Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Removing ZeroAccess


  • This topic is locked This topic is locked
34 replies to this topic

#1 Coconfused

Coconfused

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 05 May 2014 - 11:53 AM

This thread started in the Windows 7 forum.

 

I was instructed to run Rkill and attach the txt there to confirm the presence of ZeroAccess. 

 

Having done that, I was told to start a new topic here.

 

I've downloaded and run dds, and the two txt files are attached to this post.

 

If I've made a mistake or left something out, let me know and I'll try again.

 

Thanks much.

Attached Files



BC AdBot (Login to Remove)

 


#2 Coconfused

Coconfused
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 05 May 2014 - 12:04 PM

It does look like I screwed up already.  I was supposed to paste dds.txt into the message instead of attach the file, so here is the paste:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.5.1
Run by Tom Monken at 10:21:31 on 2014-05-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.3278 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Tom Monken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [Spotify] "C:\Users\Tom Monken\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
uRun: [Spotify Web Helper] "C:\Users\Tom Monken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00107-0002-0007-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: travelers.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
Trusted Zone: travelerspc.com
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://pts.phoenixautoins.com/systemInfo/ScriptX/smsx.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nationwidenh.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{491A43E4-B9A6-4C7F-B08F-C84C11622731} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{491A43E4-B9A6-4C7F-B08F-C84C11622731}\6427F6E647965627531363430235570756270264163747 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{491A43E4-B9A6-4C7F-B08F-C84C11622731}\D4F6E6B6027596D26496 : DHCPNameServer = 10.0.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-17 55856]
R1 {890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64;{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64;C:\Windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys [2014-5-2 61120]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-18 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-31 203776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-1-26 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-18 13336]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-18 2656280]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-10-18 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-10-18 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-1-27 12273408]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-18 412264]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-6-25 131232]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/12/27 10:24:07;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-4 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-18 246376]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-5-2 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-05 13:33:54 -------- d-----w- C:\1873e19bbb9b58edf2
2014-05-05 13:33:52 -------- d-----w- C:\447f3dc981588eed28d52a68a8
2014-05-05 13:11:14 -------- d-----w- C:\e272a5d571e7effe1cec38
2014-05-05 13:11:12 -------- d-----w- C:\139351bcdf8dd27556af7779
2014-05-04 00:08:22 -------- d-----w- C:\913b9a5a2d6288ccca7a
2014-05-04 00:08:17 -------- d-----w- C:\edabf2d2d50ac583bc556db873c5
2014-05-03 14:36:33 -------- d-----w- C:\Users\Tom Monken\AppData\Roaming\Roxio Log Files
2014-05-02 22:33:05 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-02 22:33:05 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-02 21:47:00 -------- d-----w- C:\Quarantine
2014-05-02 21:45:11 -------- d-----w- C:\Program Files\stinger
2014-05-02 19:16:23 61120 ----a-w- C:\Windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
2014-05-02 17:42:49 -------- d-----w- C:\Users\Tom Monken\AppData\Local\{16E27D55-2D0F-4399-B620-47B82D79AE6C}
2014-05-02 17:25:51 -------- d--h--w- C:\ProgramData\Common Files
2014-05-02 17:17:22 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2014-05-02 17:17:21 -------- d-----w- C:\Users\Tom Monken\AppData\Local\SlimWare Utilities Inc
2014-05-02 17:17:17 -------- d-----w- C:\Program Files (x86)\DriverUpdate
2014-05-02 17:15:13 -------- d-----w- C:\Users\Tom Monken\AppData\Local\SearchProtect
2014-04-29 21:56:31 -------- d-s---w- C:\Windows\System32\CompatTel
2014-04-29 21:51:06 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-04-29 21:51:06 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-23 16:56:49 -------- d-sh--w- C:\Users\Tom Monken\AppData\Local\EmieUserList
2014-04-23 16:56:49 -------- d-sh--w- C:\Users\Tom Monken\AppData\Local\EmieSiteList
2014-04-10 13:04:45 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-04-09 20:27:26 -------- d-----w- C:\Users\Tom Monken\AppData\Roaming\DropboxMaster
2014-04-09 20:25:25 -------- d-----w- C:\Users\Tom Monken\AppData\Roaming\Dropbox
2014-04-09 20:15:54 -------- d-s---w- C:\Windows\SysWow64\Microsoft
.
==================== Find3M  ====================
.
2014-04-29 14:17:22 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 14:17:22 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 10:21:53.80 ===============



#3 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:07:26 AM

Posted 05 May 2014 - 02:27 PM

Hello Coconfunsed, 


I will be helping with your computer problems.

Before starting please note the following:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know
  • Do not make any changes on your own to the computer (installing/uninstall programs, deleting files, modifying the registry, running scanners or other tools, etc.) without instructions to do it
  • Please read every post completely and perform all steps in the specified order. If you can't understand something or you encounter problems please stop and let me know
  • Do not attach logs, use code or quote boxes. Just copy and paste the text unless directed otherwise
  • Even if things appear to be better, it does not mean we have finished. Follow my instructions and reply back until I tell you that your computer is clean.
  • Please reply using the Add Reply button in the lower right hand corner of your screen

I'm analyzing your logs, I'll go back as soon as possible. :)

 


Regards 



#4 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:07:26 AM

Posted 07 May 2014 - 06:54 AM

Hello Coconfused  :)
 
Please download Roguekiller and AdwCleaner and save them to your desktop, then:
 
1- Run a scan with Roguekiller

  • Quit all programs that you may have started
  • Please disconnect any external drives from the computer before you run this scan
  • Right-click on the RogueKiller icon then select Run as Administrator
  • Wait until Prescan has finished
  • Click on Scan button
  • Wait until the Status box shows "Scan Finished"
  • Close RogueKiller

 

2- Run a scan with AdwCleaner

  • Close all open programs and internet browsers
  • Right click on the AdwCleaner icon then select Run As Administrator to run the tool
  • When the tool opens, click Yes to disclaimer
  • Click on the Scan button
  • Once the scan has finished, click on the Report button
  • Close AdwCleaner

 

In your next reply please post the contents of these files:

  • RKreport[0]_S_mmddyyy_xxxxx.txt
  • AdwCleaner[Rx].txt

You can find the first one onto your desktop, the last one in the C:\AdwCleaner folder.
 
 
Regards

 


#5 Coconfused

Coconfused
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 07 May 2014 - 08:30 AM

Wow, it was hard to close those programs without removing anything, but I made myself do it.

 

First paste is the RKreport:

**********************************************************

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom Monken [Admin rights]
Mode : Scan -- Date : 05/07/2014 08:21:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Backup : C:\Program Files\Microsoft Security Client\Backup >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] DbgHelp.dll : C:\Program Files\Microsoft Security Client\DbgHelp.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Drivers : C:\Program Files\Microsoft Security Client\Drivers >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] en-us : C:\Program Files\Microsoft Security Client\en-us >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] EppManifest.dll : C:\Program Files\Microsoft Security Client\EppManifest.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Microsoft Security Client\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Microsoft Security Client\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Microsoft Security Client\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Microsoft Security Client\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] mpevmsg.dll : C:\Program Files\Microsoft Security Client\mpevmsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAv.dll : C:\Program Files\Microsoft Security Client\MpOAv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Microsoft Security Client\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Microsoft Security Client\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSESysprep.dll : C:\Program Files\Microsoft Security Client\MSESysprep.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Microsoft Security Client\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpEng.exe : C:\Program Files\Microsoft Security Client\MsMpEng.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Microsoft Security Client\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Microsoft Security Client\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] msseces.exe : C:\Program Files\Microsoft Security Client\msseces.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] msseoobe.exe : C:\Program Files\Microsoft Security Client\msseoobe.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] msseooberes.dll : C:\Program Files\Microsoft Security Client\msseooberes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsseWat.dll : C:\Program Files\Microsoft Security Client\MsseWat.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisIpsPlugin.dll : C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisLog.dll : C:\Program Files\Microsoft Security Client\NisLog.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisSrv.exe : C:\Program Files\Microsoft Security Client\NisSrv.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisWFP.dll : C:\Program Files\Microsoft Security Client\NisWFP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Setup.exe : C:\Program Files\Microsoft Security Client\Setup.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SetupRes.dll : C:\Program Files\Microsoft Security Client\SetupRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] shellext.dll : C:\Program Files\Microsoft Security Client\shellext.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] sqmapi.dll : C:\Program Files\Microsoft Security Client\sqmapi.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.dll : C:\Program Files\Microsoft Security Client\SymSrv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Microsoft Security Client\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) RAID-0 +++++
--- User ---
[MBR] 4f1daaa50e347d1b8ddc3873484da046
[BSP] 390a5b6f1f20f7a4e8edbff82c34e21e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 935147 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1915590656 | Size: 18419 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1953312768 | Size: 108 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x57] The parameter is incorrect. )

Finished : << RKreport[0]_S_05072014_082138.txt >>

 

************************************************************************************

Next paste is the AdwCleaner text report:

************************************************************************************

# AdwCleaner v3.207 - Report created 07/05/2014 at 08:23:01
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tom Monken - TOMMONKEN-HP
# Running from : C:\Users\Tom Monken\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\TOMMON~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Windows\Downloaded Program Files\popcaploader.inf
Folder Found : C:\Program Files (x86)\FunWebProducts
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Tom Monken\AppData\Local\SearchProtect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [4362 octets] - [07/05/2014 08:23:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4422 octets] ##########

 

*****************************************************************************************************

 

Thanks much!



