Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting redirected...but only for one site. Should I be worried?


  • This topic is locked This topic is locked
31 replies to this topic

#1 yummygoodness

yummygoodness

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 24 June 2014 - 08:48 PM

Asked to post here from the Am I Infected? forum (background information/logs here).

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16555  BrowserJavaVersion: 10.21.2
Run by V at 18:43:20 on 2014-06-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8104.6347 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Users\V\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Google Update] "C:\Users\V\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
StartupFolder: C:\Users\V\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\V\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\V\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{84CA8C21-0C42-4974-A292-F5B9EAB617B5} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C806DD1C-373F-46D9-9DA5-32306751DB37} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2011-12-4 162824]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-12-4 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-4 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-4 2656280]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-6-10 619904]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-12-4 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-12-4 1103464]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-12-4 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
R3 VSTWinDriver6;VSTWinDriver6;C:\windows\System32\drivers\VSTwindrvr6.sys [2008-7-3 252928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hidkmdf;KMDF Driver;C:\windows\System32\drivers\hidkmdf.sys [2013-6-10 13728]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-4 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WacHidRouter;Wacom Hid Router;C:\windows\System32\drivers\wachidrouter.sys [2013-6-10 81824]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\windows\System32\drivers\wacomrouterfilter.sys [2013-6-10 15776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-4-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-24 20:20:07 -------- d-----w- C:\Program Files (x86)\ESET
2014-06-24 19:49:48 -------- d-----w- C:\windows\ERUNT
2014-06-24 19:42:48 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-06-24 19:42:25 -------- d-----w- C:\AdwCleaner
2014-06-24 02:01:30 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E99D6AB5-A25A-44E8-889A-9ADE4788C230}\gapaengine.dll
2014-06-24 02:01:25 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFCD4C2E-B0E4-4173-86BA-DB42A8F6375C}\mpengine.dll
2014-06-24 01:55:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-06-24 01:55:36 -------- d-----w- C:\Program Files\Microsoft Security Client
.
==================== Find3M  ====================
.
2014-05-28 18:37:06 2338816 ----a-w- C:\windows\System32\jscript9.dll
2014-05-28 18:31:31 1392128 ----a-w- C:\windows\System32\wininet.dll
2014-05-28 18:30:24 1494016 ----a-w- C:\windows\System32\inetcpl.cpl
2014-05-28 18:29:28 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2014-05-28 18:29:19 599040 ----a-w- C:\windows\System32\vbscript.dll
2014-05-28 18:28:10 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-28 18:28:02 12800 ----a-w- C:\windows\System32\mshta.exe
2014-05-28 16:39:36 1810432 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-05-28 16:32:59 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2014-05-28 16:32:25 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-05-28 16:30:53 421376 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-05-28 16:30:53 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-05-28 16:29:31 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-28 16:29:27 11776 ----a-w- C:\windows\SysWow64\mshta.exe
.
============= FINISH: 18:43:29.13 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 PM

Posted 29 June 2014 - 08:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/538907 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 yummygoodness

yummygoodness
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 29 June 2014 - 09:00 PM

Redirect still occurs. I'm running Windows 7 Home Premium on a 64 bit machine without the original disc

DDS log below (I didn't close Chrome this time, although I wasn't connected to the internet).

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16555  BrowserJavaVersion: 10.21.2
Run by V at 18:56:25 on 2014-06-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8104.3169 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\V\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Google Update] "C:\Users\V\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
StartupFolder: C:\Users\V\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\V\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\V\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{84CA8C21-0C42-4974-A292-F5B9EAB617B5} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C806DD1C-373F-46D9-9DA5-32306751DB37} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2011-12-4 162824]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-12-4 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-4 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-4 2656280]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-6-10 619904]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-12-4 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-12-4 1103464]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-12-4 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
R3 VSTWinDriver6;VSTWinDriver6;C:\windows\System32\drivers\VSTwindrvr6.sys [2008-7-3 252928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hidkmdf;KMDF Driver;C:\windows\System32\drivers\hidkmdf.sys [2013-6-10 13728]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-4 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WacHidRouter;Wacom Hid Router;C:\windows\System32\drivers\wachidrouter.sys [2013-6-10 81824]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\windows\System32\drivers\wacomrouterfilter.sys [2013-6-10 15776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-4-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-28 17:11:08 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{02FAA588-3310-422F-B16E-3127F834457E}\mpengine.dll
2014-06-27 16:09:50 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-24 20:20:07 -------- d-----w- C:\Program Files (x86)\ESET
2014-06-24 19:49:48 -------- d-----w- C:\windows\ERUNT
2014-06-24 19:42:48 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-06-24 19:42:25 -------- d-----w- C:\AdwCleaner
2014-06-24 02:01:30 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E99D6AB5-A25A-44E8-889A-9ADE4788C230}\gapaengine.dll
2014-06-24 01:55:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-06-24 01:55:36 -------- d-----w- C:\Program Files\Microsoft Security Client
.
==================== Find3M  ====================
.
2014-05-28 18:37:06 2338816 ----a-w- C:\windows\System32\jscript9.dll
2014-05-28 18:31:31 1392128 ----a-w- C:\windows\System32\wininet.dll
2014-05-28 18:30:24 1494016 ----a-w- C:\windows\System32\inetcpl.cpl
2014-05-28 18:29:28 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2014-05-28 18:29:19 599040 ----a-w- C:\windows\System32\vbscript.dll
2014-05-28 18:28:10 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-28 18:28:02 12800 ----a-w- C:\windows\System32\mshta.exe
2014-05-28 16:39:36 1810432 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-05-28 16:32:59 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2014-05-28 16:32:25 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-05-28 16:30:53 421376 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-05-28 16:30:53 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-05-28 16:29:31 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-28 16:29:27 11776 ----a-w- C:\windows\SysWow64\mshta.exe
.
============= FINISH: 18:56:55.80 ===============


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 PM

Posted 30 June 2014 - 09:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

Edited by nasdaq, 30 June 2014 - 09:18 AM.


