Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZEKOS found during Rogue Killer scan in system32


  • This topic is locked This topic is locked
20 replies to this topic

#1 jpbene

jpbene

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 18 June 2014 - 08:37 PM

Good Afternoon, thanks in advance for the help here.

 

I have been following threads here on how to clean viruses and have ran MBAM which did not find anything. I also ran rkill which did not seem to find anything.  Rogue Killer found it and ended the process, causing windows to close and reoot.  Also I ran esef online scanner which found it, deleted it and then I had to do a system restore to an earlier date, therefore I may need some new updates from Microsoft.

I have attached the logs from Farbar.

 

Any help would be greatly appreciated.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by jeremy (administrator) on DARRYLS on 18-06-2014 06:45:36
Running from C:\Users\jeremy\Downloads
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Farbar) C:\Users\jeremy\Downloads\FRST (1).exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Google Inc.) C:\Program Files\Google\Update\Install\{3906C784-F682-459D-B9A6-6AB7AB2B4310}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files\GUM9500.tmp\GoogleUpdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4374528 2007-02-06] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-18] (Google)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DW6] => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-23] (Google Inc.)
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EA Core] => C:\Program Files\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GameCenter] => C:\Users\DARRYL\AppData\Roaming\GameCenter\gamecenter.exe [100352 2012-10-18] (http://joyvy.com/)
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {35c74ae9-4849-11dd-b80f-0016448b0e76} - E:\WIN\setup.exe
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6fab13ea-128d-11de-8020-0016448b0e76} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {75e063d8-8329-11e0-8fe6-aaa1283e141d} - E:\TLBootstrap_WPP.exe
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {da82a728-aa40-11df-a870-ab22c3c14733} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {da82a737-aa40-11df-a870-ccabe0f53dfa} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2919129606-1815928035-255343462-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f83422f2-1769-11de-a563-00a0d192c4b6} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2919129606-1815928035-255343462-1002\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] ()
HKU\S-1-5-21-2919129606-1815928035-255343462-1002\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-23] (Google Inc.)
HKU\S-1-5-21-2919129606-1815928035-255343462-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] ()
HKU\S-1-5-21-2919129606-1815928035-255343462-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-23] (Google Inc.)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-18] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {BDE0A5FF-0C1E-41B6-9279-DF612ACCD408} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKCU - DefaultScope {BDE0A5FF-0C1E-41B6-9279-DF612ACCD408} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};&rlz=1I7GGLL_en
SearchScopes: HKCU - {BDE0A5FF-0C1E-41B6-9279-DF612ACCD408} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};&rlz=1I7GGLL_en
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Freecause Toolbar BHO - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{39E86C59-C6D7-4496-928B-A9EBEE7FB788}: [NameServer]71.15.32.8

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [558080 2009-04-11] (Microsoft Corporation) [File not signed]
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [238328 2009-11-13] (WildTangent, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-18] (Google)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [558080 2009-04-11] (Microsoft Corporation) [File not signed]
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-09-19] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

==================== Drivers (Whitelisted) ====================

R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1073216 2011-03-30] (Broadcom Corporation)
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl0cdeda53; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21209AC1-3B27-45A6-9389-9B3760A61C7D}\MpKsl0cdeda53.sys [39464 2014-06-17] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [174720 2009-12-18] (Novatel Wireless Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation                           )
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [32408 2009-05-25] (Smith Micro Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26504 2009-12-22] ()
S3 SWNC8U56; C:\Windows\System32\DRIVERS\swnc8u56.sys [101248 2007-06-27] (Sierra Wireless Inc.)
S3 SWUMX56; C:\Windows\System32\DRIVERS\swumx56.sys [73856 2007-06-27] (Sierra Wireless Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12416 2007-08-23] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19840 2007-08-23] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [21632 2007-08-23] (LG Electronics Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 SVRPEDRV; \??\C:\Windows\System32\sysprep\UP_date\PEDrv.sys [X]
S3 Tosrfcom; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-18 06:20 - 2014-06-18 06:22 - 00000000 ____D () C:\Program Files\GUM9500.tmp
2014-06-18 06:20 - 2014-06-18 06:20 - 06010880 _____ () C:\Program Files\GUT962A.tmp
2014-06-18 06:16 - 2014-06-18 06:20 - 00036137 _____ () C:\Users\jeremy\Downloads\Addition.txt
2014-06-18 06:09 - 2014-06-18 06:47 - 00019668 _____ () C:\Users\jeremy\Downloads\FRST.txt
2014-06-18 06:07 - 2014-06-18 06:46 - 00000000 ____D () C:\FRST
2014-06-18 06:05 - 2014-06-18 06:07 - 01072640 _____ (Farbar) C:\Users\jeremy\Downloads\FRST (1).exe
2014-06-18 06:00 - 2014-06-18 06:00 - 00000000 _____ () C:\Users\jeremy\Downloads\FRST.exe.6rkg0ph.partial
2014-06-18 00:15 - 2014-06-18 01:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-17 20:43 - 2014-06-17 21:05 - 00000000 ___SD () C:\ComboFix
2014-06-17 20:41 - 2014-06-17 20:43 - 00000000 ____D () C:\Qoobox
2014-06-17 15:08 - 2014-06-17 15:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 12:54 - 2014-06-17 22:48 - 00005300 _____ () C:\Users\jeremy\Desktop\Rkill.txt
2014-06-16 08:53 - 2012-03-08 18:32 - 00039272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-06-16 08:48 - 2014-06-16 08:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-16 08:48 - 2014-06-16 08:48 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-06-16 08:45 - 2014-06-16 08:47 - 00001198 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-06-16 08:42 - 2014-06-16 08:42 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-06-16 08:40 - 2014-06-16 08:41 - 00001008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-06-16 08:37 - 2014-06-16 08:39 - 00001996 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-06-16 08:31 - 2014-06-16 08:57 - 00000000 ____D () C:\Program Files\Windows Live