#6 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:07:26 AM

Posted 07 May 2014 - 01:05 PM

Hello Coconfused    :)

 

I know what you mean, but before to remove something it's better to check what it is. Sometimes malware may infect files that is better to leave untouched initially because then worst damage may occur.
 
Please download  FRST 32bit and save it to your desktop, then:

 
1- Run Roguekiller

  • Quit all programs that you may have started
  • Please disconnect any external drives from the computer before you run this scan
  • Right-click on the RogueKiller icon then select Run as Administrator
  • Wait until Prescan has finished
  • Click on Scan button
  • Wait until the Status box shows "Scan Finished" 
  • Click the Delete button
  • Close RogueKiller

 

2- Run AdwCleaner

  • Close all open programs and internet browsers
  • Right click on the AdwCleaner icon then select Run As Administrator to run the tool
  • When the tool opens, click Yes to disclaimer
  • Click on the Scan button
  • Once the scan has finished, click on the Delete button
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process

 

3- Run FRST

  • Right-click on the FRST icon then select Run As Administrator to run the tool
  • When the tool opens, click Yes to disclaimer
  • Click on the Scan button
  • When finished, it will show a log called FRST.txt and another one called Addition.txt
  • Close FRST

 

In your next reply please post the contents of these files:

  • RKreport[0]_D_mmddyyy_xxxxx.txt
  • FRST.txt
  • Addition.txt 
  • C:\AdwCleaner[Sx].txt

You can find the AdwCleaner log in its folder, the other three are onto your desktop.

 
 
Regards



#7 Coconfused

Coconfused
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 May 2014 - 08:45 AM

OK.  On the FRST, I used the 64 bit version.  It made sense to me, but if that was wrong, let me know.

 

First paste:  RKreport:

***********************************************************************************

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom Monken [Admin rights]
Mode : Scan -- Date : 05/08/2014 08:21:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Backup : C:\Program Files\Microsoft Security Client\Backup >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] DbgHelp.dll : C:\Program Files\Microsoft Security Client\DbgHelp.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Drivers : C:\Program Files\Microsoft Security Client\Drivers >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] en-us : C:\Program Files\Microsoft Security Client\en-us >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] EppManifest.dll : C:\Program Files\Microsoft Security Client\EppManifest.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Microsoft Security Client\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Microsoft Security Client\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Microsoft Security Client\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Microsoft Security Client\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] mpevmsg.dll : C:\Program Files\Microsoft Security Client\mpevmsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAv.dll : C:\Program Files\Microsoft Security Client\MpOAv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Microsoft Security Client\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Microsoft Security Client\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSESysprep.dll : C:\Program Files\Microsoft Security Client\MSESysprep.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Microsoft Security Client\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpEng.exe : C:\Program Files\Microsoft Security Client\MsMpEng.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Microsoft Security Client\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Microsoft Security Client\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] msseces.exe : C:\Program Files\Microsoft Security Client\msseces.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] msseoobe.exe : C:\Program Files\Microsoft Security Client\msseoobe.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] msseooberes.dll : C:\Program Files\Microsoft Security Client\msseooberes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsseWat.dll : C:\Program Files\Microsoft Security Client\MsseWat.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisIpsPlugin.dll : C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisLog.dll : C:\Program Files\Microsoft Security Client\NisLog.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisSrv.exe : C:\Program Files\Microsoft Security Client\NisSrv.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] NisWFP.dll : C:\Program Files\Microsoft Security Client\NisWFP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Setup.exe : C:\Program Files\Microsoft Security Client\Setup.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SetupRes.dll : C:\Program Files\Microsoft Security Client\SetupRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] shellext.dll : C:\Program Files\Microsoft Security Client\shellext.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] sqmapi.dll : C:\Program Files\Microsoft Security Client\sqmapi.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.dll : C:\Program Files\Microsoft Security Client\SymSrv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Microsoft Security Client\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x771946E9)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) RAID-0 +++++
--- User ---
[MBR] 4f1daaa50e347d1b8ddc3873484da046
[BSP] 390a5b6f1f20f7a4e8edbff82c34e21e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 935147 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1915590656 | Size: 18419 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1953312768 | Size: 108 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x57] The parameter is incorrect. )

Finished : << RKreport[0]_S_05082014_082116.txt >>

 

******************************************************************************************************

Second paste:  FRST.txt:

******************************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2014 01
Ran by Tom Monken (administrator) on TOMMONKEN-HP on 08-05-2014 08:32:36
Running from C:\Users\Tom Monken\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Tom Monken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-04] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-04] (Intel® Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-27] (cyberlink)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
HKU\S-1-5-21-505345474-4262716382-2859901614-1000\...\Run: [Spotify] => C:\Users\Tom Monken\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-505345474-4262716382-2859901614-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [698760 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-505345474-4262716382-2859901614-1000\...\Run: [Spotify Web Helper] => C:\Users\Tom Monken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {C82A703C-41C2-4EE2-BE5C-45F9C08ACC20} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=87E2DCD2-A856-4BF0-B22D-B82C700F116E&apn_sauid=609D6DCC-8B5F-45B6-9283-06731E0BBA47&
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} http://pts.phoenixautoins.com/systemInfo/ScriptX/smsx.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nationwidenh.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Tom Monken\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Tom Monken\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/
CHR StartupUrls: "hxxp://www.msn.com/?pc=U142&ocid=U142DHP"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Unity Player) - C:\Users\Tom Monken\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-20]
CHR Extension: (Google Drive) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (YouTube) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Google Search) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (avast! Online Security) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-06-25]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2013-07-10]
CHR Extension: (Skype Click to Call) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-02]
CHR Extension: (Google Wallet) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-31]