#5 yummygoodness

yummygoodness
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 30 June 2014 - 03:28 PM

Still getting redirected to Amazon after I ran all the scans.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/30/2014
Scan Time: 12:52:29 PM
Logfile: mbamlog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.30.09
Rootkit Database: v2014.06.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: V
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285327
Time Elapsed: 12 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
AdwCleaner:
 
# AdwCleaner v3.214 - Report created 30/06/2014 at 13:15:07
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : V - V-PC
# Running from : C:\Users\V\Desktop\adwcleaner_3.214.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16555
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1474 octets] - [30/06/2014 13:13:47]
AdwCleaner[S0].txt - [1401 octets] - [30/06/2014 13:15:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1461 octets] ##########
 
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by V (administrator) on V-PC on 30-06-2014 13:18:58
Running from C:\Users\V\Desktop\Farbar
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
() C:\Windows\System32\GFNEXSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Dropbox, Inc.) C:\Users\V\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1446248 2011-12-15] (Garmin)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1100765840-3999354766-1840495440-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-04] (Google Inc.)
HKU\S-1-5-21-1100765840-3999354766-1840495440-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-24] ()
HKU\S-1-5-21-1100765840-3999354766-1840495440-1000\...\Run: [Google Update] => C:\Users\V\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-05] (Google Inc.)
Startup: C:\Users\V\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\V\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\V\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\V\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\V\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\V\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\V\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\V\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\V\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\V\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: hxxp://start.toshiba.com/?cid=C001B2Y
CHR StartupUrls: "hxxp://start.toshiba.com/?cid=C001B2Y"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\V\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\V\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\V\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\V\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\V\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Adblock Plus) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-01-25]
CHR Extension: (Google Search) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Ghostery) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-12-07]
CHR Extension: (Google Wallet) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]
CHR Extension: (Gmail) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
 
