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hoealncnigkgnfjlfakeadlamcmldmka => Key not found.
"C:\Users\Owner\AppData\Local\CRE\hoealncnigkgnfjlfakeadlamcmldmka.crx" => File/Directory not found.
*etadpug => Service not found.
"C:\Users\Owner\AppData\Local\Google\Desktop\Install" => File/Directory not found.
"C:\Program Files (x86)\Google\Desktop\Install" => File/Directory not found.
C:\Users\Owner\AppData\Local\Temp\scvwpdd => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\*.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\*.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Avast AntiVirus scan results:
2 threats found... not sure how to send you the results of that.  I chose "Fix Automatically"
 
eset online scanner results:
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoealncnigkgnfjlfakeadlamcmldmka\10.26.9.505_0\APISupport\APISupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\LimeWireWin.exe.xBAD probably a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\mconduitinstaller.exe.xBAD Win32/Toolbar.Conduit.S potentially unwanted application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\mhe1.exe.xBAD Win32/Viknok.E trojan
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\SavingsVault-rev.exe.xBAD Win32/Packed.ScrambleWrapper.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\tbVisu.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\VisualBee\VisualBeeSoftware.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\VisualBee\VisualBeeSoftware.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0D5DQ2N1\LimeWireWin[1].exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Users\Owner\AppData\Local\Temp\6D13.tmp a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\Users\Owner\AppData\Local\Temp\ct3268494\chLogic.exe Win32/Conduit.SearchProtect.J potentially unwanted application
C:\Users\Owner\AppData\Local\Temp\ct3268494\ctbe.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Owner\AppData\Local\Temp\ct3268494\ieLogic.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Owner\AppData\Local\Temp\ct3268494\statisticsStub.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Owner\AppData\Local\Temp\ct3268494\stub.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5cc8465f-6598aec9 Java/Exploit.Agent.RCM trojan
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\1b3c7389-34989462 multiple threats
C:\Users\Owner\AppData\Roaming\F14B9B9020EC850A3DBA79D850A5F6B6\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 20 March 2014 - 01:34 PM

Great. No more active malware has been found. Just some stuff that is already in quarantine and some remnants.
So we're almost done! :)


Please download this attached Attached File  fixlist.txt   153bytes   2 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I don't need the log file.

 

 

 

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Adobe Reader 9.5.5
Java™ 6 Update 15 (64-bit)
Java™ 6 Update 15




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 06 April 2014 - 02:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users