==================== Services (Whitelisted) =================

S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-05-09] (AVAST Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-02] ()
R1 {890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64; C:\Windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys [61120 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-08 08:32 - 2014-05-08 08:33 - 00017921 _____ () C:\Users\Tom Monken\Desktop\FRST.txt
2014-05-08 08:32 - 2014-05-08 08:32 - 00000000 ____D () C:\FRST
2014-05-08 08:31 - 2014-05-08 08:31 - 00004142 _____ () C:\Users\Tom Monken\Desktop\AdwCleaner[S0].txt
2014-05-08 08:23 - 2014-05-08 08:23 - 00008179 _____ () C:\Users\Tom Monken\Desktop\RKreport[0]_D_05082014_082350.txt
2014-05-08 08:21 - 2014-05-08 08:21 - 00008263 _____ () C:\Users\Tom Monken\Desktop\RKreport[0]_S_05082014_082116.txt
2014-05-08 08:15 - 2014-05-08 08:13 - 02063872 _____ (Farbar) C:\Users\Tom Monken\Desktop\FRST64.exe
2014-05-07 08:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-07 08:22 - 2014-05-08 08:27 - 00000000 ____D () C:\AdwCleaner
2014-05-07 08:19 - 2014-05-08 08:23 - 00000000 ____D () C:\Users\Tom Monken\Desktop\RK_Quarantine
2014-05-07 08:18 - 2014-05-07 08:16 - 01316991 _____ () C:\Users\Tom Monken\Desktop\AdwCleaner.exe
2014-05-07 08:18 - 2014-05-07 08:15 - 03972608 _____ () C:\Users\Tom Monken\Desktop\RogueKiller.exe
2014-05-05 08:50 - 2014-05-05 08:50 - 00000616 _____ () C:\Users\Tom Monken\Desktop\iExplore - Shortcut.lnk
2014-05-03 09:36 - 2014-05-03 09:36 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Roxio Log Files
2014-05-02 17:33 - 2014-04-29 09:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 17:33 - 2014-04-29 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 17:33 - 2014-04-29 07:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 17:33 - 2014-04-29 07:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 17:27 - 2014-05-02 17:27 - 00899584 _____ () C:\Users\Tom Monken\Downloads\MicrosoftFixit50535.msi
2014-05-02 17:09 - 2014-05-02 17:09 - 88882192 _____ (AVAST Software) C:\Users\Tom Monken\Downloads\avast_free_antivirus_setup (2).exe
2014-05-02 16:47 - 2014-05-02 16:47 - 00000000 ____D () C:\Quarantine
2014-05-02 16:45 - 2014-05-02 16:50 - 00000000 ____D () C:\Program Files\stinger
2014-05-02 16:44 - 2014-05-02 16:44 - 05142080 _____ (McAfee, Inc.) C:\Users\Tom Monken\Downloads\Setup_serial_9Z7BAgRUYEmfabwQPLYNfw2_key.exe
2014-05-02 14:16 - 2014-04-24 12:32 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
2014-05-02 12:42 - 2014-05-02 12:42 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\{16E27D55-2D0F-4399-B620-47B82D79AE6C}
2014-05-02 12:35 - 2014-05-02 12:35 - 00009702 _____ () C:\Users\Tom Monken\Documents\Sign In.htm
2014-05-02 12:35 - 2014-05-02 12:35 - 00000000 ____D () C:\Users\Tom Monken\Documents\Sign In_files
2014-05-02 12:34 - 2014-05-02 12:34 - 02176144 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack (2).EXE
2014-05-02 12:22 - 2014-05-02 12:22 - 02185872 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack.EXE
2014-05-02 12:22 - 2014-05-02 12:22 - 02176144 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack (1).EXE
2014-05-02 12:17 - 2014-05-02 12:31 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-05-02 12:17 - 2014-05-02 12:25 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-02 12:17 - 2014-05-02 12:17 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\SlimWare Utilities Inc
2014-05-02 12:17 - 2014-05-02 12:17 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-05-02 12:16 - 2014-05-02 12:16 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Tom Monken\Downloads\DriverUpdate-setup.exe
2014-05-02 12:14 - 2014-05-02 12:15 - 11241816 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\MSEInstall{1}.exe
2014-05-02 11:04 - 2014-05-02 11:05 - 00000022 _____ () C:\Users\Tom Monken\Downloads\ROCKET SWEEP (793229) (1).zip
2014-05-02 11:00 - 2014-05-02 11:06 - 00000022 _____ () C:\Users\Tom Monken\Downloads\ROCKET SWEEP (793229).zip
2014-05-02 10:19 - 2014-05-02 10:19 - 00019414 _____ () C:\Users\Tom Monken\Downloads\PlaylistData_2014-05-02.xlsx
2014-04-29 16:56 - 2014-04-29 16:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 16:51 - 2014-04-13 21:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-29 16:51 - 2014-04-13 21:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-23 11:56 - 2014-04-23 11:56 - 00000000 __SHD () C:\Users\Tom Monken\AppData\Local\EmieUserList
2014-04-23 11:56 - 2014-04-23 11:56 - 00000000 __SHD () C:\Users\Tom Monken\AppData\Local\EmieSiteList
2014-04-22 08:08 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 08:08 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 08:08 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 08:08 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 08:08 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 08:08 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 08:08 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 08:08 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 08:08 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 08:08 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 08:08 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 08:08 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 08:08 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 08:08 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 08:08 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 08:08 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 08:08 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 08:08 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 08:08 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 08:08 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 08:08 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 08:08 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 08:08 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 08:08 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 08:08 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 08:08 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 08:08 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 08:08 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 08:08 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 08:08 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 08:08 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 08:08 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 08:08 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 08:08 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 08:08 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 08:08 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 08:08 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 08:08 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 08:08 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 08:08 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 08:08 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 08:08 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 08:08 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 08:08 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-11 09:01 - 2014-04-11 09:01 - 00386630 _____ () C:\Users\Tom Monken\Downloads\Staley #7490.tif
2014-04-10 08:04 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 08:04 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 08:04 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 08:04 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 08:04 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 08:04 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 08:04 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 08:04 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 08:04 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 08:04 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 08:04 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 08:04 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 08:04 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 08:04 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 08:04 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 08:04 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 08:04 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 15:27 - 2014-04-09 15:27 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-09 15:27 - 2014-04-09 15:27 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\DropboxMaster
2014-04-09 15:25 - 2014-04-09 15:27 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Dropbox
2014-04-09 15:18 - 2014-04-09 15:19 - 88551496 _____ (AVAST Software) C:\Users\Tom Monken\Downloads\avast_free_antivirus_setup (1).exe

==================== One Month Modified Files and Folders =======

2014-05-08 08:33 - 2014-05-08 08:32 - 00017921 _____ () C:\Users\Tom Monken\Desktop\FRST.txt
2014-05-08 08:32 - 2014-05-08 08:32 - 00000000 ____D () C:\FRST
2014-05-08 08:31 - 2014-05-08 08:31 - 00004142 _____ () C:\Users\Tom Monken\Desktop\AdwCleaner[S0].txt
2014-05-08 08:31 - 2011-10-18 03:12 - 01998149 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 08:30 - 2013-05-10 10:03 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\Spotify
2014-05-08 08:30 - 2013-05-10 10:02 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Spotify
2014-05-08 08:29 - 2013-02-19 10:24 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce0eb53d3450ed.job
2014-05-08 08:29 - 2010-11-20 22:47 - 01237250 _____ () C:\Windows\PFRO.log
2014-05-08 08:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 08:29 - 2009-07-13 23:51 - 00098058 _____ () C:\Windows\setupact.log
2014-05-08 08:27 - 2014-05-07 08:22 - 00000000 ____D () C:\AdwCleaner
2014-05-08 08:24 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 08:24 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 08:23 - 2014-05-08 08:23 - 00008179 _____ () C:\Users\Tom Monken\Desktop\RKreport[0]_D_05082014_082350.txt
2014-05-08 08:23 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Tom Monken\Desktop\RK_Quarantine
2014-05-08 08:22 - 2013-02-19 10:24 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce0eb53d95d34b.job
2014-05-08 08:21 - 2014-05-08 08:21 - 00008263 _____ () C:\Users\Tom Monken\Desktop\RKreport[0]_S_05082014_082116.txt
2014-05-08 08:17 - 2012-04-06 07:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 08:13 - 2014-05-08 08:15 - 02063872 _____ (Farbar) C:\Users\Tom Monken\Desktop\FRST64.exe
2014-05-08 08:10 - 2012-11-16 11:12 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForTom Monken.job
2014-05-08 08:08 - 2011-12-16 11:58 - 00002313 _____ () C:\Windows\epplauncher.mif
2014-05-07 08:16 - 2014-05-07 08:18 - 01316991 _____ () C:\Users\Tom Monken\Desktop\AdwCleaner.exe
2014-05-07 08:15 - 2014-05-07 08:18 - 03972608 _____ () C:\Users\Tom Monken\Desktop\RogueKiller.exe
2014-05-05 08:51 - 2009-07-14 00:13 - 00783688 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-05 08:50 - 2014-05-05 08:50 - 00000616 _____ () C:\Users\Tom Monken\Desktop\iExplore - Shortcut.lnk
2014-05-05 08:37 - 2013-05-08 07:20 - 00000000 ____D () C:\Users\Tom Monken\Desktop\Security
2014-05-03 09:40 - 2011-05-17 04:50 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-05-03 09:40 - 2011-05-17 04:40 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-05-03 09:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-05-03 09:36 - 2014-05-03 09:36 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Roxio Log Files
2014-05-03 09:28 - 2011-12-16 15:55 - 00002161 _____ () C:\ProgramData\hpzinstall.log
2014-05-03 09:24 - 2011-12-16 15:55 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-03 09:23 - 2011-05-17 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-03 09:20 - 2012-09-11 07:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-03 09:15 - 2013-05-07 13:27 - 00000000 ____D () C:\Users\Tom Monken\Documents\McAfee Vaults
2014-05-03 09:05 - 2013-11-05 10:00 - 00000000 ____D () C:\Program Files\Google
2014-05-03 09:05 - 2012-06-25 14:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-03 09:02 - 2012-06-25 14:19 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\Google
2014-05-03 08:58 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2014-05-03 08:57 - 2013-05-08 07:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-02 17:27 - 2014-05-02 17:27 - 00899584 _____ () C:\Users\Tom Monken\Downloads\MicrosoftFixit50535.msi
2014-05-02 17:21 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-02 17:14 - 2011-12-16 16:19 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\SoftGrid Client
2014-05-02 17:09 - 2014-05-02 17:09 - 88882192 _____ (AVAST Software) C:\Users\Tom Monken\Downloads\avast_free_antivirus_setup (2).exe
2014-05-02 16:50 - 2014-05-02 16:45 - 00000000 ____D () C:\Program Files\stinger
2014-05-02 16:47 - 2014-05-02 16:47 - 00000000 ____D () C:\Quarantine
2014-05-02 16:44 - 2014-05-02 16:44 - 05142080 _____ (McAfee, Inc.) C:\Users\Tom Monken\Downloads\Setup_serial_9Z7BAgRUYEmfabwQPLYNfw2_key.exe
2014-05-02 12:42 - 2014-05-02 12:42 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\{16E27D55-2D0F-4399-B620-47B82D79AE6C}
2014-05-02 12:38 - 2009-07-14 00:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-02 12:35 - 2014-05-02 12:35 - 00009702 _____ () C:\Users\Tom Monken\Documents\Sign In.htm
2014-05-02 12:35 - 2014-05-02 12:35 - 00000000 ____D () C:\Users\Tom Monken\Documents\Sign In_files
2014-05-02 12:34 - 2014-05-02 12:34 - 02176144 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack (2).EXE
2014-05-02 12:31 - 2014-05-02 12:17 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-05-02 12:29 - 2011-12-14 14:55 - 00000000 ___RD () C:\Users\Tom Monken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-02 12:25 - 2014-05-02 12:17 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-02 12:22 - 2014-05-02 12:22 - 02185872 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack.EXE
2014-05-02 12:22 - 2014-05-02 12:22 - 02176144 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack (1).EXE
2014-05-02 12:17 - 2014-05-02 12:17 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\SlimWare Utilities Inc
2014-05-02 12:17 - 2014-05-02 12:17 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-05-02 12:16 - 2014-05-02 12:16 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Tom Monken\Downloads\DriverUpdate-setup.exe
2014-05-02 12:15 - 2014-05-02 12:14 - 11241816 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\MSEInstall{1}.exe
2014-05-02 11:06 - 2014-05-02 11:00 - 00000022 _____ () C:\Users\Tom Monken\Downloads\ROCKET SWEEP (793229).zip
2014-05-02 11:05 - 2014-05-02 11:04 - 00000022 _____ () C:\Users\Tom Monken\Downloads\ROCKET SWEEP (793229) (1).zip
2014-05-02 10:19 - 2014-05-02 10:19 - 00019414 _____ () C:\Users\Tom Monken\Downloads\PlaylistData_2014-05-02.xlsx
2014-05-01 08:10 - 2012-11-16 11:12 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTom Monken
2014-05-01 08:10 - 2011-12-29 15:38 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-01 08:10 - 2011-12-15 09:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-30 08:24 - 2013-04-02 10:20 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-29 16:56 - 2014-04-29 16:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 09:17 - 2012-04-06 07:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 09:17 - 2012-04-06 07:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 09:17 - 2011-12-30 08:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 09:01 - 2014-05-02 17:33 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 08:40 - 2014-05-02 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 07:48 - 2014-05-02 17:33 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 07:34 - 2014-05-02 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 12:32 - 2014-05-02 14:16 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
2014-04-23 11:56 - 2014-04-23 11:56 - 00000000 __SHD () C:\Users\Tom Monken\AppData\Local\EmieUserList
2014-04-23 11:56 - 2014-04-23 11:56 - 00000000 __SHD () C:\Users\Tom Monken\AppData\Local\EmieSiteList
2014-04-23 09:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-22 16:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-22 16:39 - 2012-01-11 13:35 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Skype
2014-04-13 21:24 - 2014-04-29 16:51 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 21:19 - 2014-04-29 16:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-11 09:01 - 2014-04-11 09:01 - 00386630 _____ () C:\Users\Tom Monken\Downloads\Staley #7490.tif
2014-04-10 16:57 - 2013-07-31 16:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 16:55 - 2011-12-20 14:22 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 15:27 - 2014-04-09 15:27 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-09 15:27 - 2014-04-09 15:27 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\DropboxMaster
2014-04-09 15:27 - 2014-04-09 15:25 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Dropbox
2014-04-09 15:19 - 2014-04-09 15:18 - 88551496 _____ (AVAST Software) C:\Users\Tom Monken\Downloads\avast_free_antivirus_setup (1).exe