==================== Services (Whitelisted) =================
 
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-30 13:18 - 2014-06-30 13:19 - 00000000 ____D () C:\FRST
2014-06-30 13:17 - 2014-06-30 13:18 - 00000000 ____D () C:\Users\V\Desktop\Farbar
2014-06-30 13:13 - 2014-06-30 13:15 - 00000000 ____D () C:\AdwCleaner
2014-06-30 13:13 - 2014-06-30 13:13 - 01346519 _____ () C:\Users\V\Desktop\adwcleaner_3.214.exe
2014-06-30 08:49 - 2014-06-30 12:52 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 08:49 - 2014-06-30 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 08:49 - 2014-06-30 08:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 08:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-30 08:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-30 08:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-30 08:48 - 2014-06-30 08:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\V\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-29 19:53 - 2014-06-29 19:53 - 00002699 _____ () C:\Users\V\AppData\Local\recently-used.xbel
2014-06-29 18:57 - 2014-06-29 18:57 - 00006852 _____ () C:\Users\V\Desktop\attach.txt
2014-06-29 18:57 - 2014-06-29 18:56 - 00020894 _____ () C:\Users\V\Desktop\dds.txt
2014-06-25 18:00 - 2014-06-28 22:01 - 00026616 _____ () C:\Users\V\Documents\Wardrobe Inventory.xlsx
2014-06-24 18:38 - 2014-06-24 18:38 - 00688992 ____R (Swearware) C:\Users\V\Desktop\dds.com
2014-06-24 12:56 - 2014-06-24 12:56 - 00001243 _____ () C:\Users\V\Desktop\JRT.txt
2014-06-24 12:49 - 2014-06-24 12:49 - 00000000 ____D () C:\windows\ERUNT
2014-06-24 12:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-24 12:37 - 2014-06-24 12:37 - 04161050 _____ () C:\Users\V\Desktop\tdsskiller.zip
2014-06-24 12:37 - 2014-06-24 12:37 - 00000000 ____D () C:\Users\V\Desktop\tdsskiller
2014-06-23 19:16 - 2014-05-28 11:53 - 17857536 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-23 19:16 - 2014-05-28 11:37 - 02338816 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-23 19:16 - 2014-05-28 11:35 - 10890240 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-23 19:16 - 2014-05-28 11:31 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-23 19:16 - 2014-05-28 11:31 - 01348608 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-23 19:16 - 2014-05-28 11:30 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-23 19:16 - 2014-05-28 11:30 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-06-23 19:16 - 2014-05-28 11:29 - 02148352 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-23 19:16 - 2014-05-28 11:29 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-23 19:16 - 2014-05-28 11:29 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-23 19:16 - 2014-05-28 11:29 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-23 19:16 - 2014-05-28 11:29 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-23 19:16 - 2014-05-28 11:29 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-23 19:16 - 2014-05-28 11:28 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-23 19:16 - 2014-05-28 11:28 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-23 19:16 - 2014-05-28 11:28 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-23 19:16 - 2014-05-28 11:28 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-23 19:16 - 2014-05-28 11:28 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-06-23 19:16 - 2014-05-28 11:28 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-06-23 19:16 - 2014-05-28 11:28 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-06-23 19:16 - 2014-05-28 11:27 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-23 19:16 - 2014-05-28 09:48 - 12356608 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-23 19:16 - 2014-05-28 09:39 - 01810432 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-23 19:16 - 2014-05-28 09:38 - 09711104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-23 19:16 - 2014-05-28 09:33 - 01106432 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-23 19:16 - 2014-05-28 09:32 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-23 19:16 - 2014-05-28 09:32 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-23 19:16 - 2014-05-28 09:31 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-06-23 19:16 - 2014-05-28 09:31 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-23 19:16 - 2014-05-28 09:30 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-23 19:16 - 2014-05-28 09:30 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-23 19:16 - 2014-05-28 09:30 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-23 19:16 - 2014-05-28 09:30 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-23 19:16 - 2014-05-28 09:30 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-23 19:16 - 2014-05-28 09:30 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-23 19:16 - 2014-05-28 09:30 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-06-23 19:16 - 2014-05-28 09:29 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-23 19:16 - 2014-05-28 09:29 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-23 19:16 - 2014-05-28 09:29 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-23 19:16 - 2014-05-28 09:29 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-06-23 19:16 - 2014-05-28 09:29 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-06-23 19:16 - 2014-05-28 09:28 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-23 19:16 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-06-23 19:16 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-06-23 19:16 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-06-23 19:16 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-06-23 19:16 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-06-23 19:16 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-06-23 19:16 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-06-23 19:16 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-06-23 19:16 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-06-23 19:16 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-06-23 19:16 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-06-23 19:16 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-06-23 19:16 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-06-23 19:16 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-06-23 19:16 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-06-23 19:16 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-06-23 19:16 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-06-23 19:16 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-06-23 19:16 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-06-23 19:16 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-06-23 19:16 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-06-23 19:16 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-06-23 19:16 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-06-23 19:16 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-06-23 19:16 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-06-23 19:16 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2014-06-23 19:16 - 2013-08-27 02:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-06-23 19:16 - 2013-08-27 02:01 - 01143296 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2014-06-23 19:16 - 2013-08-27 01:21 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-06-23 19:16 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2014-06-23 19:16 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-06-23 19:16 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-23 19:16 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-06-23 19:16 - 2013-05-12 22:51 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-06-23 19:16 - 2013-05-12 22:51 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-06-23 19:16 - 2013-05-12 22:51 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-06-23 19:16 - 2013-05-12 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2014-06-23 19:16 - 2013-05-12 21:45 - 01160192 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-06-23 19:16 - 2013-05-12 21:45 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-06-23 19:16 - 2013-05-12 21:45 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-06-23 19:16 - 2013-05-12 20:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-06-23 19:16 - 2013-05-12 20:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-06-23 19:16 - 2013-05-12 20:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2014-06-23 18:55 - 2014-06-23 18:55 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-23 18:55 - 2014-06-23 18:55 - 00001945 _____ () C:\windows\epplauncher.mif
2014-06-23 18:55 - 2014-06-23 18:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-23 18:55 - 2014-06-23 18:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-23 18:54 - 2014-06-23 18:54 - 13829304 _____ (Microsoft Corporation) C:\Users\V\Downloads\mseinstall.exe
2014-06-18 18:33 - 2014-06-18 18:33 - 00029177 _____ () C:\Users\V\Downloads\tile_hlp.dll
2014-06-18 17:42 - 2014-06-18 17:42 - 00000000 ____D () C:\Users\V\Downloads\5584 - Pokemon - White Version (DSi Enhanced)(USA) (E)
2014-06-18 17:40 - 2014-06-18 17:41 - 110782426 _____ () C:\Users\V\Downloads\5584 - Pokemon - White Version (DSi Enhanced)(USA) (E).zip
2014-06-18 17:39 - 2014-06-18 17:39 - 01501292 _____ () C:\Users\V\Downloads\desmume-0.9.6-win64-654.zip
2014-06-18 17:31 - 2014-06-18 17:31 - 00000000 ____D () C:\Users\V\Downloads\Pokemon White
2014-06-18 17:29 - 2014-06-18 17:30 - 109071659 _____ () C:\Users\V\Downloads\Pokemon White.zip
2014-06-18 17:21 - 2014-06-18 17:32 - 00000000 ____D () C:\Users\V\Downloads\desmume-0.9.10-win32
2014-06-18 17:21 - 2014-06-18 17:21 - 01096820 _____ () C:\Users\V\Downloads\desmume-0.9.10-win32.zip
2014-06-18 14:58 - 2014-06-18 14:58 - 00000331 _____ () C:\Users\V\Downloads\I-V-vi-IV_chord_progression_in_C.mid
2014-06-11 22:35 - 2014-06-11 22:51 - 01919953 _____ () C:\Users\V\Documents\Arcades in the 80s.pptx
2014-06-11 22:30 - 2014-06-11 22:50 - 00017160 ____H () C:\Users\V\Documents\~WRL2165.tmp
2014-06-09 15:44 - 2014-06-09 15:44 - 00000000 ____D () C:\Users\V\AppData\Roaming\Mozilla
2014-06-03 20:04 - 2014-06-03 20:04 - 00057856 _____ () C:\Users\V\Downloads\H01AR_2012.xls
2014-06-01 21:18 - 2014-06-01 21:18 - 00066518 _____ () C:\Users\V\Downloads\bcreg20121009a3.xlsx
2014-06-01 20:57 - 2014-06-01 20:57 - 00199680 _____ () C:\Users\V\Downloads\The 1950s HA Ch 41 42.ppt
 
