Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

found conduit& more. other malware/ spyware& stubborn pum.dns won't Please Help


  • This topic is locked This topic is locked
27 replies to this topic

#1 dreamgirl barbie

dreamgirl barbie

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:07 AM

Posted 18 July 2014 - 06:05 PM

I would like to be as descriptive as I can be so this is going to be quite long, but I would like to thank you ahead of time for your patience and understanding. I am running windows 7 home premium 64 bit operating system.
I am having some problems with my laptop. It started with small things like ads on certain webpages then it got worse over time and I started getting ads everywhere on every page, pop ups and pop up windows when I visited almost every site. whatever was on the pop up would begin to play. I was able to solve this problem in firefox with three extensions (addons) which are:Adblock Plus 2.6.3, DoNotTrackMe: Online Privacy Protection 3.2.1127 and No Script 2.6.8.33 ( This did not eradicate the problem it just hid it ). I began thinking I had a virus and took my laptop to a guy that was supposed to get rid of malware and spyware but I believe he put more on my laptop. The reason I say that is because when I got my computer back wierd things began happening. There were a lot of added things. My laptop started playing sounds when it should not have been, lots of strange codes were written with dreamweaver, I had many new folders and lots of suspicious folders in c drive and in the registry. My webcam began starting at times it should not have been and the ads were still present. he mentioned he had things from his computer going to his dropbox account and his wife will never know because he has it hiddenon in his computer and phone so I became suspicious after finding such weird things on my laptop. The wierdest thing of all was my kaspersky was back dated to 1999.( virus database and things ) and my original subscription for a year was gone. It still looked the same and was functional but weird things were allowed through the firewall. It kept cutting off and on by itself for no reasoon at all. I deleted kaspersky and installed microsoft security essentials. which found nothing at all. I still suspected I had spyware and malware still present. I didnt use my computer for anything like banking or where I had to use it with passwords that would matter. so I didnt bother taking it to get a windows reinstall or taking it back to a computer guy again. Over time things seemed to be getting a a little bit better
........until recently things got strange when I installed bing desktop which I shouldn't of done. Bing desktop came preinstalled on my laptop and kept coming up in My windows updates so i finally allowed it beause it is always best everything stays up to date. When I did that everything in my computer changed the brightness, My desktop background , the pictures of my desktop backgrounds, the size of the writing and pictures were all small, It changed my internet settings, and all of my folders went back to being shared, In spyware blaster in changed my preferred start page to msn here is the picture. spyware%20blaster.JPG
I erased bing desktop because of this.
After deleting microsoft security essentials I downloaded a 30 day trial of kaspersky 2.0 and more strange things happened. The trial expired the same day I got it. It shut off 10 minutes after I updated the database At this time I had nothing that would of interfered with it, The message that it displayed said I needed to purchase the full version when I clicked the link that kaspersky provided me it said redirect in the address bar and took me to a site that looks just like kaspersky. I tried to delete it off of the desktop and can't. kaspersky%20pop%20up%20message.JPGthen when I push continue this is what I get.
kaspersky%20pop%20up%20message%20after%2
When I try to delete kaspersky from the c drive this is the message I get.
delete%20kaspersky.JPGthen i push yes and this is what i getkaspersky%20wont%20let%20me%20delete%20iI believe there is a virus that is preventing me from deleting kaspersky.
The next thing I did was download the kaspersky tdds killer and ran a scan it found something suspicious which is this
foundmal.JPGbut instead of using the delete option i pushed the skip option thinking i would be able to find out what it is and if it is a real threat or not but that was a mistake i have ran tdds killer 6 times since and this does not pop up again it says 0 dettected items. It didn't find the suspicious file again.
I tried system restore In regular and safe mode/ no networking and nothing worked. Everyone of the system restore attempts ended with System restore did not complete successfully. Your computer system files and settings were not changed. Details:System Restore failed to replace the file (C:\Program Data|Spybot-Search Destroy\Quarantine\Overview.ini ) with its original copy from the restore point. An unspecified erroe occured during system restore.( 0x80070003 ) I tried in repair my computer in the sytem recovery options I noticed it had home group users$ in user name, as an administrator account but I never set that up dont have that password and do not know it. So Ifound that wierd.
I then tried system image backupbut I have none. I then ran eset online nothing was found and then redownloaded microsoft security essentials and ran it nothing was found.
I did a online google search and it suggested downloading rogue killer I installed and ran it. I had problems running it at first it keptsaying over and over this is not a valid win32 application. I deleted it and downloaded it again then kept trying to run it until it did let me run it. this is what it revealed pum.dns%20before%20delete.JPG every other part was normal. I deleted all of these and then this happened pum.dns%20after%20delete%20seems%20to%20 it seems that it keeps replacing itself even after I restart my laptop and run rougue killer again it is right back.
I checked my dns cache before I deleted it, it had gaming sites and antivirus sites I never visited.
In my task manager things arerunning that I never set up some services says running then when i try to stop it gives the message that it isn't running but it says running.some things arent showing up.Another thing I am noticing with firefox and internet explorer browsers a get a server not found on just about everything it looks like this server%20not%20found%20message.JPG it happens even on sites that it should not display this message. It stops sometimes and says about:blank in the title bar or it loads slowly or takes 10 minutes to load to a white screen or doesn't load at all. I there are other reasons I feel my laptop is infected one would be the constant sound that a scan is going on, also my computer redirects my google searches to paid picture downloads sometimes blinks like its doing screen captures and my webcam still comes on and off. please can you help thanks