Some content of TEMP:
====================
C:\Users\Tom Monken\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe
C:\Users\Tom Monken\AppData\Local\Temp\ApnStub.exe
C:\Users\Tom Monken\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tom Monken\AppData\Local\Temp\DA0514C1-CD7F-4591-8B31-E5FC349E3749.exe
C:\Users\Tom Monken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgaxgz5.dll
C:\Users\Tom Monken\AppData\Local\Temp\Extract.exe
C:\Users\Tom Monken\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Tom Monken\AppData\Local\Temp\install_reader11_en_mssa_aih.exe
C:\Users\Tom Monken\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Tom Monken\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Tom Monken\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Tom Monken\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Tom Monken\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Tom Monken\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Tom Monken\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Tom Monken\AppData\Local\Temp\oi_{83824F80-172F-4F13-827C-C632115B4357}.exe
C:\Users\Tom Monken\AppData\Local\Temp\Quarantine.exe
C:\Users\Tom Monken\AppData\Local\Temp\Resource.exe
C:\Users\Tom Monken\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP52308.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP52898.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP53794.exe
C:\Users\Tom Monken\AppData\Local\Temp\sp54373.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP54610.exe
C:\Users\Tom Monken\AppData\Local\Temp\sp54620.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP54746.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP54748.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP54841.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP54881.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP55150.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP55151.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP55152.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP55774.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP56413.exe
C:\Users\Tom Monken\AppData\Local\Temp\sp58915.exe
C:\Users\Tom Monken\AppData\Local\Temp\SP59847.exe
C:\Users\Tom Monken\AppData\Local\Temp\sp64126.exe
C:\Users\Tom Monken\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Tom Monken\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Tom Monken\AppData\Local\Temp\UninstallHPTCA.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-29 08:04

==================== End Of Log ============================

****************************************************************************************************

 

Third paste:  Addition.txt:

****************************************************************************************************

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2014 01
Ran by Tom Monken at 2014-05-08 08:34:10
Running from C:\Users\Tom Monken\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0.3.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (x32 Version: 9.0.1 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{26ECBB04-564C-39E7-90F7-0D82EF8B6B22}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0331.528.7872 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0331.528.7872 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0331.528.7872 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help English (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help French (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help German (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0331.0527.7872 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0331.528.7872 - ATI) Hidden
ccc-utility64 (Version: 2011.0331.528.7872 - ATI) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3.3222 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.3.3222 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.3908 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.0.3908 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{50928788-ED14-4B45-97FF-EC3C4EC7BBC1}) (Version: 4.1.7.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{8CF18375-7C7A-4F54-BE75-E693DA4D3E0A}) (Version: 1.2.1.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{31EEA563-3544-4EA1-8773-BCBF83F9627A}) (Version: 4.1.8.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6328.0 - IDT)
Intel Digital Logo (HKLM-x32\...\{0635AEC4-0E4E-4641-9CD0-07D98428EA5A}) (Version: 1.0.5 - Hewlett-Packard Company)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.0.1526.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5015 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5015 - CyberLink Corp.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.6.11664 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

02-05-2014 16:09:49 Windows Update
02-05-2014 17:00:25 Windows Update
02-05-2014 17:02:30 Windows Update
02-05-2014 17:29:52 Removed DriverUpdate
02-05-2014 17:30:43 Removed DriverUpdate
02-05-2014 17:36:25 Windows Update
02-05-2014 22:03:43 avast! antivirus system restore point
02-05-2014 22:16:11 avast! antivirus system restore point
02-05-2014 22:27:36 Installed Microsoft Fix it 50535
02-05-2014 22:32:32 Windows Update
03-05-2014 13:54:18 avast! antivirus system restore point
03-05-2014 14:03:44 Windows Update
03-05-2014 14:08:35 Removed AppliedOnline Upload Center Launcher - 64 bit
03-05-2014 14:33:31 Removed RoxioNow Player.
03-05-2014 14:35:01 Removed ScrewDrivers Client v4 x64 (rdp only).
03-05-2014 14:37:15 Removed HP Support Assistant.
03-05-2014 14:39:12 Windows Modules Installer
03-05-2014 14:39:48 Windows Modules Installer
04-05-2014 00:07:50 Windows Update
05-05-2014 13:10:34 Windows Update
05-05-2014 13:33:37 Windows Update
06-05-2014 13:11:07 Windows Update
07-05-2014 13:12:23 Windows Update
08-05-2014 13:08:18 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0FC32EC4-A81B-4CB9-87C4-BAAD367D7485} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {11B1092D-A521-4297-859E-3247CCD57A6D} - System32\Tasks\GoogleUpdateTaskMachineCore1ce0eb53d3450ed => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: {38F069EC-E417-40AA-95B5-48CD3A6A95CF} - System32\Tasks\GoogleUpdateTaskMachineUA1ce0eb53d95d34b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: {A1AF5322-B32A-4806-8A7A-525603F8EEEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {B9C4593C-1BAA-4157-8E3B-8617DD48BB0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {CD74A3A7-51C0-45DD-933B-37A62A2027BB} - System32\Tasks\AdobeAAMUpdater-1.0-TomMonken-HP-Tom Monken => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {DA83B225-5473-422A-BA89-C3E8036E67DE} - System32\Tasks\HPCeeScheduleForTom Monken => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E26B74CE-965B-4FDE-A4D4-A236496DCD95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe
Task: {E38A1577-9128-415A-9579-D214FBE44525} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {FF5ECA71-63C4-4314-81AD-4DE00EABE224} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce0eb53d3450ed.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce0eb53d95d34b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTom Monken.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-01-04 15:44 - 2011-01-04 15:44 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-01-04 15:44 - 2011-01-04 15:44 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-01-27 13:11 - 2011-01-27 13:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-29 21:39 - 2010-07-29 21:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-03-31 07:26 - 2011-03-31 07:26 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 16:21 - 2011-03-14 16:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-14 09:30 - 2014-02-14 09:30 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-10-18 03:15 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03995425.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03995425.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Internet Security => C:\ProgramData\amsecure.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Tom Monken\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Tom Monken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Faulty Device Manager Devices =============