==================== One Month Modified Files and Folders =======
 
2014-06-30 13:19 - 2014-06-30 13:18 - 00000000 ____D () C:\FRST
2014-06-30 13:19 - 2013-01-24 15:41 - 00000000 ____D () C:\Users\V\AppData\Local\PMB Files
2014-06-30 13:18 - 2014-06-30 13:17 - 00000000 ____D () C:\Users\V\Desktop\Farbar
2014-06-30 13:18 - 2011-12-04 00:50 - 01653386 _____ () C:\windows\WindowsUpdate.log
2014-06-30 13:16 - 2014-03-24 16:37 - 00000000 ____D () C:\Users\V\AppData\Roaming\DropboxMaster
2014-06-30 13:16 - 2014-01-03 17:34 - 00000000 ___RD () C:\Users\V\Documents\Dropbox
2014-06-30 13:16 - 2014-01-03 17:29 - 00000000 ____D () C:\Users\V\AppData\Roaming\Dropbox
2014-06-30 13:16 - 2011-12-04 01:11 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 13:15 - 2014-06-30 13:13 - 00000000 ____D () C:\AdwCleaner
2014-06-30 13:15 - 2010-11-20 20:47 - 00290752 _____ () C:\windows\PFRO.log
2014-06-30 13:15 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-30 13:15 - 2009-07-13 21:51 - 00112490 _____ () C:\windows\setupact.log
2014-06-30 13:14 - 2011-12-04 01:11 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-30 13:13 - 2014-06-30 13:13 - 01346519 _____ () C:\Users\V\Desktop\adwcleaner_3.214.exe
2014-06-30 12:55 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 12:55 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 12:54 - 2009-07-13 22:13 - 00726316 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-30 12:52 - 2014-06-30 08:49 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 09:46 - 2013-07-10 17:53 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1100765840-3999354766-1840495440-1000UA.job
2014-06-30 08:49 - 2014-06-30 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 08:49 - 2014-06-30 08:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 08:49 - 2013-05-19 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 08:48 - 2014-06-30 08:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\V\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-29 19:53 - 2014-06-29 19:53 - 00002699 _____ () C:\Users\V\AppData\Local\recently-used.xbel
2014-06-29 19:53 - 2013-07-02 07:16 - 00000000 ____D () C:\Users\V\.gimp-2.8
2014-06-29 18:57 - 2014-06-29 18:57 - 00006852 _____ () C:\Users\V\Desktop\attach.txt
2014-06-29 18:56 - 2014-06-29 18:57 - 00020894 _____ () C:\Users\V\Desktop\dds.txt
2014-06-29 12:46 - 2013-07-10 17:53 - 00000840 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1100765840-3999354766-1840495440-1000Core.job
2014-06-28 22:01 - 2014-06-25 18:00 - 00026616 _____ () C:\Users\V\Documents\Wardrobe Inventory.xlsx
2014-06-27 20:20 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-06-24 18:38 - 2014-06-24 18:38 - 00688992 ____R (Swearware) C:\Users\V\Desktop\dds.com
2014-06-24 13:09 - 2013-12-31 19:58 - 00117248 ___SH () C:\Users\V\Thumbs.db
2014-06-24 12:56 - 2014-06-24 12:56 - 00001243 _____ () C:\Users\V\Desktop\JRT.txt
2014-06-24 12:49 - 2014-06-24 12:49 - 00000000 ____D () C:\windows\ERUNT
2014-06-24 12:37 - 2014-06-24 12:37 - 04161050 _____ () C:\Users\V\Desktop\tdsskiller.zip
2014-06-24 12:37 - 2014-06-24 12:37 - 00000000 ____D () C:\Users\V\Desktop\tdsskiller
2014-06-24 10:07 - 2013-04-01 20:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-24 10:07 - 2013-04-01 20:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-23 22:16 - 2013-04-01 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-23 18:55 - 2014-06-23 18:55 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-23 18:55 - 2014-06-23 18:55 - 00001945 _____ () C:\windows\epplauncher.mif
2014-06-23 18:55 - 2014-06-23 18:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-23 18:55 - 2014-06-23 18:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-23 18:54 - 2014-06-23 18:54 - 13829304 _____ (Microsoft Corporation) C:\Users\V\Downloads\mseinstall.exe
2014-06-22 16:08 - 2013-01-24 15:41 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-19 12:41 - 2013-07-10 17:53 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1100765840-3999354766-1840495440-1000UA
2014-06-19 12:41 - 2013-07-10 17:53 - 00003458 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1100765840-3999354766-1840495440-1000Core
2014-06-18 18:33 - 2014-06-18 18:33 - 00029177 _____ () C:\Users\V\Downloads\tile_hlp.dll
2014-06-18 17:42 - 2014-06-18 17:42 - 00000000 ____D () C:\Users\V\Downloads\5584 - Pokemon - White Version (DSi Enhanced)(USA) (E)
2014-06-18 17:41 - 2014-06-18 17:40 - 110782426 _____ () C:\Users\V\Downloads\5584 - Pokemon - White Version (DSi Enhanced)(USA) (E).zip
2014-06-18 17:39 - 2014-06-18 17:39 - 01501292 _____ () C:\Users\V\Downloads\desmume-0.9.6-win64-654.zip
2014-06-18 17:32 - 2014-06-18 17:21 - 00000000 ____D () C:\Users\V\Downloads\desmume-0.9.10-win32
2014-06-18 17:31 - 2014-06-18 17:31 - 00000000 ____D () C:\Users\V\Downloads\Pokemon White
2014-06-18 17:30 - 2014-06-18 17:29 - 109071659 _____ () C:\Users\V\Downloads\Pokemon White.zip
2014-06-18 17:21 - 2014-06-18 17:21 - 01096820 _____ () C:\Users\V\Downloads\desmume-0.9.10-win32.zip
2014-06-18 15:09 - 2011-12-04 01:11 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 15:09 - 2011-12-04 01:11 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 14:58 - 2014-06-18 14:58 - 00000331 _____ () C:\Users\V\Downloads\I-V-vi-IV_chord_progression_in_C.mid
2014-06-11 22:51 - 2014-06-11 22:35 - 01919953 _____ () C:\Users\V\Documents\Arcades in the 80s.pptx
2014-06-11 22:50 - 2014-06-11 22:30 - 00017160 ____H () C:\Users\V\Documents\~WRL2165.tmp
2014-06-09 15:44 - 2014-06-09 15:44 - 00000000 ____D () C:\Users\V\AppData\Roaming\Mozilla
2014-06-03 20:04 - 2014-06-03 20:04 - 00057856 _____ () C:\Users\V\Downloads\H01AR_2012.xls
2014-06-01 21:18 - 2014-06-01 21:18 - 00066518 _____ () C:\Users\V\Downloads\bcreg20121009a3.xlsx
2014-06-01 20:57 - 2014-06-01 20:57 - 00199680 _____ () C:\Users\V\Downloads\The 1950s HA Ch 41 42.ppt
2014-06-01 20:57 - 2013-10-13 10:03 - 00827904 ___SH () C:\Users\V\Downloads\Thumbs.db
 