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 23 July 2014 - 06:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541489 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 dreamgirl barbie

dreamgirl barbie
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:07 AM

Posted 24 July 2014 - 03:27 AM

***Additional Information***

I have noticed even stranger things since I last posted.

** I have noticed everytime I restart my laptop it has a computer folder on the desktop and my computers name folder on the desktop even if i deleted them on previous restart or shut down.

** Another thing I have noticed was when I restarted in safemode with networking there were two different wireless internet connections that were running. one was the name of My wireless internet but with a 2 beside it which I never put there and the other one was alph numerical  when one cut off by its self the other cut on but both of them I never set up that is the strange part.

** other things i have noticed is My wireless connection has the same name but it has a number two by it as if its another wireless connection no matter if its in safe mode or not.

** My internet explorer browser when opened, it opens two tabs instead of one tab.

** Most of the time I get server cannot be found even on a simple google search on mozilla firefox and internet explorer.

** Sometimes when I am able to connect I get redirected to sites that I shouldn't be redirected to.

** I also have wierd things in the registry and weird things running in the task manager. When I try to end them I get access denied or they start right back up.

** The things that I disabled ( like antivirus ) are still running in task manager and cant be ended.

**When I try to delete certain things My laptop does not recognize me as the administrator.

**The last time I ran microsoft security essentials before I disabled it, it ran about 55 minutes with very little green, (to show how far along it is). It's almost as if it never moved then it suddenly cut off, It was ran when I didn't have anything that will cut it off (like another antivirus program)

** I cannot delete certain things like kaspersky, microsoft security essentials, adaware, super anti spyware, norton security scan, tdss killer. however all of these found nothing when scanned, Is it possible that they may have been injected with some sort of malicious code or maybe being controlled by whatever it is on my laptop?

  I know that I am infected because things just pop up randonly on my laptops desktop, also there are suspicious folders on my laptop in the registry and in My laptops C: drive, software I didnt download and strange things in registry.. The folders and icons keep rearranging themselves on the desktop. windows keep flashing fast every now and then. and overall My laptop is slower than usual.

 

However, Thanks for being patient as well. This is the DDS log that was created. I am running windows 7 ...64 bit.