2014-06-16 08:29 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-06-16 08:29 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-06-16 08:29 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-06-16 07:50 - 2014-06-16 07:50 - 00000000 ____D () C:\Users\jeremy\AppData\Local\Windows Live
2014-06-16 07:50 - 2014-06-16 07:50 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-06-16 07:48 - 2009-08-04 03:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2014-06-16 07:47 - 2014-06-18 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-16 07:46 - 2014-06-18 04:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-16 07:40 - 2014-06-16 07:41 - 00000000 ____D () C:\Windows\Temp21945D42-43AA-2DC2-63EB-1EA4EFFEC50B-Signatures
2014-06-16 03:31 - 2014-06-16 03:31 - 00000000 ____D () C:\Windows\Temp54E59CFB-6FEC-C085-190A-75EEE1AA183C-Signatures
2014-06-15 22:13 - 2014-06-17 21:06 - 00056980 _____ () C:\Windows\PFRO.log
2014-06-15 21:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-15 21:50 - 2014-06-15 22:51 - 00000000 ____D () C:\AdwCleaner
2014-06-15 21:32 - 2014-06-15 21:45 - 00000000 ____D () C:\12b27a4e7b90ca40a03078
2014-06-15 20:39 - 2014-06-16 07:45 - 00001797 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-15 20:24 - 2014-06-15 20:25 - 00000000 ____D () C:\Windows\TempDF04917E-661F-CE62-DE4F-6470580BFAB5-Signatures
2014-06-15 20:04 - 2014-06-15 20:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh6_01005.Wdf
2014-06-15 20:03 - 2014-06-18 02:46 - 00001920 _____ () C:\Windows\setupact.log
2014-06-15 20:03 - 2014-06-15 20:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 19:59 - 2014-06-16 07:45 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-15 19:17 - 2014-06-15 19:17 - 00000000 ____D () C:\Program Files\ESET
2014-06-15 19:09 - 2014-06-16 07:41 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-15 19:01 - 2014-06-15 19:01 - 00001673 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-06-15 19:01 - 2014-06-15 19:01 - 00000775 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-15 19:01 - 2014-06-15 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-06-15 19:01 - 2014-06-15 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-15 19:01 - 2014-06-15 19:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-15 19:00 - 2014-06-15 19:22 - 00000000 ____D () C:\Program Files\Defraggler
2014-06-15 18:38 - 2010-04-05 15:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-15 12:45 - 2014-05-28 11:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-15 12:45 - 2014-05-28 11:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-15 12:45 - 2014-05-28 11:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-15 12:45 - 2014-05-28 11:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-15 12:45 - 2014-05-28 11:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-15 12:45 - 2014-05-28 11:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-15 12:45 - 2014-05-28 11:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-15 12:45 - 2014-05-28 11:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-15 12:45 - 2014-05-28 11:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-15 12:45 - 2014-05-28 11:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-15 12:45 - 2014-05-28 11:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-15 12:45 - 2014-05-28 11:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-15 12:45 - 2014-05-28 11:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-15 12:45 - 2014-05-28 11:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-15 12:45 - 2014-05-28 11:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-15 12:45 - 2014-05-28 11:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-15 12:45 - 2014-05-28 11:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-15 12:45 - 2014-05-28 11:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-15 12:45 - 2014-05-28 11:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-15 12:45 - 2014-05-28 11:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-15 12:45 - 2014-05-28 11:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-15 12:45 - 2014-04-26 11:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-15 12:45 - 2014-04-04 22:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-15 12:45 - 2014-04-04 20:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-06-15 12:45 - 2014-02-05 20:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-15 12:44 - 2014-03-09 20:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-15 12:44 - 2014-03-09 20:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-14 20:01 - 2014-03-28 21:01 - 00000426 _____ () C:\AVScanner.ini
2014-06-14 19:51 - 2014-03-25 08:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-14 18:08 - 2014-06-18 06:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 18:04 - 2014-06-14 18:04 - 00000870 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-14 18:04 - 2014-06-14 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-14 18:04 - 2014-06-14 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 18:04 - 2014-06-14 18:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-14 18:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-14 18:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-14 18:04 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-14 18:02 - 2014-06-14 18:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jeremy\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-14 17:52 - 2014-06-14 17:52 - 00000000 ____D () C:\Users\jeremy\AppData\Local\Trend Micro
2014-06-14 17:13 - 2014-06-14 17:13 - 00315743 ____S () C:\Windows\system32\epuxays.wvi
2014-06-14 17:13 - 2014-06-14 17:13 - 00000000 ____D () C:\Windows\Sun
2014-06-14 01:25 - 2014-06-14 01:33 - 00000000 ____D () C:\90e8ca767ca8090f40
2014-06-13 22:16 - 2014-06-14 21:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 22:12 - 2014-06-13 22:12 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-13 21:42 - 2014-06-13 21:44 - 00010971 _____ () C:\Users\jeremy\Downloads\ala. wp
2014-06-13 21:25 - 2012-06-02 09:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-06-13 21:24 - 2012-07-25 22:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-06-13 21:24 - 2012-07-25 22:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-06-13 21:24 - 2012-07-25 22:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-06-13 21:24 - 2012-07-25 22:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-06-13 21:24 - 2012-07-25 22:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-06-13 21:24 - 2012-07-25 22:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-06-13 21:24 - 2012-07-25 21:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-06-13 21:24 - 2012-07-25 21:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-06-13 21:24 - 2012-07-25 21:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-06-13 21:24 - 2009-07-14 07:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2014-06-13 21:11 - 2014-06-14 17:40 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-06-13 21:10 - 2014-06-13 21:10 - 02956160 _____ (BoostSoftware Inc. ) C:\Users\jeremy\Downloads\PCHealthBoost-Setup.exe
2014-06-13 21:06 - 2014-06-14 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
2014-05-30 13:10 - 2014-05-30 13:10 - 00000000 ____D () C:\Program Files\GUMF681.tmp