Some content of TEMP:
====================
C:\Users\V\AppData\Local\Temp\Bootstrapper.exe
C:\Users\V\AppData\Local\Temp\BootstrapperARA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperARU.dll
C:\Users\V\AppData\Local\Temp\BootstrapperCHS.dll
C:\Users\V\AppData\Local\Temp\BootstrapperCHT.dll
C:\Users\V\AppData\Local\Temp\BootstrapperCSY.dll
C:\Users\V\AppData\Local\Temp\BootstrapperDAN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperDEU.dll
C:\Users\V\AppData\Local\Temp\BootstrapperELL.dll
C:\Users\V\AppData\Local\Temp\BootstrapperENU.dll
C:\Users\V\AppData\Local\Temp\BootstrapperESN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperESP.dll
C:\Users\V\AppData\Local\Temp\BootstrapperFIN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperFRA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperHEB.dll
C:\Users\V\AppData\Local\Temp\BootstrapperHRV.dll
C:\Users\V\AppData\Local\Temp\BootstrapperHUN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperITA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperJPN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperKOR.dll
C:\Users\V\AppData\Local\Temp\BootstrapperLOC.dll
C:\Users\V\AppData\Local\Temp\BootstrapperNLD.dll
C:\Users\V\AppData\Local\Temp\BootstrapperNOR.dll
C:\Users\V\AppData\Local\Temp\BootstrapperPLK.dll
C:\Users\V\AppData\Local\Temp\BootstrapperPTB.dll
C:\Users\V\AppData\Local\Temp\BootstrapperPTG.dll
C:\Users\V\AppData\Local\Temp\BootstrapperRUS.dll
C:\Users\V\AppData\Local\Temp\BootstrapperSKY.dll
C:\Users\V\AppData\Local\Temp\BootstrapperSLV.dll
C:\Users\V\AppData\Local\Temp\BootstrapperSVE.dll
C:\Users\V\AppData\Local\Temp\BootstrapperTHA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperTRK.dll
C:\Users\V\AppData\Local\Temp\BootstrapperUKR.dll
C:\Users\V\AppData\Local\Temp\DeleteProgramDataFiles.CA.dll
C:\Users\V\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\V\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeqzrts.dll
C:\Users\V\AppData\Local\Temp\ose00000.exe
C:\Users\V\AppData\Local\Temp\Quarantine.exe
C:\Users\V\AppData\Local\Temp\setup.exe
C:\Users\V\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\V\AppData\Local\Temp\tmp1AF3.exe
C:\Users\V\AppData\Local\Temp\tmp2F1B.exe
C:\Users\V\AppData\Local\Temp\tmp314D.exe
C:\Users\V\AppData\Local\Temp\tmp3943.exe
C:\Users\V\AppData\Local\Temp\tmp3E09.exe
C:\Users\V\AppData\Local\Temp\tmp6701.exe
C:\Users\V\AppData\Local\Temp\tmp6980.exe
C:\Users\V\AppData\Local\Temp\tmp6A3A.exe
C:\Users\V\AppData\Local\Temp\tmp8D7F.exe
C:\Users\V\AppData\Local\Temp\tmp8F87.exe
C:\Users\V\AppData\Local\Temp\tmp8FE4.exe
C:\Users\V\AppData\Local\Temp\tmp9471.exe
C:\Users\V\AppData\Local\Temp\tmp9A4C.exe
C:\Users\V\AppData\Local\Temp\tmp9E85.exe
C:\Users\V\AppData\Local\Temp\tmp9E8F.exe
C:\Users\V\AppData\Local\Temp\tmp9ECF.exe
C:\Users\V\AppData\Local\Temp\tmpA54B.exe
C:\Users\V\AppData\Local\Temp\tmpA562.exe
C:\Users\V\AppData\Local\Temp\tmpABA9.exe
C:\Users\V\AppData\Local\Temp\tmpB0D7.exe
C:\Users\V\AppData\Local\Temp\tmpB6FF.exe
C:\Users\V\AppData\Local\Temp\tmpB8C3.exe
C:\Users\V\AppData\Local\Temp\tmpB901.exe
C:\Users\V\AppData\Local\Temp\tmpBDA3.exe
C:\Users\V\AppData\Local\Temp\tmpC7C4.exe
C:\Users\V\AppData\Local\Temp\tmpC9D.exe
C:\Users\V\AppData\Local\Temp\tmpE465.exe
C:\Users\V\AppData\Local\Temp\tmpF39.exe
C:\Users\V\AppData\Local\Temp\tmpF8CF.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-28 12:39
 