Name: HP LaserJet 400 color M451dn
Description: HP LaserJet 400 color M451dn
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: avast! TDI Firewall Driver
Description: avast! TDI Firewall Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswFW
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2014 08:29:54 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 08:11:10 AM) (Source: Customer Experience Improvement Program) (User: ) (EventID: 1006)
Description: 80004005

Error: (05/08/2014 08:08:47 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY) (EventID: 100)
Description: HRESULT:0x80070653
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070653. This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

Error: (05/08/2014 08:08:45 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY) (EventID: 100)
Description: HRESULT:0x80070653
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070653. This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

Error: (05/07/2014 08:15:19 AM) (Source: Customer Experience Improvement Program) (User: ) (EventID: 1006)
Description: 80004005

Error: (05/07/2014 08:12:49 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY) (EventID: 100)
Description: HRESULT:0x80070653
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070653. This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

Error: (05/07/2014 08:12:47 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY) (EventID: 100)
Description: HRESULT:0x80070653
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070653. This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

Error: (05/06/2014 11:38:48 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 4040

Error: (05/06/2014 11:38:48 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 4040

Error: (05/06/2014 11:38:48 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (05/08/2014 08:30:51 AM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10016)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/08/2014 08:30:06 AM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.149.1421.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.1.0522.00

 Source Path: 4.1.0522.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/08/2014 08:30:06 AM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.149.1421.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.1.0522.00

 Source Path: 4.1.0522.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/08/2014 08:30:06 AM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.149.1421.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.1.0522.00

 Source Path: 4.1.0522.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/08/2014 08:29:56 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: The following boot-start or system-start driver(s) failed to load:
aswFW

Error: (05/08/2014 08:09:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) (EventID: 20)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

Error: (05/08/2014 08:08:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) (EventID: 20)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.5.216.0 (KB2949787).

Error: (05/08/2014 08:08:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) (EventID: 20)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2839894).

Error: (05/07/2014 08:13:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) (EventID: 20)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

Error: (05/07/2014 08:12:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) (EventID: 20)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.5.216.0 (KB2949787).

Microsoft Office Sessions:
=========================
Error: (05/08/2014 08:29:54 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 08:11:10 AM) (Source: Customer Experience Improvement Program) (User: ) (EventID: 1006)
Description: 80004005

Error: (05/08/2014 08:08:47 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY) (EventID: 100)
Description: HRESULT:0x80070653
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070653. This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

Error: (05/08/2014 08:08:45 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY) (EventID: 100)
Description: HRESULT:0x80070653
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070653. This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

Error: (05/07/2014 08:15:19 AM) (Source: Customer Experience Improvement Program) (User: ) (EventID: 1006)
Description: 80004005

Error: (05/07/2014 08:12:49 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY) (EventID: 100)
Description: HRESULT:0x80070653
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070653. This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

Error: (05/07/2014 08:12:47 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY) (EventID: 100)
Description: HRESULT:0x80070653
Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070653. This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

Error: (05/06/2014 11:38:48 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 4040

Error: (05/06/2014 11:38:48 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 4040

Error: (05/06/2014 11:38:48 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
  Date: 2013-05-24 16:19:47.716
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-24 16:19:47.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-21 14:38:31.240
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-21 14:38:31.216
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-21 14:38:30.757
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-21 14:38:30.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 6091.82 MB
Available physical RAM: 4000.05 MB
Total Pagefile: 12181.83 MB
Available Pagefile: 9944.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:913.23 GB) (Free:813.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.99 GB) (Free:1.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EFB1EBF6)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=913 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)

==================== End Of Log ============================

 

*******************************************************************************************************

Fourth paste:  AdwCleaner.txt

******************************************************************************************************

 

# AdwCleaner v3.207 - Report created 08/05/2014 at 08:27:38
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tom Monken - TOMMONKEN-HP
# Running from : C:\Users\Tom Monken\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Users\Tom Monken\AppData\Local\SearchProtect
File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Users\TOMMON~1\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKLM\Software\SearchProtect
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [4554 octets] - [07/05/2014 08:23:01]
AdwCleaner[R1].txt - [4614 octets] - [08/05/2014 08:26:03]
AdwCleaner[S0].txt - [3974 octets] - [08/05/2014 08:27:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4034 octets] ##########



#8 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:07:26 AM

Posted 08 May 2014 - 09:28 AM

Hello Coconfused :)

 

Sorry for the wrong description about FRST, you have used the good one (then the 32bit version cannot work with your system :wink: ).

About the Roguekiller log, you have posted the wrong one. Please post the RKreport[0]_D_05082014_082350.txt contents.

 

 

Regards



#9 Coconfused

Coconfused
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 08 May 2014 - 09:43 AM

Ratfarts.  It made two txt files, and I used the newer of the two.  Here is the other.

*******************************************************************************************

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom Monken [Admin rights]
Mode : Remove -- Date : 05/08/2014 08:23:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] Backup : C:\Program Files\Microsoft Security Client\Backup >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] DbgHelp.dll : C:\Program Files\Microsoft Security Client\DbgHelp.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] Drivers : C:\Program Files\Microsoft Security Client\Drivers >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] en-us : C:\Program Files\Microsoft Security Client\en-us >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] EppManifest.dll : C:\Program Files\Microsoft Security Client\EppManifest.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Microsoft Security Client\MpAsDesc.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Microsoft Security Client\MpClient.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Microsoft Security Client\MpCmdRun.exe >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Microsoft Security Client\MpCommu.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] mpevmsg.dll : C:\Program Files\Microsoft Security Client\mpevmsg.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpOAv.dll : C:\Program Files\Microsoft Security Client\MpOAv.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Microsoft Security Client\MpRTP.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Microsoft Security Client\MpSvc.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MSESysprep.dll : C:\Program Files\Microsoft Security Client\MSESysprep.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Microsoft Security Client\MsMpCom.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MsMpEng.exe : C:\Program Files\Microsoft Security Client\MsMpEng.exe >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Microsoft Security Client\MsMpLics.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Microsoft Security Client\MsMpRes.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] msseces.exe : C:\Program Files\Microsoft Security Client\msseces.exe >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] msseoobe.exe : C:\Program Files\Microsoft Security Client\msseoobe.exe >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] msseooberes.dll : C:\Program Files\Microsoft Security Client\msseooberes.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] MsseWat.dll : C:\Program Files\Microsoft Security Client\MsseWat.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] NisIpsPlugin.dll : C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] NisLog.dll : C:\Program Files\Microsoft Security Client\NisLog.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] NisSrv.exe : C:\Program Files\Microsoft Security Client\NisSrv.exe >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] NisWFP.dll : C:\Program Files\Microsoft Security Client\NisWFP.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] Setup.exe : C:\Program Files\Microsoft Security Client\Setup.exe >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] SetupRes.dll : C:\Program Files\Microsoft Security Client\SetupRes.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] shellext.dll : C:\Program Files\Microsoft Security Client\shellext.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] sqmapi.dll : C:\Program Files\Microsoft Security Client\sqmapi.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] SymSrv.dll : C:\Program Files\Microsoft Security Client\SymSrv.dll >> \systemroot\system32\config [-] -->
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Microsoft Security Client\SymSrv.yes >> \systemroot\system32\config [-] -->

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\syswow64\shlwapi.DLL @ 0x771946E9)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) RAID-0 +++++
--- User ---
[MBR] 4f1daaa50e347d1b8ddc3873484da046
[BSP] 390a5b6f1f20f7a4e8edbff82c34e21e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 935147 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1915590656 | Size: 18419 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1953312768 | Size: 108 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x57] The parameter is incorrect. )

Finished : << RKreport[0]_D_05082014_082350.txt >>
RKreport[0]_S_05082014_082116.txt



#10 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:07:26 AM

Posted 10 May 2014 - 04:53 AM

Hello Coconfused  :)
 
Please download ComboFix to your desktop then:

  • Close/disable all anti-virus and anti-malware programs (Refer to this page if you are not sure how)
  • Close any open windows
  • Double click on ComboFix.exe and follow the prompts
  • During the scan leave your sick computer alone and do not mouseclick combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished, it will produce and display a report

In your next reply please post the contents of that report. incase of need, you can find it in C:\ComboFix.txt.