==================== One Month Modified Files and Folders =======

2014-06-18 06:47 - 2014-06-18 06:09 - 00019668 _____ () C:\Users\jeremy\Downloads\FRST.txt
2014-06-18 06:47 - 2012-09-07 23:29 - 00000000 ____D () C:\Users\jeremy\AppData\Local\Temp
2014-06-18 06:46 - 2014-06-18 06:07 - 00000000 ____D () C:\FRST
2014-06-18 06:44 - 2011-03-12 18:36 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{FA6AF745-E10C-4477-8569-C0121FF3D40C}.job
2014-06-18 06:32 - 2014-06-14 18:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 06:25 - 2010-01-29 13:48 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 06:22 - 2014-06-18 06:20 - 00000000 ____D () C:\Program Files\GUM9500.tmp
2014-06-18 06:20 - 2014-06-18 06:20 - 06010880 _____ () C:\Program Files\GUT962A.tmp
2014-06-18 06:20 - 2014-06-18 06:16 - 00036137 _____ () C:\Users\jeremy\Downloads\Addition.txt
2014-06-18 06:19 - 2012-09-07 23:29 - 00000000 ____D () C:\Users\jeremy
2014-06-18 06:19 - 2009-11-10 21:52 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-06-18 06:19 - 2009-07-22 16:25 - 00000000 ____D () C:\Program Files\Dogpile Toolbar
2014-06-18 06:19 - 2008-02-18 21:52 - 00000000 ____D () C:\Users\DARRYL
2014-06-18 06:19 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-06-18 06:19 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-06-18 06:19 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-06-18 06:19 - 2006-11-02 05:22 - 46661632 _____ () C:\Windows\system32\config\software_previous
2014-06-18 06:18 - 2006-11-02 05:22 - 23592960 _____ () C:\Windows\system32\config\system_previous
2014-06-18 06:15 - 2014-03-27 21:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 06:15 - 2007-12-05 10:59 - 01143411 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 06:11 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-06-18 06:11 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-06-18 06:07 - 2014-06-18 06:05 - 01072640 _____ (Farbar) C:\Users\jeremy\Downloads\FRST (1).exe
2014-06-18 06:05 - 2006-11-02 07:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 06:05 - 2006-11-02 07:45 - 00003680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 06:00 - 2014-06-18 06:00 - 00000000 _____ () C:\Users\jeremy\Downloads\FRST.exe.6rkg0ph.partial
2014-06-18 04:06 - 2014-06-16 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-18 04:05 - 2014-06-16 07:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-18 03:58 - 2010-01-29 13:48 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 03:57 - 2014-03-27 20:42 - 00001516 _____ () C:\Windows\Tasks\Information-updater.job
2014-06-18 03:57 - 2014-03-27 20:42 - 00001350 _____ () C:\Windows\Tasks\Information-enabler.job
2014-06-18 03:57 - 2014-03-27 20:41 - 00003082 _____ () C:\Windows\Tasks\Information-chromeinstaller.job
2014-06-18 03:57 - 2014-03-27 20:41 - 00002264 _____ () C:\Windows\Tasks\Information-firefoxinstaller.job
2014-06-18 03:57 - 2014-03-27 20:41 - 00001472 _____ () C:\Windows\Tasks\Information-codedownloader.job
2014-06-18 03:57 - 2012-10-18 20:23 - 00000378 ____H () C:\Windows\Tasks\WxDFastUpdaterTask{0E6FD613-2540-4A57-939B-AF0EF3280DA5}.job
2014-06-18 03:55 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 02:57 - 2006-11-02 05:22 - 36175872 _____ () C:\Windows\system32\config\components_previous
2014-06-18 02:57 - 2006-11-02 05:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-06-18 02:46 - 2014-06-15 20:03 - 00001920 _____ () C:\Windows\setupact.log
2014-06-18 01:17 - 2014-06-18 00:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-17 22:48 - 2014-06-17 12:54 - 00005300 _____ () C:\Users\jeremy\Desktop\Rkill.txt
2014-06-17 21:06 - 2014-06-15 22:13 - 00056980 _____ () C:\Windows\PFRO.log
2014-06-17 21:06 - 2009-04-03 14:07 - 00000000 ____D () C:\Windows\Minidump
2014-06-17 21:05 - 2014-06-17 20:43 - 00000000 ___SD () C:\ComboFix
2014-06-17 20:43 - 2014-06-17 20:41 - 00000000 ____D () C:\Qoobox
2014-06-17 15:08 - 2014-06-17 15:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-16 12:03 - 2006-11-02 07:58 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-16 10:56 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-06-16 10:52 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-16 10:09 - 2010-06-23 08:05 - 00756966 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-16 09:25 - 2012-09-08 10:42 - 00115752 _____ () C:\Users\jeremy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-16 09:19 - 2006-11-02 07:44 - 00405928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-16 08:57 - 2014-06-16 08:31 - 00000000 ____D () C:\Program Files\Windows Live
2014-06-16 08:53 - 2014-06-16 08:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-16 08:48 - 2014-06-16 08:48 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-06-16 08:47 - 2014-06-16 08:45 - 00001198 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-06-16 08:42 - 2014-06-16 08:42 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-06-16 08:41 - 2014-06-16 08:40 - 00001008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-06-16 08:39 - 2014-06-16 08:37 - 00001996 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-06-16 08:30 - 2006-11-02 06:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-16 07:50 - 2014-06-16 07:50 - 00000000 ____D () C:\Users\jeremy\AppData\Local\Windows Live
2014-06-16 07:50 - 2014-06-16 07:50 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-06-16 07:45 - 2014-06-15 20:39 - 00001797 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-16 07:45 - 2014-06-15 19:59 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-16 07:41 - 2014-06-16 07:40 - 00000000 ____D () C:\Windows\Temp21945D42-43AA-2DC2-63EB-1EA4EFFEC50B-Signatures
2014-06-16 07:41 - 2014-06-15 19:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-16 03:31 - 2014-06-16 03:31 - 00000000 ____D () C:\Windows\Temp54E59CFB-6FEC-C085-190A-75EEE1AA183C-Signatures
2014-06-16 02:46 - 2008-02-18 21:52 - 00000000 ____D () C:\Users\DARRYL\AppData\Local\Temp
2014-06-15 22:51 - 2014-06-15 21:50 - 00000000 ____D () C:\AdwCleaner
2014-06-15 22:13 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Resources
2014-06-15 22:00 - 2009-03-21 13:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-15 21:45 - 2014-06-15 21:32 - 00000000 ____D () C:\12b27a4e7b90ca40a03078
2014-06-15 20:25 - 2014-06-15 20:24 - 00000000 ____D () C:\Windows\TempDF04917E-661F-CE62-DE4F-6470580BFAB5-Signatures
2014-06-15 20:04 - 2014-06-15 20:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh6_01005.Wdf
2014-06-15 20:03 - 2014-06-15 20:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 20:03 - 2012-09-25 17:09 - 00000100 _____ () C:\Users\jeremy\AppData\Roaming\wklnhst.dat
2014-06-15 19:49 - 2007-11-12 11:30 - 00000000 ____D () C:\Windows\Panther
2014-06-15 19:22 - 2014-06-15 19:00 - 00000000 ____D () C:\Program Files\Defraggler
2014-06-15 19:17 - 2014-06-15 19:17 - 00000000 ____D () C:\Program Files\ESET
2014-06-15 19:01 - 2014-06-15 19:01 - 00001673 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-06-15 19:01 - 2014-06-15 19:01 - 00000775 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-15 19:01 - 2014-06-15 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-06-15 19:01 - 2014-06-15 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-15 19:01 - 2014-06-15 19:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-15 13:23 - 2011-02-26 23:01 - 00001898 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-14 22:20 - 2014-06-13 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
2014-06-14 21:57 - 2007-11-12 13:28 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-14 21:43 - 2007-12-05 11:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-14 21:38 - 2014-06-13 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-14 21:33 - 2006-11-02 05:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-14 21:28 - 2014-03-27 20:40 - 00000000 ____D () C:\Program Files\Information
2014-06-14 21:26 - 2012-10-18 20:23 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-14 18:52 - 2009-04-23 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
2014-06-14 18:50 - 2009-03-21 13:40 - 00000000 ____D () C:\Users\DARRYL\AppData\Local\The Weather Channel
2014-06-14 18:50 - 2009-03-21 13:40 - 00000000 ____D () C:\Program Files\The Weather Channel FW
2014-06-14 18:41 - 2014-03-27 23:02 - 00000000 ____D () C:\Users\jeremy\AppData\Local\The Weather Channel
2014-06-14 18:04 - 2014-06-14 18:04 - 00000870 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-14 18:04 - 2014-06-14 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-14 18:04 - 2014-06-14 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 18:04 - 2014-06-14 18:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-14 18:02 - 2014-06-14 18:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jeremy\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-14 17:52 - 2014-06-14 17:52 - 00000000 ____D () C:\Users\jeremy\AppData\Local\Trend Micro
2014-06-14 17:40 - 2014-06-13 21:11 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-06-14 17:13 - 2014-06-14 17:13 - 00315743 ____S () C:\Windows\system32\epuxays.wvi
2014-06-14 17:13 - 2014-06-14 17:13 - 00000000 ____D () C:\Windows\Sun
2014-06-14 17:08 - 2014-03-28 19:16 - 00000000 ____D () C:\Users\jeremy\AppData\Local\Information
2014-06-14 16:09 - 2006-11-02 07:35 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-06-14 01:33 - 2014-06-14 01:25 - 00000000 ____D () C:\90e8ca767ca8090f40
2014-06-13 22:12 - 2014-06-13 22:12 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-13 21:44 - 2014-06-13 21:42 - 00010971 _____ () C:\Users\jeremy\Downloads\ala. wp
2014-06-13 21:10 - 2014-06-13 21:10 - 02956160 _____ (BoostSoftware Inc. ) C:\Users\jeremy\Downloads\PCHealthBoost-Setup.exe
2014-05-30 13:10 - 2014-05-30 13:10 - 00000000 ____D () C:\Program Files\GUMF681.tmp
2014-05-30 13:09 - 2012-09-07 23:31 - 00000000 ____D () C:\Users\jeremy\AppData\Local\Google
2014-05-28 11:48 - 2014-06-15 12:45 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 11:39 - 2014-06-15 12:45 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 11:38 - 2014-06-15 12:45 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 11:33 - 2014-06-15 12:45 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 11:32 - 2014-06-15 12:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 11:32 - 2014-06-15 12:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 11:31 - 2014-06-15 12:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 11:31 - 2014-06-15 12:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 11:30 - 2014-06-15 12:45 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 11:30 - 2014-06-15 12:45 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 11:30 - 2014-06-15 12:45 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 11:30 - 2014-06-15 12:45 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 11:30 - 2014-06-15 12:45 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 11:30 - 2014-06-15 12:45 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 11:30 - 2014-06-15 12:45 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 11:29 - 2014-06-15 12:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 11:29 - 2014-06-15 12:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 11:29 - 2014-06-15 12:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 11:29 - 2014-06-15 12:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 11:29 - 2014-06-15 12:45 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 11:28 - 2014-06-15 12:45 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