==================== End Of Log ============================
 
 
 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 PM

Posted 01 July 2014 - 06:46 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR Extension: (Ghostery) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-12-07]
C:\Users\V\AppData\Local\Temp\Bootstrapper.exe
C:\Users\V\AppData\Local\Temp\BootstrapperARA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperARU.dll
C:\Users\V\AppData\Local\Temp\BootstrapperCHS.dll
C:\Users\V\AppData\Local\Temp\BootstrapperCHT.dll
C:\Users\V\AppData\Local\Temp\BootstrapperCSY.dll
C:\Users\V\AppData\Local\Temp\BootstrapperDAN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperDEU.dll
C:\Users\V\AppData\Local\Temp\BootstrapperELL.dll
C:\Users\V\AppData\Local\Temp\BootstrapperENU.dll
C:\Users\V\AppData\Local\Temp\BootstrapperESN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperESP.dll
C:\Users\V\AppData\Local\Temp\BootstrapperFIN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperFRA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperHEB.dll
C:\Users\V\AppData\Local\Temp\BootstrapperHRV.dll
C:\Users\V\AppData\Local\Temp\BootstrapperHUN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperITA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperJPN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperKOR.dll
C:\Users\V\AppData\Local\Temp\BootstrapperLOC.dll
C:\Users\V\AppData\Local\Temp\BootstrapperNLD.dll
C:\Users\V\AppData\Local\Temp\BootstrapperNOR.dll
C:\Users\V\AppData\Local\Temp\BootstrapperPLK.dll
C:\Users\V\AppData\Local\Temp\BootstrapperPTB.dll
C:\Users\V\AppData\Local\Temp\BootstrapperPTG.dll
C:\Users\V\AppData\Local\Temp\BootstrapperRUS.dll
C:\Users\V\AppData\Local\Temp\BootstrapperSKY.dll
C:\Users\V\AppData\Local\Temp\BootstrapperSLV.dll
C:\Users\V\AppData\Local\Temp\BootstrapperSVE.dll
C:\Users\V\AppData\Local\Temp\BootstrapperTHA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperTRK.dll
C:\Users\V\AppData\Local\Temp\BootstrapperUKR.dll
C:\Users\V\AppData\Local\Temp\DeleteProgramDataFiles.CA.dll
C:\Users\V\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\V\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeqzrts.dll
C:\Users\V\AppData\Local\Temp\ose00000.exe
C:\Users\V\AppData\Local\Temp\Quarantine.exe
C:\Users\V\AppData\Local\Temp\setup.exe
C:\Users\V\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\V\AppData\Local\Temp\tmp1AF3.exe
C:\Users\V\AppData\Local\Temp\tmp2F1B.exe
C:\Users\V\AppData\Local\Temp\tmp314D.exe
C:\Users\V\AppData\Local\Temp\tmp3943.exe
C:\Users\V\AppData\Local\Temp\tmp3E09.exe
C:\Users\V\AppData\Local\Temp\tmp6701.exe
C:\Users\V\AppData\Local\Temp\tmp6980.exe
C:\Users\V\AppData\Local\Temp\tmp6A3A.exe
C:\Users\V\AppData\Local\Temp\tmp8D7F.exe
C:\Users\V\AppData\Local\Temp\tmp8F87.exe
C:\Users\V\AppData\Local\Temp\tmp8FE4.exe
C:\Users\V\AppData\Local\Temp\tmp9471.exe
C:\Users\V\AppData\Local\Temp\tmp9A4C.exe
C:\Users\V\AppData\Local\Temp\tmp9E85.exe
C:\Users\V\AppData\Local\Temp\tmp9E8F.exe
C:\Users\V\AppData\Local\Temp\tmp9ECF.exe
C:\Users\V\AppData\Local\Temp\tmpA54B.exe
C:\Users\V\AppData\Local\Temp\tmpA562.exe
C:\Users\V\AppData\Local\Temp\tmpABA9.exe
C:\Users\V\AppData\Local\Temp\tmpB0D7.exe
C:\Users\V\AppData\Local\Temp\tmpB6FF.exe
C:\Users\V\AppData\Local\Temp\tmpB8C3.exe
C:\Users\V\AppData\Local\Temp\tmpB901.exe
C:\Users\V\AppData\Local\Temp\tmpBDA3.exe
C:\Users\V\AppData\Local\Temp\tmpC7C4.exe
C:\Users\V\AppData\Local\Temp\tmpC9D.exe
C:\Users\V\AppData\Local\Temp\tmpE465.exe
C:\Users\V\AppData\Local\Temp\tmpF39.exe
C:\Users\V\AppData\Local\Temp\tmpF8CF.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Fix the browser in which you are getting rediredted.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer
Menu > Internet Options > Advanced tab.
Click the reset button on the bottom of the page.
===