 

 

Regards



#11 Coconfused

Coconfused
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 10 May 2014 - 09:05 AM

Here is the ComboFix.txt:

*************************************************

c:\users\Tom Monken\AppData\Local\Microsoft\Windows\Temporary Internet Files\BrowseBurst_iels
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\SysWow64\config\systemprofile\3063287.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-10 to 2014-05-10  )))))))))))))))))))))))))))))))
.
.
2014-05-10 13:56 . 2014-05-10 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-10 13:22 . 2014-05-10 13:23 -------- d-----w- C:\248773ff29ed68c951dd482a79
2014-05-10 13:21 . 2014-05-10 13:22 -------- d-----w- C:\ebdbe17881b57a09c999e121
2014-05-09 14:02 . 2014-04-16 08:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FC5600F-4B3C-4280-95F5-CB39F781570D}\mpengine.dll
2014-05-09 13:50 . 2014-05-09 13:51 -------- d-----w- C:\3e7942f081811b358cd688a2765b79
2014-05-09 13:50 . 2014-05-09 13:50 -------- d-----w- C:\7e7d9d1bde254d15118a437e0c56d1
2014-05-08 13:41 . 2014-04-16 08:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 13:32 . 2014-05-08 13:34 -------- d-----w- C:\FRST
2014-05-07 13:23 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-07 13:22 . 2014-05-08 13:27 -------- d-----w- C:\AdwCleaner
2014-05-03 14:36 . 2014-05-03 14:36 -------- d-----w- c:\users\Tom Monken\AppData\Roaming\Roxio Log Files
2014-05-02 22:33 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-02 22:33 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 22:33 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-02 21:47 . 2014-05-02 21:47 -------- d-----w- C:\Quarantine
2014-05-02 21:45 . 2014-05-02 21:50 -------- d-----w- c:\program files\stinger
2014-05-02 19:16 . 2014-04-24 17:32 61120 ----a-w- c:\windows\system32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
2014-05-02 17:25 . 2014-05-02 17:25 -------- d--h--w- c:\programdata\Common Files
2014-05-02 17:17 . 2014-05-02 17:25 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-05-02 17:17 . 2014-05-02 17:17 -------- d-----w- c:\users\Tom Monken\AppData\Local\SlimWare Utilities Inc
2014-05-02 17:17 . 2014-05-02 17:31 -------- d-----w- c:\program files (x86)\DriverUpdate
2014-04-29 21:56 . 2014-04-29 21:56 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-29 21:51 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-29 21:51 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-23 16:56 . 2014-04-23 16:56 -------- d-sh--w- c:\users\Tom Monken\AppData\Local\EmieUserList
2014-04-23 16:56 . 2014-04-23 16:56 -------- d-sh--w- c:\users\Tom Monken\AppData\Local\EmieSiteList
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 14:17 . 2012-04-06 12:22 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 14:17 . 2011-12-30 13:54 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 21:55 . 2011-12-20 19:22 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-04 09:44 . 2014-04-10 13:04 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-10 13:04 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-10 13:04 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-10 13:04 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-10 13:04 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-10 13:04 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-10 13:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-10 13:04 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-10 13:04 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-10 13:04 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-10 13:04 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Tom Monken\AppData\Roaming\Spotify\Spotify.exe" [2014-04-11 6087224]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2013-12-21 698760]
"Spotify Web Helper"="c:\users\Tom Monken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-11 1171000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-31 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-12-27 75048]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 aswFW;avast! TDI Firewall driver; [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/12/27 10:24;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - NISDRV
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 13:23 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:17]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce0eb53d3450ed.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 19:19]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce0eb53d95d34b.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 19:19]
.
2014-05-10 c:\windows\Tasks\HPCeeScheduleForTom Monken.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 10:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-04 1128448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-04 1933584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
SafeBoot-03995425.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:44,1c,6c,09,b3,d4,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-10  08:58:26
ComboFix-quarantined-files.txt  2014-05-10 13:58
.
Pre-Run: 873,493,721,088 bytes free
Post-Run: 878,869,266,432 bytes free
.
- - End Of File - - 360F7479C266D46DCA9153223B4BECA7
 



#12 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:07:26 AM

Posted 10 May 2014 - 10:36 AM

Hello Coconfused,

 

the posted log is not complete.

Please post the whole log, otherwise we cannot proceed. :)

 

Regards



#13 Coconfused

Coconfused
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 12 May 2014 - 09:08 AM

This is the contents of ComboFix.txt located in my root directory.  Is this different than what I posted before?

****************************************************************************************************************************

ComboFix 14-05-10.01 - Tom Monken 05/10/2014   8:42.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.3830 [GMT -5:00]
Running from: c:\users\Tom Monken\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
C:\RunDLL32.exe
C:\TeamViewer.exe
c:\users\Tom Monken\AppData\Local\Microsoft\Windows\Temporary Internet Files\BrowseBurst_iels
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\SysWow64\config\systemprofile\3063287.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-10 to 2014-05-10  )))))))))))))))))))))))))))))))
.
.
2014-05-10 13:56 . 2014-05-10 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-10 13:22 . 2014-05-10 13:23 -------- d-----w- C:\248773ff29ed68c951dd482a79
2014-05-10 13:21 . 2014-05-10 13:22 -------- d-----w- C:\ebdbe17881b57a09c999e121
2014-05-09 14:02 . 2014-04-16 08:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FC5600F-4B3C-4280-95F5-CB39F781570D}\mpengine.dll
2014-05-09 13:50 . 2014-05-09 13:51 -------- d-----w- C:\3e7942f081811b358cd688a2765b79
2014-05-09 13:50 . 2014-05-09 13:50 -------- d-----w- C:\7e7d9d1bde254d15118a437e0c56d1
2014-05-08 13:41 . 2014-04-16 08:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 13:32 . 2014-05-08 13:34 -------- d-----w- C:\FRST
2014-05-07 13:23 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-07 13:22 . 2014-05-08 13:27 -------- d-----w- C:\AdwCleaner
2014-05-03 14:36 . 2014-05-03 14:36 -------- d-----w- c:\users\Tom Monken\AppData\Roaming\Roxio Log Files
2014-05-02 22:33 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-02 22:33 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 22:33 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-02 21:47 . 2014-05-02 21:47 -------- d-----w- C:\Quarantine
2014-05-02 21:45 . 2014-05-02 21:50 -------- d-----w- c:\program files\stinger
2014-05-02 19:16 . 2014-04-24 17:32 61120 ----a-w- c:\windows\system32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
2014-05-02 17:25 . 2014-05-02 17:25 -------- d--h--w- c:\programdata\Common Files
2014-05-02 17:17 . 2014-05-02 17:25 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-05-02 17:17 . 2014-05-02 17:17 -------- d-----w- c:\users\Tom Monken\AppData\Local\SlimWare Utilities Inc
2014-05-02 17:17 . 2014-05-02 17:31 -------- d-----w- c:\program files (x86)\DriverUpdate
2014-04-29 21:56 . 2014-04-29 21:56 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-29 21:51 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-29 21:51 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-23 16:56 . 2014-04-23 16:56 -------- d-sh--w- c:\users\Tom Monken\AppData\Local\EmieUserList
2014-04-23 16:56 . 2014-04-23 16:56 -------- d-sh--w- c:\users\Tom Monken\AppData\Local\EmieSiteList
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 14:17 . 2012-04-06 12:22 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 14:17 . 2011-12-30 13:54 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 21:55 . 2011-12-20 19:22 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-04 09:44 . 2014-04-10 13:04 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-10 13:04 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-10 13:04 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-10 13:04 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-10 13:04 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-10 13:04 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-10 13:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-10 13:04 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-10 13:04 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-10 13:04 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-10 13:04 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Tom Monken\AppData\Roaming\Spotify\Spotify.exe" [2014-04-11 6087224]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2013-12-21 698760]
"Spotify Web Helper"="c:\users\Tom Monken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-11 1171000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-31 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-12-27 75048]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 aswFW;avast! TDI Firewall driver; [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/12/27 10:24;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - NISDRV
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 13:23 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:17]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce0eb53d3450ed.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 19:19]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce0eb53d95d34b.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 19:19]
.
2014-05-10 c:\windows\Tasks\HPCeeScheduleForTom Monken.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 10:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-04 1128448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-04 1933584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
SafeBoot-03995425.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:44,1c,6c,09,b3,d4,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-10  08:58:26
ComboFix-quarantined-files.txt  2014-05-10 13:58
.
Pre-Run: 873,493,721,088 bytes free
Post-Run: 878,869,266,432 bytes free
.
- - End Of File - - 360F7479C266D46DCA9153223B4BECA7



#14 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:07:26 AM

Posted 15 May 2014 - 05:54 AM

Hello Coconfused,
 
yes, it is. In this one there is the header and some lines that were not shown in the other log.   :)
Now we need to remove some entries from a badly uninstalled antivirus, Avast! and McAfee, before to proceed with other things.
 