Some content of TEMP:
====================
C:\Users\DARRYL\AppData\Local\Temp\ask_setup.exe
C:\Users\DARRYL\AppData\Local\Temp\atl80.dll
C:\Users\DARRYL\AppData\Local\Temp\contentDATs.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD21D4.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD317B.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD3247.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD3A80.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD5292.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD5D5B.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD653B.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD8D6.exe
C:\Users\DARRYL\AppData\Local\Temp\EADABD8.exe
C:\Users\DARRYL\AppData\Local\Temp\EADCCA1.exe
C:\Users\DARRYL\AppData\Local\Temp\EADD26B.exe
C:\Users\DARRYL\AppData\Local\Temp\EADD4BB.exe
C:\Users\DARRYL\AppData\Local\Temp\EADD99B.exe
C:\Users\DARRYL\AppData\Local\Temp\EADDD92.exe
C:\Users\DARRYL\AppData\Local\Temp\EADE1C6.exe
C:\Users\DARRYL\AppData\Local\Temp\EADE63.exe
C:\Users\DARRYL\AppData\Local\Temp\EADE6E0.exe
C:\Users\DARRYL\AppData\Local\Temp\EADF4AB.exe
C:\Users\DARRYL\AppData\Local\Temp\EADF4F8.exe
C:\Users\DARRYL\AppData\Local\Temp\eject.exe
C:\Users\DARRYL\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\DARRYL\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\DARRYL\AppData\Local\Temp\gamevanceif_StubInstaller.exe
C:\Users\DARRYL\AppData\Local\Temp\GLFB9D1.EXE
C:\Users\DARRYL\AppData\Local\Temp\libexpat.dll
C:\Users\DARRYL\AppData\Local\Temp\mfc80.dll
C:\Users\DARRYL\AppData\Local\Temp\mfc80u.dll
C:\Users\DARRYL\AppData\Local\Temp\mfcm80.dll
C:\Users\DARRYL\AppData\Local\Temp\mfcm80u.dll
C:\Users\DARRYL\AppData\Local\Temp\msvcm80.dll
C:\Users\DARRYL\AppData\Local\Temp\msvcp80.dll
C:\Users\DARRYL\AppData\Local\Temp\msvcr80.dll
C:\Users\DARRYL\AppData\Local\Temp\nlsdl.dll
C:\Users\DARRYL\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\DARRYL\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\DARRYL\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\DARRYL\AppData\Local\Temp\tmdbg32.dll
C:\Users\DARRYL\AppData\Local\Temp\vcredist_x86.exe
C:\Users\DARRYL\AppData\Local\Temp\ycomp_setup.exe
C:\Users\DARRYL\AppData\Local\Temp\_is5F21.exe
C:\Users\DARRYL\AppData\Local\Temp\_is7E71.exe
C:\Users\jeremy\AppData\Local\Temp\Quarantine.exe
C:\Users\jeremy\AppData\Local\Temp\System.Data.SQLite27182.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll
[2009-09-24 11:28] - [2009-04-11 01:28] - 0558080 ____A (Microsoft Corporation) 202719BA9AF298A28EE71A38B706D103

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-18 04:42

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-06-2014
Ran by jeremy at 2014-06-18 06:49:39
Running from C:\Users\jeremy\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.130 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.01.03 - TOSHIBA)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dogpile Toolbar (HKLM\...\Dogpile Toolbar) (Version: 1.504 - ) <==== ATTENTION
Downfall (Cosmi) (HKLM\...\Downfall_(Cosmi)) (Version:  - )
Driver Installer (HKLM\...\{753D852A-D86D-42C9-9978-40AE66FB8985}) (Version: 2.2.0.536 - Option NV)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
EA Download Manager (HKLM\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GCompris (remove only) (HKLM\...\Gcompris) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth (HKLM\...\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}) (Version: 6.0.3.2197 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java™ 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.0.4.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 6.1 (HKLM\...\{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}) (Version: 6.10.156.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mobile Broadband Generic Drivers (HKLM\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (Version: 2.03.09.005.14 - Novatel Wireless) Hidden
Motorola Driver Installation (HKLM\...\{9579E862-5FC7-4337-B1CC-5E37451524C5}) (Version: 2.8.0 - Motorola Inc.)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Nokia Connectivity Adapter Cable DKU-5 (HKLM\...\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}) (Version:  - )
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Polar Bowler from WildGames (remove only) (HKLM\...\023782E7-308A-4278-9762-947348D4DF34) (Version: 07/27/2005  10:49 AM - WildTangent)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5371 - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{7095FD27-37F0-4750-9DE8-D37DC0043706}) (Version: Package:1.00.0008 Driver:6.1089.601.2007 - REALTEK Semiconductor Corp.)
Scholastic's I SPY Spooky Mansion (HKLM\...\Scholastic's I SPY Spooky Mansion) (Version:  - )
Scholastic's I SPY Spooky Mansion Deluxe (HKLM\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version:  - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
The SWORD Project (HKLM\...\The SWORD Project) (Version: 1.5.8 - The Crosswire Bible Society)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.33 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.13 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}) (Version: 2.00.03 - )
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}) (Version: 2.00.02 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.28 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.0.28 - TOSHIBA Corporation) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Verizon Wireless MiFi-2200 Firmware Updates (HKLM\...\{06FAFD58-1C21-4C90-A2FC-C9DC5A2A9D09}) (Version: 1.0.1 - Smith Micro Software, Inc.)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VZAccess Manager (HKLM\...\{3FF660F4-147B-48CB-B824-2B595759D9EF}) (Version: 7.2.7.1 - Smith Micro Software Inc.)
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

15-06-2014 02:29:55 Windows Update
15-06-2014 16:13:27 Scheduled Checkpoint
15-06-2014 23:34:41 Windows Update
16-06-2014 11:37:49 Windows Update
16-06-2014 12:34:37 Windows Update
16-06-2014 15:03:03 Windows Update
16-06-2014 17:39:55 Windows Update
17-06-2014 17:05:21 Scheduled Checkpoint
18-06-2014 09:02:35 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000736 ____A C:\Windows\system32\Drivers\etc\hosts
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {02A118C9-9674-4BA5-9C2A-05D24EE457D5} - System32\Tasks\Information-firefoxinstaller => C:\Program Files\Information\Information-firefoxinstaller.exe
Task: {15CC8FDF-7865-4898-A0A2-44806B88FCAC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1925CF52-D82E-4AF8-BDD5-AF9ABD364D12} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2007-02-05] (Microsoft Corporation)
Task: {47CEA94A-1645-41FC-9C3C-FD7B3EA0E478} - System32\Tasks\Information-enabler => C:\Program Files\Information\Information-enabler.exe
Task: {4A828580-8B71-417D-B0BE-79A57EFC6E28} - System32\Tasks\NSSstub => C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-10-23] (Symantec Corporation)
Task: {4CB8ADB5-55EE-4CC6-B45E-12E23E2DA4F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8CD22E76-0198-4F05-BFF2-1015B8B98D15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {C425C09C-60AB-4728-A19E-716951B753A8} - System32\Tasks\Information-codedownloader => C:\Program Files\Information\Information-codedownloader.exe
Task: {CD81226B-4E92-4BD3-A41A-586A2098424B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-27] (Adobe Systems Incorporated)
Task: {CDFE0562-5D54-4DA7-9E60-2CF86DC26968} - System32\Tasks\Information-chromeinstaller => C:\Program Files\Information\Information-chromeinstaller.exe
Task: {DB9D214A-BB0A-4523-8CD4-D541CB41D1DE} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {EFD01D3E-865E-40ED-8108-089806464BE2} - System32\Tasks\Information-updater => C:\Program Files\Information\Information-updater.exe
Task: {F25E9766-69D4-4590-B6D4-C2961793C407} - System32\Tasks\WxDFastUpdaterTask{0E6FD613-2540-4A57-939B-AF0EF3280DA5} => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
Task: {F37C924C-D2D5-4114-B716-E4DBD2B56F22} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {FC30971A-99C3-4260-A128-718890D40696} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Information-chromeinstaller.job => C:\Program Files\Information\Information-chromeinstaller.exe
Task: C:\Windows\Tasks\Information-codedownloader.job => C:\Program Files\Information\Information-codedownloader.exe
Task: C:\Windows\Tasks\Information-enabler.job => C:\Program Files\Information\Information-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Information-firefoxinstaller.job => C:\Program Files\Information\Information-firefoxinstaller.exe
Task: C:\Windows\Tasks\Information-updater.job => C:\Program Files\Information\Information-updater.exe
Task: C:\Windows\Tasks\NSSstub.job => C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{FA6AF745-E10C-4477-8569-C0121FF3D40C}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\WxDFastUpdaterTask{0E6FD613-2540-4A57-939B-AF0EF3280DA5}.job => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2007-11-12 13:59 - 2007-01-25 21:47 - 00136816 _____ () C:\TOSHIBA\IVP\ISM\pinger.exe
2007-11-12 13:59 - 2007-10-23 19:27 - 00066928 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2012-09-07 21:15 - 2010-08-26 17:48 - 00285152 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
2012-09-07 21:15 - 2010-07-09 16:38 - 00331776 _____ () C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
2007-09-13 18:11 - 2007-09-13 18:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2007-11-12 13:52 - 2010-08-18 15:32 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2007-11-12 13:35 - 2007-05-18 06:43 - 00430080 _____ () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
2012-09-07 21:15 - 2010-08-26 17:47 - 04577760 _____ () C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
2012-09-07 21:15 - 2010-02-03 11:31 - 00282624 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Monitor.lnk => C:\Windows\pss\Bluetooth Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^DARRYL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AT&T Communication Manager => "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
MSCONFIG\startupreg: AVG8_TRAY => C:\PROGRA~1\AVG\AVG8\avgtray.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSCONFIG\startupreg: MyWebSearch Plugin => rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
MSCONFIG\startupreg: TOSCDSPD => TOSCDSPD.EXE
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: Weather => C:\Program Files\AWS\WeatherBug\Weather.exe 1
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2014 06:04:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xfeeefeee,
process id 0x1c98, application start time 0xsvchost.exe0.