Keep me posted.

#7 yummygoodness

yummygoodness
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 01 July 2014 - 10:21 AM

Still getting redirected :(

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02
Ran by V at 2014-07-01 08:09:13 Run:1
Running from C:\Users\V\Desktop\Farbar
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR Extension: (Ghostery) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-12-07]
C:\Users\V\AppData\Local\Temp\Bootstrapper.exe
C:\Users\V\AppData\Local\Temp\BootstrapperARA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperARU.dll
C:\Users\V\AppData\Local\Temp\BootstrapperCHS.dll
C:\Users\V\AppData\Local\Temp\BootstrapperCHT.dll
C:\Users\V\AppData\Local\Temp\BootstrapperCSY.dll
C:\Users\V\AppData\Local\Temp\BootstrapperDAN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperDEU.dll
C:\Users\V\AppData\Local\Temp\BootstrapperELL.dll
C:\Users\V\AppData\Local\Temp\BootstrapperENU.dll
C:\Users\V\AppData\Local\Temp\BootstrapperESN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperESP.dll
C:\Users\V\AppData\Local\Temp\BootstrapperFIN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperFRA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperHEB.dll
C:\Users\V\AppData\Local\Temp\BootstrapperHRV.dll
C:\Users\V\AppData\Local\Temp\BootstrapperHUN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperITA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperJPN.dll
C:\Users\V\AppData\Local\Temp\BootstrapperKOR.dll
C:\Users\V\AppData\Local\Temp\BootstrapperLOC.dll
C:\Users\V\AppData\Local\Temp\BootstrapperNLD.dll
C:\Users\V\AppData\Local\Temp\BootstrapperNOR.dll
C:\Users\V\AppData\Local\Temp\BootstrapperPLK.dll
C:\Users\V\AppData\Local\Temp\BootstrapperPTB.dll
C:\Users\V\AppData\Local\Temp\BootstrapperPTG.dll
C:\Users\V\AppData\Local\Temp\BootstrapperRUS.dll
C:\Users\V\AppData\Local\Temp\BootstrapperSKY.dll
C:\Users\V\AppData\Local\Temp\BootstrapperSLV.dll
C:\Users\V\AppData\Local\Temp\BootstrapperSVE.dll
C:\Users\V\AppData\Local\Temp\BootstrapperTHA.dll
C:\Users\V\AppData\Local\Temp\BootstrapperTRK.dll
C:\Users\V\AppData\Local\Temp\BootstrapperUKR.dll
C:\Users\V\AppData\Local\Temp\DeleteProgramDataFiles.CA.dll
C:\Users\V\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\V\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeqzrts.dll
C:\Users\V\AppData\Local\Temp\ose00000.exe
C:\Users\V\AppData\Local\Temp\Quarantine.exe
C:\Users\V\AppData\Local\Temp\setup.exe
C:\Users\V\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\V\AppData\Local\Temp\tmp1AF3.exe
C:\Users\V\AppData\Local\Temp\tmp2F1B.exe
C:\Users\V\AppData\Local\Temp\tmp314D.exe
C:\Users\V\AppData\Local\Temp\tmp3943.exe
C:\Users\V\AppData\Local\Temp\tmp3E09.exe
C:\Users\V\AppData\Local\Temp\tmp6701.exe
C:\Users\V\AppData\Local\Temp\tmp6980.exe
C:\Users\V\AppData\Local\Temp\tmp6A3A.exe
C:\Users\V\AppData\Local\Temp\tmp8D7F.exe
C:\Users\V\AppData\Local\Temp\tmp8F87.exe
C:\Users\V\AppData\Local\Temp\tmp8FE4.exe
C:\Users\V\AppData\Local\Temp\tmp9471.exe
C:\Users\V\AppData\Local\Temp\tmp9A4C.exe
C:\Users\V\AppData\Local\Temp\tmp9E85.exe
C:\Users\V\AppData\Local\Temp\tmp9E8F.exe
C:\Users\V\AppData\Local\Temp\tmp9ECF.exe
C:\Users\V\AppData\Local\Temp\tmpA54B.exe
C:\Users\V\AppData\Local\Temp\tmpA562.exe
C:\Users\V\AppData\Local\Temp\tmpABA9.exe
C:\Users\V\AppData\Local\Temp\tmpB0D7.exe
C:\Users\V\AppData\Local\Temp\tmpB6FF.exe
C:\Users\V\AppData\Local\Temp\tmpB8C3.exe
C:\Users\V\AppData\Local\Temp\tmpB901.exe
C:\Users\V\AppData\Local\Temp\tmpBDA3.exe
C:\Users\V\AppData\Local\Temp\tmpC7C4.exe
C:\Users\V\AppData\Local\Temp\tmpC9D.exe
C:\Users\V\AppData\Local\Temp\tmpE465.exe
C:\Users\V\AppData\Local\Temp\tmpF39.exe
C:\Users\V\AppData\Local\Temp\tmpF8CF.exe
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij => Moved successfully.
C:\Users\V\AppData\Local\Temp\Bootstrapper.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperARA.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperARU.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperCHS.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperCHT.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperCSY.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperDAN.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperDEU.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperELL.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperENU.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperESN.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperESP.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperFIN.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperFRA.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperHEB.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperHRV.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperHUN.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperITA.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperJPN.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperKOR.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperLOC.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperNLD.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperNOR.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperPLK.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperPTB.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperPTG.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperRUS.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperSKY.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperSLV.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperSVE.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperTHA.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperTRK.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\BootstrapperUKR.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\DeleteProgramDataFiles.CA.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\dotNetFx40_Client_setup.exe => Moved successfully.
"C:\Users\V\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeqzrts.dll" => File/Directory not found.
C:\Users\V\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp1AF3.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp2F1B.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp314D.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp3943.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp3E09.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp6701.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp6980.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp6A3A.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp8D7F.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp8F87.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp8FE4.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp9471.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp9A4C.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp9E85.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp9E8F.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmp9ECF.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpA54B.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpA562.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpABA9.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpB0D7.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpB6FF.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpB8C3.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpB901.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpBDA3.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpC7C4.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpC9D.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpE465.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpF39.exe => Moved successfully.
C:\Users\V\AppData\Local\Temp\tmpF8CF.exe => Moved successfully.
 