Please download the McAfee Consumer Product Removal tool and the Avast Software Uninstall Utility to your desktop, then:
  
1- Run McAfee Consumer Product Removal Tool

  • Double click the MCPR.exe icon to launch the program
  • Select Run
  • Click Next
  • Select Agree then Next
  • Complete Security Validation and click Next (letters are case sensitive)
  • When prompted, click Restart

 

2- Run Avast Software Uninstall Utility

  • Restart your computer in Safe Mode
  • At the login prompt, login as a user with administrative rights
  • Once you are at your desktop, double-click on the avastclear.exe file
  • When the program has started, select the Avast program you wish to remove
  • Once the program is selected, click on the Uninstall button
  • The Avast Uninstall Utility will then remove all traces of this program
  • Restart your computer in Normal Mode

 

3- Run a FRST scan

  • Double click on the FRST icon to run the tool
  • When the tool opens, click Yes to disclaimer
  • Click on the Scan button
  • When finished, it will show a log called FRST.txt
  • Close FRST

In your next reply please post the contents of the FRST.txt  file.
 
 
Regards



#15 Coconfused

Coconfused
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 15 May 2014 - 10:20 AM

Hello.  I've run the utilities to remove McAfee and Avast.

 

The contents of frst.txt are pasted below. 

********************************************************************

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by Tom Monken (administrator) on TOMMONKEN-HP on 15-05-2014 10:15:05
Running from C:\Users\Tom Monken\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\Tom Monken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-04] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-04] (Intel® Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-27] (cyberlink)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-505345474-4262716382-2859901614-1000\...\Run: [Spotify] => C:\Users\Tom Monken\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-505345474-4262716382-2859901614-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-505345474-4262716382-2859901614-1000\...\Run: [Spotify Web Helper] => C:\Users\Tom Monken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} http://pts.phoenixautoins.com/systemInfo/ScriptX/smsx.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nationwidenh.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Tom Monken\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Tom Monken\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/
CHR StartupUrls: "hxxp://www.msn.com/?pc=U142&ocid=U142DHP"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Unity Player) - C:\Users\Tom Monken\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-20]
CHR Extension: (Google Drive) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (YouTube) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Google Search) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (avast! Online Security) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-06-25]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2013-07-10]
CHR Extension: (Skype Click to Call) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-02]
CHR Extension: (Google Wallet) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Tom Monken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-31]