Error: (06/18/2014 06:02:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1e28
Start Time: 01cf8ae3958bb0f8
Termination Time: 8753

Error: (06/18/2014 05:44:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1428
Start Time: 01cf8ae0eba51e00
Termination Time: 0

Error: (06/18/2014 01:58:40 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/18/2014 01:42:55 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/18/2014 01:16:21 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Users\jeremy\Downloads\HitmanPro.exe /updated:"C:\Users\jeremy\AppData\Local\Temp\HitmanPro.exe"; Descripton = ȃȃȃȃȃȃȃȃဃဂဂဂ  ဂȂဃဂဂဂဂĂဃĂ Ă  ဂဂဂဂဂဂဂȂဃȂ Ȃă䠃ဂဂဂဂဂဂဂဂဂሂဃဂ。ဂဂဂဂᐂᐂဂሂဃဂဂᐂሂဃဂဂဂဂĂăăăăăăăăăăăăăăăăăăăăăăဃ褂; Hr = 0x80070057).

Error: (06/17/2014 10:19:51 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/17/2014 10:15:16 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/17/2014 09:57:22 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/17/2014 09:07:48 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

System errors:
=============
Error: (08/01/2009 06:38:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:44:28 PM on 7/31/2009 was unexpected.

Error: (07/29/2009 09:42:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:39:30 PM on 7/29/2009 was unexpected.

Error: (07/29/2009 10:28:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:25:58 AM on 7/29/2009 was unexpected.

Error: (07/27/2009 04:17:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:16:05 PM on 7/27/2009 was unexpected.

Error: (07/26/2009 04:07:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:04:59 PM on 7/26/2009 was unexpected.

Error: (07/26/2009 03:54:45 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 166.214.90.225 for the Network Card with network address 00A0D5FFFFA1 has been denied by the DHCP server 166.204.224.253 (The DHCP Server sent a DHCPNACK message).

Error: (07/26/2009 03:50:34 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 166.204.3.251 for the Network Card with network address 00A0D5FFFFA1 has been denied by the DHCP server 166.214.90.253 (The DHCP Server sent a DHCPNACK message).

Error: (07/26/2009 03:50:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/26/2009 03:48:58 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (07/26/2009 09:51:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Microsoft Office Sessions:
=========================
Error: (08/19/2010 06:22:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1313 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/06/2010 09:03:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3053 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-06-18 06:48:51.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 06:48:51.261
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 06:48:50.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 06:48:49.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 06:48:48.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 06:48:47.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 06:48:47.104
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 06:48:46.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 06:48:38.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 06:48:37.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 89%
Total physical RAM: 1013.69 MB
Available physical RAM: 105.06 MB
Total Pagefile: 2611.7 MB
Available Pagefile: 207.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.87 MB

==================== Drives ================================

Drive c: (SQ004586V02) (Fixed) (Total:110.32 GB) (Free:52.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 26D90380)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=110 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 20 June 2014 - 09:26 AM




Hello jpbene

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
.





I would also like to get some extra information on one of the files on the computer

Run FRST like you did before and Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jpbene

jpbene
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 20 June 2014 - 02:17 PM

Good Afternoon Gringo,

 

Thanks for the reply and your time and help. Below is the requested log.

 

Farbar Recovery Scan Tool (x86) Version:20-06-2014
Ran by jeremy at 2014-06-20 13:06:36
Running from C:\Users\jeremy\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009-09-24 11:28][2009-04-11 01:28] 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9 [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009-04-17 07:23][2009-03-02 23:32] 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253 [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2009-04-17 07:23][2009-03-02 23:39] 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830 [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2008-10-26 09:13][2008-01-19 02:36] 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2009-04-17 07:23][2009-03-02 23:17] 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5E [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009-04-17 07:23][2009-03-02 23:19] 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CE [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll
[2006-11-02 03:50][2006-11-02 04:46] 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F [File is signed]

C:\Windows\System32\rpcss.dll
[2009-09-24 11:28][2009-04-11 01:28] 0558080 ____A (Microsoft Corporation) 202719BA9AF298A28EE71A38B706D103

=== End Of Search ===



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 21 June 2014 - 04:33 PM

Hello jpbene



I need you to download this script I have made for you --> Attached File  fixlist.txt   2.51KB   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jpbene

jpbene
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 21 June 2014 - 07:42 PM

Thanks, I ran the fix, here is the log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-06-2014 01
Ran by jeremy at 2014-06-21 19:29:20 Run:1
Running from C:\Users\jeremy\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll C:\WINDOWS\System32\rpcss.dll
2014-06-14 17:13 - 2014-06-14 17:13 - 00315743 ____S () C:\Windows\system32\epuxays.wvi
C:\Users\DARRYL\AppData\Local\Temp\ask_setup.exe
C:\Users\DARRYL\AppData\Local\Temp\atl80.dll
C:\Users\DARRYL\AppData\Local\Temp\contentDATs.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD21D4.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD317B.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD3247.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD3A80.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD5292.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD5D5B.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD653B.exe
C:\Users\DARRYL\AppData\Local\Temp\EAD8D6.exe
C:\Users\DARRYL\AppData\Local\Temp\EADABD8.exe
C:\Users\DARRYL\AppData\Local\Temp\EADCCA1.exe
C:\Users\DARRYL\AppData\Local\Temp\EADD26B.exe
C:\Users\DARRYL\AppData\Local\Temp\EADD4BB.exe
C:\Users\DARRYL\AppData\Local\Temp\EADD99B.exe
C:\Users\DARRYL\AppData\Local\Temp\EADDD92.exe
C:\Users\DARRYL\AppData\Local\Temp\EADE1C6.exe
C:\Users\DARRYL\AppData\Local\Temp\EADE63.exe
C:\Users\DARRYL\AppData\Local\Temp\EADE6E0.exe
C:\Users\DARRYL\AppData\Local\Temp\EADF4AB.exe
C:\Users\DARRYL\AppData\Local\Temp\EADF4F8.exe
C:\Users\DARRYL\AppData\Local\Temp\eject.exe
C:\Users\DARRYL\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\DARRYL\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\DARRYL\AppData\Local\Temp\gamevanceif_StubInstaller.exe
C:\Users\DARRYL\AppData\Local\Temp\GLFB9D1.EXE
C:\Users\DARRYL\AppData\Local\Temp\libexpat.dll
C:\Users\DARRYL\AppData\Local\Temp\mfc80.dll
C:\Users\DARRYL\AppData\Local\Temp\mfc80u.dll
C:\Users\DARRYL\AppData\Local\Temp\mfcm80.dll
C:\Users\DARRYL\AppData\Local\Temp\mfcm80u.dll
C:\Users\DARRYL\AppData\Local\Temp\msvcm80.dll
C:\Users\DARRYL\AppData\Local\Temp\msvcp80.dll
C:\Users\DARRYL\AppData\Local\Temp\msvcr80.dll
C:\Users\DARRYL\AppData\Local\Temp\nlsdl.dll
C:\Users\DARRYL\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\DARRYL\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\DARRYL\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\DARRYL\AppData\Local\Temp\tmdbg32.dll
C:\Users\DARRYL\AppData\Local\Temp\vcredist_x86.exe
C:\Users\DARRYL\AppData\Local\Temp\ycomp_setup.exe
C:\Users\DARRYL\AppData\Local\Temp\_is5F21.exe
C:\Users\DARRYL\AppData\Local\Temp\_is7E71.exe
C:\Users\jeremy\AppData\Local\Temp\Quarantine.exe
C:\Users\jeremy\AppData\Local\Temp\System.Data.SQLite27182.dll