==== End of Fixlog ====
 
 
Security Check:
 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 25  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 PM

Posted 01 July 2014 - 10:27 AM




Lets concentrate on the popups

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer
Menu > Internet Options > Advanced tab.
Reset IE bottom of the page.
Click the apply button.

===

If all fails

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 25
Java 7 Update 21

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===


Keep me posted.

#9 yummygoodness

yummygoodness
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 01 July 2014 - 10:52 AM

Did everything except fixme.reg and the Flash update (Chrome's already updated). I've never really experienced popups before, just occasional freezing for 5-30 seconds. The redirect is still happening; am I just being paranoid?

 

EDIT: So while I was updating and disabling Java in Chrome I noticed that Adobe Reader was out of date...so I uninstalled that and tried to download version 11. When I run the installer it gives me the UAC popup. Then when I click yes, the installer doesn't show up (even though I can see the process in the task manager).


Edited by yummygoodness, 01 July 2014 - 11:35 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 PM

Posted 02 July 2014 - 06:12 AM

Did everything except fixme.reg

Please do it.

===
 

Then when I click yes, the installer doesn't show up (even though I can see the process in the task manager).

Stop the process in the Task Manager.
Restart the computer normally.


Clean the Java Cache. Tutorial here.
http://www.java.com/en/download/help/plugin_cache.xml
<<<>>>


Uninstaller of old versions.
To be used if the Add/Remove programs does not work properly.
This link http://java.com/en/download/uninstallapplet.jsp will check your Java version. After the check, it offers a tool to uninstall old versions. Uninstalling old versions is important as they represent a security risk.

Can you install the latest version now?

#11 yummygoodness

yummygoodness
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 July 2014 - 03:08 PM

I ran fixme.reg and cleared the Java cache. The Adobe installer just sits in the background at 0% cpu usage and eats up memory.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 PM

Posted 03 July 2014 - 06:36 AM

Do you mean the Adobe Flash Player?

Stop the Process or service.
Remove it using the Add/Remove program.

Restart the computer normally.

Close all application and re-install it.

#13 yummygoodness

yummygoodness
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 03 July 2014 - 06:14 PM

I mean Adobe Reader. Killing the process and redownloading/running a fresh installer doesn't work.

 

Also, I won't be able to respond until July 14th or possibly later.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:18 PM

Posted 04 July 2014 - 09:31 AM

Download and run this uninstaller.

http://labs.adobe.com/downloads/acrobatcleaner.html

Restart the computer when done.

Try to install the new version.

---

I will keep this topic open until your return.

#15 yummygoodness

yummygoodness
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 14 July 2014 - 02:34 PM

Ran the tool and restarted, but the Reader installer still won't work. I installed another program as an alternative, though :)

 

The redirect to Amazon is still occurring.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users