==================== Services (Whitelisted) =================

S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-02] ()
R1 {890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64; C:\Windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys [61120 2014-04-24] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-15 10:15 - 2014-05-15 10:15 - 00017236 _____ () C:\Users\Tom Monken\Desktop\FRST.txt
2014-05-15 10:14 - 2014-05-15 10:14 - 00000000 ____D () C:\Users\Tom Monken\Desktop\FRST-OlderVersion
2014-05-15 09:58 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 09:58 - 2014-05-05 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 09:58 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:58 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:58 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 09:58 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:57 - 2014-05-15 09:57 - 03218352 _____ (McAfee, Inc.) C:\Users\Tom Monken\Desktop\MCPR.exe
2014-05-14 16:52 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 16:52 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 16:52 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:52 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 16:52 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 16:52 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 16:52 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 16:52 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 16:52 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 16:52 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 16:52 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 16:52 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:52 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 16:52 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 16:52 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 16:52 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 16:52 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 16:52 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 16:52 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 16:52 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 16:52 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 16:52 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 16:52 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 16:52 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 16:52 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 16:52 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 16:52 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 16:52 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 16:52 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 16:52 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 16:52 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 16:52 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 16:52 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 16:52 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-10 08:58 - 2014-05-10 08:58 - 00022040 _____ () C:\ComboFix.txt
2014-05-10 08:39 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-10 08:39 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-10 08:39 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-10 08:39 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-10 08:39 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-10 08:39 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-10 08:39 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-10 08:39 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-10 08:36 - 2014-05-10 08:58 - 00000000 ____D () C:\Qoobox
2014-05-10 08:35 - 2014-05-10 08:57 - 00000000 ____D () C:\Windows\erdnt
2014-05-10 08:28 - 2014-05-10 08:27 - 05200347 ____R (Swearware) C:\Users\Tom Monken\Desktop\ComboFix.exe
2014-05-08 08:32 - 2014-05-15 10:15 - 00000000 ____D () C:\FRST
2014-05-08 08:15 - 2014-05-15 10:14 - 02066944 _____ (Farbar) C:\Users\Tom Monken\Desktop\FRST64.exe
2014-05-07 08:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-07 08:22 - 2014-05-08 08:27 - 00000000 ____D () C:\AdwCleaner
2014-05-07 08:19 - 2014-05-08 08:23 - 00000000 ____D () C:\Users\Tom Monken\Desktop\RK_Quarantine
2014-05-07 08:18 - 2014-05-07 08:16 - 01316991 _____ () C:\Users\Tom Monken\Desktop\AdwCleaner.exe
2014-05-07 08:18 - 2014-05-07 08:15 - 03972608 _____ () C:\Users\Tom Monken\Desktop\RogueKiller.exe
2014-05-05 08:50 - 2014-05-05 08:50 - 00000616 _____ () C:\Users\Tom Monken\Desktop\iExplore - Shortcut.lnk
2014-05-03 09:36 - 2014-05-03 09:36 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Roxio Log Files
2014-05-02 17:27 - 2014-05-02 17:27 - 00899584 _____ () C:\Users\Tom Monken\Downloads\MicrosoftFixit50535.msi
2014-05-02 17:09 - 2014-05-02 17:09 - 88882192 _____ (AVAST Software) C:\Users\Tom Monken\Downloads\avast_free_antivirus_setup (2).exe
2014-05-02 16:47 - 2014-05-02 16:47 - 00000000 ____D () C:\Quarantine
2014-05-02 16:45 - 2014-05-02 16:50 - 00000000 ____D () C:\Program Files\stinger
2014-05-02 16:44 - 2014-05-02 16:44 - 05142080 _____ (McAfee, Inc.) C:\Users\Tom Monken\Downloads\Setup_serial_9Z7BAgRUYEmfabwQPLYNfw2_key.exe
2014-05-02 14:16 - 2014-04-24 12:32 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
2014-05-02 12:42 - 2014-05-02 12:42 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\{16E27D55-2D0F-4399-B620-47B82D79AE6C}
2014-05-02 12:35 - 2014-05-02 12:35 - 00009702 _____ () C:\Users\Tom Monken\Documents\Sign In.htm
2014-05-02 12:35 - 2014-05-02 12:35 - 00000000 ____D () C:\Users\Tom Monken\Documents\Sign In_files
2014-05-02 12:34 - 2014-05-02 12:34 - 02176144 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack (2).EXE
2014-05-02 12:22 - 2014-05-02 12:22 - 02185872 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack.EXE
2014-05-02 12:22 - 2014-05-02 12:22 - 02176144 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack (1).EXE
2014-05-02 12:17 - 2014-05-02 12:31 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-05-02 12:17 - 2014-05-02 12:25 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-02 12:17 - 2014-05-02 12:17 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\SlimWare Utilities Inc
2014-05-02 12:17 - 2014-05-02 12:17 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-05-02 12:16 - 2014-05-02 12:16 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Tom Monken\Downloads\DriverUpdate-setup.exe
2014-05-02 12:14 - 2014-05-02 12:15 - 11241816 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\MSEInstall{1}.exe
2014-05-02 11:04 - 2014-05-02 11:05 - 00000022 _____ () C:\Users\Tom Monken\Downloads\ROCKET SWEEP (793229) (1).zip
2014-05-02 11:00 - 2014-05-02 11:06 - 00000022 _____ () C:\Users\Tom Monken\Downloads\ROCKET SWEEP (793229).zip
2014-05-02 10:19 - 2014-05-02 10:19 - 00019414 _____ () C:\Users\Tom Monken\Downloads\PlaylistData_2014-05-02.xlsx
2014-04-29 16:56 - 2014-05-15 10:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-23 11:56 - 2014-04-23 11:56 - 00000000 __SHD () C:\Users\Tom Monken\AppData\Local\EmieUserList
2014-04-23 11:56 - 2014-04-23 11:56 - 00000000 __SHD () C:\Users\Tom Monken\AppData\Local\EmieSiteList
2014-04-22 08:08 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 08:08 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 08:08 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 08:08 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 08:08 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 08:08 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 08:08 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 08:08 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 08:08 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 08:08 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 08:08 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 08:08 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 08:08 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 08:08 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 08:08 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 08:08 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 08:08 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 08:08 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 08:08 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 08:08 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 08:08 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 08:08 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 08:08 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 08:08 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 08:08 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 08:08 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 08:08 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 08:08 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 08:08 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 08:08 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 08:08 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 08:08 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 08:08 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 08:08 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 08:08 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 08:08 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 08:08 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 08:08 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 08:08 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 08:08 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 08:08 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 08:08 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 08:08 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 08:08 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-15 10:15 - 2014-05-15 10:15 - 00017236 _____ () C:\Users\Tom Monken\Desktop\FRST.txt
2014-05-15 10:15 - 2014-05-08 08:32 - 00000000 ____D () C:\FRST
2014-05-15 10:14 - 2014-05-15 10:14 - 00000000 ____D () C:\Users\Tom Monken\Desktop\FRST-OlderVersion
2014-05-15 10:14 - 2014-05-08 08:15 - 02066944 _____ (Farbar) C:\Users\Tom Monken\Desktop\FRST64.exe
2014-05-15 10:14 - 2013-05-10 08:54 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 10:13 - 2013-05-10 10:03 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\Spotify
2014-05-15 10:13 - 2013-05-10 10:02 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Spotify
2014-05-15 10:13 - 2013-02-19 10:24 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce0eb53d3450ed.job
2014-05-15 10:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 10:11 - 2009-07-13 23:51 - 00098226 _____ () C:\Windows\setupact.log
2014-05-15 10:10 - 2013-05-08 07:20 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-05-15 10:07 - 2011-10-18 03:12 - 01562661 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 10:07 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 10:07 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 10:06 - 2013-02-19 10:24 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce0eb53d95d34b.job
2014-05-15 10:04 - 2011-12-14 14:55 - 00000000 ___RD () C:\Users\Tom Monken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 10:04 - 2011-12-14 14:55 - 00000000 ___RD () C:\Users\Tom Monken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 10:03 - 2012-05-01 13:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-15 10:03 - 2010-11-20 22:47 - 01250050 _____ () C:\Windows\PFRO.log
2014-05-15 10:01 - 2014-04-29 16:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 10:01 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 10:01 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 09:57 - 2014-05-15 09:57 - 03218352 _____ (McAfee, Inc.) C:\Users\Tom Monken\Desktop\MCPR.exe
2014-05-15 09:57 - 2011-12-16 11:58 - 00002113 _____ () C:\Windows\epplauncher.mif
2014-05-15 09:57 - 2011-12-16 11:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-15 09:53 - 2013-07-31 16:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 09:53 - 2011-12-20 14:22 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 09:52 - 2012-11-16 11:12 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForTom Monken.job
2014-05-15 09:52 - 2012-04-06 07:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-14 14:26 - 2013-04-02 10:20 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-14 09:17 - 2012-04-06 07:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 09:17 - 2012-04-06 07:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 09:17 - 2011-12-30 08:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 09:25 - 2009-07-14 00:13 - 00783688 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 08:58 - 2014-05-10 08:58 - 00022040 _____ () C:\ComboFix.txt
2014-05-10 08:58 - 2014-05-10 08:36 - 00000000 ____D () C:\Qoobox
2014-05-10 08:58 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-05-10 08:57 - 2014-05-10 08:35 - 00000000 ____D () C:\Windows\erdnt
2014-05-10 08:56 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-10 08:27 - 2014-05-10 08:28 - 05200347 ____R (Swearware) C:\Users\Tom Monken\Desktop\ComboFix.exe
2014-05-09 14:01 - 2013-02-19 10:24 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1ce0eb53d95d34b
2014-05-09 14:01 - 2013-02-19 10:24 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1ce0eb53d3450ed
2014-05-09 01:14 - 2014-05-14 16:52 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 01:11 - 2014-05-14 16:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 08:27 - 2014-05-07 08:22 - 00000000 ____D () C:\AdwCleaner
2014-05-08 08:23 - 2014-05-07 08:19 - 00000000 ____D () C:\Users\Tom Monken\Desktop\RK_Quarantine
2014-05-07 08:16 - 2014-05-07 08:18 - 01316991 _____ () C:\Users\Tom Monken\Desktop\AdwCleaner.exe
2014-05-07 08:15 - 2014-05-07 08:18 - 03972608 _____ () C:\Users\Tom Monken\Desktop\RogueKiller.exe
2014-05-05 23:40 - 2014-05-15 09:58 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 23:17 - 2014-05-15 09:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 22:25 - 2014-05-15 09:58 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 22:07 - 2014-05-15 09:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 22:00 - 2014-05-15 09:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 21:10 - 2014-05-15 09:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 08:50 - 2014-05-05 08:50 - 00000616 _____ () C:\Users\Tom Monken\Desktop\iExplore - Shortcut.lnk
2014-05-05 08:37 - 2013-05-08 07:20 - 00000000 ____D () C:\Users\Tom Monken\Desktop\Security
2014-05-03 09:40 - 2011-05-17 04:50 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-05-03 09:40 - 2011-05-17 04:40 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-05-03 09:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-05-03 09:36 - 2014-05-03 09:36 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Roxio Log Files
2014-05-03 09:28 - 2011-12-16 15:55 - 00002161 _____ () C:\ProgramData\hpzinstall.log
2014-05-03 09:24 - 2011-12-16 15:55 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-03 09:23 - 2011-05-17 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-03 09:15 - 2013-05-07 13:27 - 00000000 ____D () C:\Users\Tom Monken\Documents\McAfee Vaults
2014-05-03 09:05 - 2013-11-05 10:00 - 00000000 ____D () C:\Program Files\Google
2014-05-03 09:05 - 2012-06-25 14:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-03 09:02 - 2012-06-25 14:19 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\Google
2014-05-03 08:58 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2014-05-02 17:27 - 2014-05-02 17:27 - 00899584 _____ () C:\Users\Tom Monken\Downloads\MicrosoftFixit50535.msi
2014-05-02 17:21 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-02 17:14 - 2011-12-16 16:19 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\SoftGrid Client
2014-05-02 17:09 - 2014-05-02 17:09 - 88882192 _____ (AVAST Software) C:\Users\Tom Monken\Downloads\avast_free_antivirus_setup (2).exe
2014-05-02 16:50 - 2014-05-02 16:45 - 00000000 ____D () C:\Program Files\stinger
2014-05-02 16:47 - 2014-05-02 16:47 - 00000000 ____D () C:\Quarantine
2014-05-02 16:44 - 2014-05-02 16:44 - 05142080 _____ (McAfee, Inc.) C:\Users\Tom Monken\Downloads\Setup_serial_9Z7BAgRUYEmfabwQPLYNfw2_key.exe
2014-05-02 12:42 - 2014-05-02 12:42 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\{16E27D55-2D0F-4399-B620-47B82D79AE6C}
2014-05-02 12:38 - 2009-07-14 00:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-02 12:35 - 2014-05-02 12:35 - 00009702 _____ () C:\Users\Tom Monken\Documents\Sign In.htm
2014-05-02 12:35 - 2014-05-02 12:35 - 00000000 ____D () C:\Users\Tom Monken\Documents\Sign In_files
2014-05-02 12:34 - 2014-05-02 12:34 - 02176144 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack (2).EXE
2014-05-02 12:31 - 2014-05-02 12:17 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-05-02 12:25 - 2014-05-02 12:17 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-02 12:22 - 2014-05-02 12:22 - 02185872 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack.EXE
2014-05-02 12:22 - 2014-05-02 12:22 - 02176144 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\DefaultPack (1).EXE
2014-05-02 12:17 - 2014-05-02 12:17 - 00000000 ____D () C:\Users\Tom Monken\AppData\Local\SlimWare Utilities Inc
2014-05-02 12:17 - 2014-05-02 12:17 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-05-02 12:16 - 2014-05-02 12:16 - 00858512 _____ (SlimWare Utilities, Inc.) C:\Users\Tom Monken\Downloads\DriverUpdate-setup.exe
2014-05-02 12:15 - 2014-05-02 12:14 - 11241816 _____ (Microsoft Corporation) C:\Users\Tom Monken\Downloads\MSEInstall{1}.exe
2014-05-02 11:06 - 2014-05-02 11:00 - 00000022 _____ () C:\Users\Tom Monken\Downloads\ROCKET SWEEP (793229).zip
2014-05-02 11:05 - 2014-05-02 11:04 - 00000022 _____ () C:\Users\Tom Monken\Downloads\ROCKET SWEEP (793229) (1).zip
2014-05-02 10:19 - 2014-05-02 10:19 - 00019414 _____ () C:\Users\Tom Monken\Downloads\PlaylistData_2014-05-02.xlsx
2014-05-01 08:10 - 2012-11-16 11:12 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTom Monken
2014-05-01 08:10 - 2011-12-29 15:38 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-01 08:10 - 2011-12-15 09:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-24 12:32 - 2014-05-02 14:16 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys
2014-04-23 11:56 - 2014-04-23 11:56 - 00000000 __SHD () C:\Users\Tom Monken\AppData\Local\EmieUserList
2014-04-23 11:56 - 2014-04-23 11:56 - 00000000 __SHD () C:\Users\Tom Monken\AppData\Local\EmieSiteList
2014-04-23 09:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-22 16:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-22 16:39 - 2012-01-11 13:35 - 00000000 ____D () C:\Users\Tom Monken\AppData\Roaming\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 16:52] - [2014-03-04 04:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-09 11:03

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users