*****************

C:\WINDOWS\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll copied successfully to C:\WINDOWS\System32\rpcss.dll
Could not move "C:\Windows\system32\epuxays.wvi" => Scheduled to move on reboot.
C:\Users\DARRYL\AppData\Local\Temp\ask_setup.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\atl80.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EAD21D4.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EAD317B.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EAD3247.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EAD3A80.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EAD5292.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EAD5D5B.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EAD653B.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EAD8D6.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADABD8.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADCCA1.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADD26B.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADD4BB.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADD99B.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADDD92.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADE1C6.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADE63.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADE6E0.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADF4AB.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\EADF4F8.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\eject.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\FlashPlayerUpdate01.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\gamevanceif_StubInstaller.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\GLFB9D1.EXE => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\libexpat.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\mfc80.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\mfc80u.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\mfcm80.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\mfcm80u.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\msvcm80.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\msvcp80.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\msvcr80.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\nlsdl.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\tmdbg32.dll => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\ycomp_setup.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\_is5F21.exe => Moved successfully.
C:\Users\DARRYL\AppData\Local\Temp\_is7E71.exe => Moved successfully.
C:\Users\jeremy\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\jeremy\AppData\Local\Temp\System.Data.SQLite27182.dll => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-21 19:37:14)<=

C:\Windows\system32\epuxays.wvi => Is moved successfully.

==== End of Fixlog ====



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 22 June 2014 - 03:31 AM



Hello jpbene

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jpbene

jpbene
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 22 June 2014 - 01:53 PM

Gringo,  I ran both of those and they seemed to have found and removed a few things. I attached the logs.  I have not tried doing anything on the computer since my original post other then what you have instructed.  IE seems to be somewhat better.  Awaiting on your next reply and instructions.

 

Thanks

 

 

# AdwCleaner v3.212 - Report created 15/06/2014 at 22:51:04
# Updated 05/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : jeremy - DARRYLS
# Running from : C:\Users\jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EI63BALD\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\DARRYL\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\jeremy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9489 octets] - [15/06/2014 21:52:11]
AdwCleaner[R1].txt - [1053 octets] - [15/06/2014 22:43:33]
AdwCleaner[S0].txt - [9620 octets] - [15/06/2014 21:59:44]
AdwCleaner[S1].txt - [976 octets] - [15/06/2014 22:51:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1035 octets] ##########

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by jeremy on Sun 06/22/2014 at  5:39:09.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2919129606-1815928035-255343462-1002\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E04DC7BE-9474-43D8-9A60-8A23C69C3CCD}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/22/2014 at  5:44:28.15
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 24 June 2014 - 04:11 AM


Hello jpbene

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jpbene

jpbene
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 24 June 2014 - 12:04 PM

Gringo, thanks.  Combofix seems to have ran fine, no problems or errors.  As far as how the computer is running, I have not ben using it during this process.  I will try using it some today and see how it is running.  Should I run any other scans or programs before doing so? 

 

ComboFix 14-06-24.01 - jeremy 06/24/2014  11:10:06.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1014.289 [GMT -5:00]
Running from: c:\users\jeremy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\service
c:\windows\system32\service\01092010_TIS17_SfFniAU.log
c:\windows\system32\service\02032010_TIS17_SfFniAU.log
c:\windows\system32\service\02092010_TIS17_SfFniAU.log
c:\windows\system32\service\03122010_TIS17_SfFniAU.log
c:\windows\system32\service\05122010_TIS17_SfFniAU.log
c:\windows\system32\service\06062010_TIS17_SfFniAU.log
c:\windows\system32\service\08122010_TIS17_SfFniAU.log
c:\windows\system32\service\09062010_TIS17_SfFniAU.log
c:\windows\system32\service\09102010_TIS17_SfFniAU.log
c:\windows\system32\service\11102010_TIS17_SfFniAU.log
c:\windows\system32\service\13102010_TIS17_SfFniAU.log
c:\windows\system32\service\14022011_TIS17_SfFniAU.log
c:\windows\system32\service\14122010_TIS17_SfFniAU.log
c:\windows\system32\service\16122010_TIS17_SfFniAU.log
c:\windows\system32\service\17012011_TIS17_SfFniAU.log
c:\windows\system32\service\17082010_TIS17_SfFniAU.log
c:\windows\system32\service\17122010_TIS17_SfFniAU.log
c:\windows\system32\service\18062010_TIS17_SfFniAU.log
c:\windows\system32\service\18082010_TIS17_SfFniAU.log
c:\windows\system32\service\18102010_TIS17_SfFniAU.log
c:\windows\system32\service\19062010_TIS17_SfFniAU.log
c:\windows\system32\service\19082010_TIS17_SfFniAU.log
c:\windows\system32\service\19092012_TIS17_SfFniAU.log
c:\windows\system32\service\19102010_TIS17_SfFniAU.log
c:\windows\system32\service\20062010_TIS17_SfFniAU.log
c:\windows\system32\service\21062010_TIS17_SfFniAU.log
c:\windows\system32\service\22022010_TIS17_SfFniAU.log
c:\windows\system32\service\22062010_TIS17_SfFniAU.log
c:\windows\system32\service\23012011_TIS17_SfFniAU.log
c:\windows\system32\service\23062010_TIS17_SfFniAU.log
c:\windows\system32\service\23082010_TIS17_SfFniAU.log
c:\windows\system32\service\23092010_TIS17_SfFniAU.log
c:\windows\system32\service\24092010_TIS17_SfFniAU.log
c:\windows\system32\service\25022010_TIS17_SfFniAU.log
c:\windows\system32\service\25022011_TIS17_SfFniAU.log
c:\windows\system32\service\25092010_TIS17_SfFniAU.log
c:\windows\system32\service\26022011_TIS17_SfFniAU.log
c:\windows\system32\service\26042011_TIS17_SfFniAU.log
c:\windows\system32\service\27022010_TIS17_SfFniAU.log
c:\windows\system32\service\27082010_TIS17_SfFniAU.log
c:\windows\system32\service\28022010_TIS17_SfFniAU.log
c:\windows\system32\service\28032014_TIS17_SfFniAU.log
c:\windows\system32\service\28092010_TIS17_SfFniAU.log
c:\windows\system32\service\29082010_TIS17_SfFniAU.log
c:\windows\system32\service\30012011_TIS17_SfFniAU.log
c:\windows\system32\service\30082010_TIS17_SfFniAU.log
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-24 to 2014-06-24  )))))))))))))))))))))))))))))))
.
.
2014-06-24 16:36 . 2014-06-24 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-24 16:36 . 2014-06-24 16:36 -------- d-----w- c:\users\DARRYL\AppData\Local\temp
2014-06-24 11:40 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12CAFF09-24B3-4120-AB33-F7D56078B675}\mpengine.dll
2014-06-23 11:44 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-22 10:18 . 2014-06-22 10:18 -------- d-----w- c:\windows\ERUNT
2014-06-18 11:07 . 2014-06-22 00:37 -------- d-----w- C:\FRST
2014-06-18 05:15 . 2014-06-18 06:17 -------- d-----w- c:\programdata\HitmanPro
2014-06-17 20:08 . 2014-06-17 20:08 -------- d-----w- c:\programdata\RogueKiller
2014-06-16 15:17 . 2014-06-16 15:17 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C65720D-F860-431F-A5F0-598956971B3E}\gapaengine.dll
2014-06-16 13:56 . 2014-06-16 13:56 -------- d-----w- c:\windows\en
2014-06-16 13:53 . 2012-03-08 23:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2014-06-16 13:42 . 2014-06-16 13:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-06-16 13:31 . 2014-06-16 13:57 -------- d-----w- c:\program files\Windows Live
2014-06-16 13:29 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2014-06-16 13:29 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2014-06-16 13:29 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-06-16 12:50 . 2014-06-16 12:50 -------- d-----w- c:\users\jeremy\AppData\Local\Windows Live
2014-06-16 12:50 . 2014-06-16 12:50 -------- d-----w- c:\program files\Common Files\Windows Live
2014-06-16 12:48 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2014-06-16 12:46 . 2014-06-22 00:15 -------- d-----w- c:\program files\Microsoft Silverlight
2014-06-16 12:40 . 2014-06-16 12:41 -------- d-----w- c:\windows\Temp21945D42-43AA-2DC2-63EB-1EA4EFFEC50B-Signatures
2014-06-16 08:31 . 2014-06-16 08:31 -------- d-----w- c:\windows\Temp54E59CFB-6FEC-C085-190A-75EEE1AA183C-Signatures
2014-06-16 03:00 . 2014-06-16 03:00 -------- d-----w- c:\windows\Migration
2014-06-16 02:57 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-16 02:50 . 2014-06-22 10:10 -------- d-----w- C:\AdwCleaner
2014-06-16 02:32 . 2014-06-16 02:45 -------- d-----w- C:\12b27a4e7b90ca40a03078
2014-06-16 01:53 . 2014-06-16 17:53 -------- d-----w- c:\program files\Microsoft
2014-06-16 01:24 . 2014-06-16 01:25 -------- d-----w- c:\windows\TempDF04917E-661F-CE62-DE4F-6470580BFAB5-Signatures
2014-06-16 00:17 . 2014-06-16 00:17 -------- d-----w- c:\program files\ESET
2014-06-16 00:09 . 2014-06-16 12:41 -------- d-----w- c:\program files\Microsoft Security Client
2014-06-16 00:01 . 2014-06-16 00:01 -------- d-----w- c:\program files\CCleaner
2014-06-16 00:00 . 2014-06-16 00:22 -------- d-----w- c:\program files\Defraggler
2014-06-15 23:38 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2014-06-15 17:44 . 2014-03-10 01:22 1401344 ----a-w- c:\windows\system32\msxml6.dll
2014-06-15 17:44 . 2014-03-10 01:22 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-06-15 01:42 . 2014-06-17 02:22 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08803265-4ED5-4782-816F-948F218FD8C8}\offreg.dll
2014-06-14 23:08 . 2014-06-24 16:43 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-14 23:04 . 2014-06-14 23:04 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-14 23:04 . 2014-06-14 23:04 -------- d-----w- c:\programdata\Malwarebytes
2014-06-14 23:04 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-14 23:04 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-14 23:04 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-14 22:52 . 2014-06-14 22:52 -------- d-----w- c:\users\jeremy\AppData\Local\Trend Micro
2014-06-14 22:18 . 2014-05-20 06:18 8073384 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08803265-4ED5-4782-816F-948F218FD8C8}\mpengine.dll
2014-06-14 22:13 . 2014-06-14 22:13 -------- d-----w- c:\windows\Sun
2014-06-14 06:25 . 2014-06-14 06:33 -------- d-----w- C:\90e8ca767ca8090f40
2014-06-14 03:16 . 2014-06-15 02:38 -------- d-----w- c:\windows\system32\MRT
2014-06-14 02:24 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-06-14 02:24 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-06-14 02:24 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-06-14 02:24 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2014-06-14 02:24 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-06-14 02:24 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-06-14 02:24 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-06-14 02:24 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-06-14 02:24 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-06-14 02:24 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-06-14 02:11 . 2014-06-14 22:40 -------- d-----w- c:\programdata\BoostSoftware
2014-05-30 18:10 . 2014-05-30 18:10 -------- d-----w- c:\program files\GUMF681.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-16 13:31 . 2011-03-28 23:36 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-04-01 03:46 . 2014-04-01 03:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-04-01 03:46 . 2014-04-01 03:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-28 02:00 . 2012-09-23 01:48 692608 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-28 02:00 . 2012-09-23 01:48 71040 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}]
2009-05-26 15:41 1297920 ----a-w- c:\program files\Dogpile Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]
.
[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]
.
[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4374528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-18 30192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2012-9-7 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Monitor.lnk
backup=c:\windows\pss\Bluetooth Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DARRYL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\DARRYL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-05-23 00:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-18 20:32 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-20 19:07 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-20 19:07 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 03:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-20 19:07 129560 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 05:01 448080 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 16:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-08-15 23:31 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2007-03-29 18:39 411192 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-15 18:04 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2012-09-09 15:34 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 02:01]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:47]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:47]
.
2009-10-24 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-10-24 00:41]
.
2014-06-24 c:\windows\Tasks\User_Feed_Synchronization-{FA6AF745-E10C-4477-8569-C0121FF3D40C}.job
- c:\windows\system32\msfeedssync.exe [2014-06-15 16:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=6&t=nBavUicTx
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{39E86C59-C6D7-4496-928B-A9EBEE7FB788}: NameServer = 71.15.32.8
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AT&T Communication Manager - c:\program files\AT&T\Communication Manager\ATTCM.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-24 11:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????Y8??????? r???r?@?r?X?r?p?
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C53FE659-316A-4F56-A194-A5BE491BE866}"=hex:51,66,7a,6c,4c,1d,38,12,37,e5,2c,
   c1,58,7f,38,0a,de,82,e6,fe,4c,45,ac,72
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}"=hex:51,66,7a,6c,4c,1d,38,12,bc,63,8f,
   3d,83,76,4b,0b,c6,f1,27,d8,c4,e2,69,d9
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c4,70,44,65,2e,89,cf,01
.
[HKEY_USERS\S-1-5-21-2919129606-1815928035-255343462-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2919129606-1815928035-255343462-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
.
**************************************************************************
.
Completion time: 2014-06-24  11:54:16 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-24 16:54
.
Pre-Run: 57,131,720,704 bytes free
Post-Run: 57,521,905,664 bytes free
.
- - End Of File - - 711946A56A159A61AC9397D94AF881C1
5B5E648D12FCADC244C1EC30318E1EB9
 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 25 June 2014 - 03:35 AM


Hello jpbene

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jpbene

jpbene
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 30 June 2014 - 05:45 PM

Sorry it took so long, been  crazy week.  Here is the log.  I will try to use the computer and see if I have any issues.  It did seem to lag alot when I opened IE.

 

ComboFix 14-06-30.01 - jeremy 06/29/2014  23:03:59.2.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1014.231 [GMT -5:00]
Running from: c:\users\jeremy\Desktop\ComboFix.exe
Command switches used :: c:\users\jeremy\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-28 to 2014-06-30  )))))))))))))))))))))))))))))))
.
.
2014-06-30 04:21 . 2014-06-30 04:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-06-30 04:21 . 2014-06-30 04:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-30 04:21 . 2014-06-30 04:21 -------- d-----w- c:\users\DARRYL\AppData\Local\temp
2014-06-30 02:48 . 2014-06-16 15:17 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-06-30 02:48 . 2014-06-16 15:17 765968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90C71AB3-B5A5-4241-986F-1F11DDA25D15}\gapaengine.dll
2014-06-30 02:43 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8CCF60C-576D-467C-AF37-1F193C38722C}\mpengine.dll
2014-06-24 17:05 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-22 10:18 . 2014-06-22 10:18 -------- d-----w- c:\windows\ERUNT
2014-06-18 11:07 . 2014-06-22 00:37 -------- d-----w- C:\FRST
2014-06-18 05:15 . 2014-06-18 06:17 -------- d-----w- c:\programdata\HitmanPro
2014-06-17 20:08 . 2014-06-17 20:08 -------- d-----w- c:\programdata\RogueKiller
2014-06-16 15:17 . 2014-06-16 15:17 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C65720D-F860-431F-A5F0-598956971B3E}\gapaengine.dll
2014-06-16 13:56 . 2014-06-16 13:56 -------- d-----w- c:\windows\en
2014-06-16 13:53 . 2012-03-08 23:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2014-06-16 13:42 . 2014-06-16 13:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-06-16 13:31 . 2014-06-16 13:57 -------- d-----w- c:\program files\Windows Live
2014-06-16 13:29 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2014-06-16 13:29 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2014-06-16 13:29 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-06-16 12:50 . 2014-06-16 12:50 -------- d-----w- c:\users\jeremy\AppData\Local\Windows Live
2014-06-16 12:50 . 2014-06-16 12:50 -------- d-----w- c:\program files\Common Files\Windows Live
2014-06-16 12:48 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2014-06-16 12:46 . 2014-06-22 00:15 -------- d-----w- c:\program files\Microsoft Silverlight
2014-06-16 12:40 . 2014-06-16 12:41 -------- d-----w- c:\windows\Temp21945D42-43AA-2DC2-63EB-1EA4EFFEC50B-Signatures
2014-06-16 08:31 . 2014-06-16 08:31 -------- d-----w- c:\windows\Temp54E59CFB-6FEC-C085-190A-75EEE1AA183C-Signatures
2014-06-16 03:00 . 2014-06-16 03:00 -------- d-----w- c:\windows\Migration
2014-06-16 02:57 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-16 02:50 . 2014-06-22 10:10 -------- d-----w- C:\AdwCleaner
2014-06-16 02:32 . 2014-06-16 02:45 -------- d-----w- C:\12b27a4e7b90ca40a03078
2014-06-16 01:53 . 2014-06-16 17:53 -------- d-----w- c:\program files\Microsoft
2014-06-16 01:24 . 2014-06-16 01:25 -------- d-----w- c:\windows\TempDF04917E-661F-CE62-DE4F-6470580BFAB5-Signatures
2014-06-16 00:17 . 2014-06-16 00:17 -------- d-----w- c:\program files\ESET
2014-06-16 00:09 . 2014-06-16 12:41 -------- d-----w- c:\program files\Microsoft Security Client
2014-06-16 00:01 . 2014-06-16 00:01 -------- d-----w- c:\program files\CCleaner
2014-06-16 00:00 . 2014-06-16 00:22 -------- d-----w- c:\program files\Defraggler
2014-06-15 23:38 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2014-06-15 17:44 . 2014-03-10 01:22 1401344 ----a-w- c:\windows\system32\msxml6.dll
2014-06-15 17:44 . 2014-03-10 01:22 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-06-15 01:42 . 2014-06-17 02:22 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08803265-4ED5-4782-816F-948F218FD8C8}\offreg.dll
2014-06-14 23:08 . 2014-06-30 02:09 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-14 23:04 . 2014-06-14 23:04 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-14 23:04 . 2014-06-14 23:04 -------- d-----w- c:\programdata\Malwarebytes
2014-06-14 23:04 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-14 23:04 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-14 23:04 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-14 22:52 . 2014-06-14 22:52 -------- d-----w- c:\users\jeremy\AppData\Local\Trend Micro
2014-06-14 22:18 . 2014-05-20 06:18 8073384 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08803265-4ED5-4782-816F-948F218FD8C8}\mpengine.dll
2014-06-14 22:13 . 2014-06-14 22:13 -------- d-----w- c:\windows\Sun
2014-06-14 06:25 . 2014-06-14 06:33 -------- d-----w- C:\90e8ca767ca8090f40
2014-06-14 03:16 . 2014-06-15 02:38 -------- d-----w- c:\windows\system32\MRT
2014-06-14 02:24 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-06-14 02:24 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-06-14 02:24 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-06-14 02:24 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2014-06-14 02:24 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-06-14 02:24 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-06-14 02:24 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-06-14 02:24 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-06-14 02:24 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-06-14 02:24 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-06-14 02:11 . 2014-06-14 22:40 -------- d-----w- c:\programdata\BoostSoftware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-16 13:31 . 2011-03-28 23:36 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}]
2009-05-26 15:41 1297920 ----a-w- c:\program files\Dogpile Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]
.
[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C53FE659-316A-4F56-A194-A5BE491BE866}"= "c:\program files\Dogpile Toolbar\Toolbar.dll" [2009-05-26 1297920]
.
[HKEY_CLASSES_ROOT\clsid\{c53fe659-316a-4f56-a194-a5be491be866}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{587A2AD9-5F47-4029-8123-77327768C9F3}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4374528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-18 30192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2012-9-7 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Monitor.lnk
backup=c:\windows\pss\Bluetooth Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DARRYL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\DARRYL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-05-23 00:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-18 20:32 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-20 19:07 154136 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-20 19:07 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 03:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-20 19:07 129560 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 05:01 448080 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 16:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-08-15 23:31 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2007-03-29 18:39 411192 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
*Deregistered* - MBAMWebAccessControl
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-15 18:04 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2012-09-09 15:34 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 02:01]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:47]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:47]
.
2014-06-30 c:\windows\Tasks\User_Feed_Synchronization-{FA6AF745-E10C-4477-8569-C0121FF3D40C}.job
- c:\windows\system32\msfeedssync.exe [2014-06-15 16:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=6&t=nBavUicTx
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{39E86C59-C6D7-4496-928B-A9EBEE7FB788}: NameServer = 71.15.32.8
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-29 23:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????Y8??????? r???r?@?r?X?r?p?
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C53FE659-316A-4F56-A194-A5BE491BE866}"=hex:51,66,7a,6c,4c,1d,38,12,37,e5,2c,
   c1,58,7f,38,0a,de,82,e6,fe,4c,45,ac,72
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}"=hex:51,66,7a,6c,4c,1d,38,12,bc,63,8f,
   3d,83,76,4b,0b,c6,f1,27,d8,c4,e2,69,d9
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c4,70,44,65,2e,89,cf,01
.
[HKEY_USERS\S-1-5-21-2919129606-1815928035-255343462-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2919129606-1815928035-255343462-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-06-29  23:26:40
ComboFix-quarantined-files.txt  2014-06-30 04:26
ComboFix2.txt  2014-06-24 16:54
.
Pre-Run: 56,300,212,224 bytes free
Post-Run: 56,279,695,360 bytes free
.
- - End Of File - - D77A125546CA72502542B713AD3FF010
5B5E648D12FCADC244C1EC30318E1EB9
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 01 July 2014 - 02:41 PM


Hello jpbene

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jpbene

jpbene
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 01 July 2014 - 03:21 PM

Is this the correct report? I do not see "extra combofiz report".  not sure if you wanted 2 reports or if this is the extra combofix report. 

 

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Flash Player 13 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Bing Bar
BufferChm
CCleaner
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
D3DX10
Defraggler
Dogpile Toolbar
Downfall (Cosmi)
Driver Installer
DVD MovieFactory for TOSHIBA
EA Download Manager
ESET Online Scanner v3
eSupportQFolder
GCompris (remove only)
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 2
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.2.1012
Marvell Miniport Driver
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Mobile Broadband Generic Drivers
Motorola Driver Installation
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WNA3100 wireless USB 2.0 adapter
Nokia Connectivity Adapter Cable DKU-5
Picasa 2
Polar Bowler from WildGames (remove only)
PowerDVD
PSSWCORE
QuickBooks Financial Center
QuickTime
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Scholastic's I SPY Spooky Mansion
Scholastic's I SPY Spooky Mansion Deluxe
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Sims™ 3
The SWORD Project
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Wireless MiFi-2200 Firmware Updates
VideoToolkit01
VZAccess Manager
WildTangent Games
WildTangent Web Driver
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:14 AM

Posted 03 July 2014 - 07:18 PM



Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Adobe Reader 9.2
      Dogpile Toolbar
      Java™ 6 Update 2



  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader
  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jpbene

jpbene
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 04 July 2014 - 07:32 PM

Gringo, I have done everything you asked. It all seemed to go smoothly. I attached the logs. I will try using the PC some over the next day and let you know how it is running.
 
Thanks again for the help. Awaiting your reply and next set of instructions
 
 
 
<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2014/07/04 14:28:04 -0500</date><logfile>mbam-log-2014-07-04 (14-25-42).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.00.2.1012</version><malware-database>v2014.07.04.09</malware-database><rootkit-database>v2014.07.03.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows Vista Service Pack 2</osversion><arch>x86</arch><username>jeremy</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>297687</objects><time>1421</time><processes>0</processes><modules>0</modules><keys>1</keys><values>0</values><datas>0</datas><folders>0</folders><files>0</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>enabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><key><path>HKU\S-1-5-21-2919129606-1815928035-255343462-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars</path><vendor>PUP.Optional.FreeCauseTB.A</vendor><action>success</action><hash>77ab37645625a195b3d2fed1847e8b75</hash></key></items></mbam-log>

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:10:37 PM, on 7/4/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16555)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\Explorer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\jeremy\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=6&t=nBavUicTx (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8133 bytes






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users