Unfortunately I do not have my original Windows CD/DVD available. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by Sho'na at 3:04:56 on 2014-07-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3955.2016 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\explorer.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
c:\PROGRA~1\MICROS~3\msseces.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uProxyOverride = <local>
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [Google Update] "C:\Users\Sho'na\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EDB2B378-30A3-4ABC-BEC4-2D548416B42F} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EDB2B378-30A3-4ABC-BEC4-2D548416B42F}\35D696C696E67664C6F6775627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EDB2B378-30A3-4ABC-BEC4-2D548416B42F}\4474836303148323 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EDB2B378-30A3-4ABC-BEC4-2D548416B42F}\A444C4 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{EDB2B378-30A3-4ABC-BEC4-2D548416B42F}\E45445745414250313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EDB2B378-30A3-4ABC-BEC4-2D548416B42F}\E45445745414250313D25374 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sho'na\AppData\Roaming\Mozilla\Firefox\Profiles\v9kw7h6i.default-1366691043918\
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Sho'na\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sho'na\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sho'na\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\System32\Adobe\Director\np32dsw_1212152.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\windows\System32\drivers\CSCrySec.sys [2014-7-15 84536]
R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-5-2 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-10-8 55280]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-10-8 482384]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2014-7-15 66616]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2013-11-11 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2013-11-11 178448]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 regi;regi;C:\windows\System32\drivers\regi.sys [2012-10-8 14112]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-8 2320920]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 enecir;ENE CIR Receiver;C:\windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 enecirhid;ENE CIR HID Receiver;C:\windows\System32\drivers\enecirhid.sys [2009-5-20 14848]
R3 enecirhidma;ENE CIR HIDmini Filter;C:\windows\System32\drivers\enecirhidma.sys [2008-4-24 6656]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2012-10-8 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-10 158720]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
R3 ManyCam;ManyCam Virtual Webcam;C:\windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\windows\System32\drivers\nvstusb.sys [2013-12-4 451872]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-10-8 331880]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [2014-6-3 706864]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\S..VC\Updater\Updater.exe [2013-10-23 172192]
S2 trackcam;TrackerCam Video Capture Driver;C:\windows\System32\drivers\trackcam.sys [2012-12-22 81352]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
S3 CompFilter64;UVCCompositeFilter;C:\windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]
S3 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-10-9 166400]
S3 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-10-9 128512]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-8-28 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 gfiark;gfiark;C:\windows\System32\drivers\gfiark.sys [2013-5-2 38456]
S3 HtcVCom32;HTC Diagnostic Port;C:\windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-7-10 111616]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-5-26 174680]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Webcam C615(UVC);C:\windows\System32\drivers\LVUVC64.sys [2011-3-3 4763680]
S3 MHIKEY10;MHIKEY10;C:\windows\System32\drivers\MHIKEY10x64.sys [2010-9-15 60288]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-6 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\windows\System32\drivers\taphss6.sys [2012-12-21 41304]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-10-8 54136]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-7-14 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-10-8 1255736]
S4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
S4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-29 414496]
S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-07-24 04:15:22    --------    d-----w-    C:\AdwCleaner
2014-07-23 19:24:47    --------    d-----w-    C:\Users\Sho'na\AppData\Roaming\LavasoftStatistics
2014-07-23 19:24:22    --------    d-----w-    C:\Program Files\Lavasoft
2014-07-23 19:18:41    --------    d-----w-    C:\Program Files\Common Files\Lavasoft
2014-07-23 18:54:56    10924376    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD104A88-9D31-49A9-97B5-383E8F570621}\mpengine.dll
2014-07-23 18:54:41    --------    d-----w-    C:\windows\ERUNT
2014-07-22 16:17:17    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-22 16:17:17    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D30072E7-03CD-450F-BBE7-27BE99E3CDE8}\gapaengine.dll
2014-07-22 16:17:04    10924376    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-21 19:24:30    --------    d-----w-    C:\Users\Sho'na\AppData\Roaming\SUPERAntiSpyware.com
2014-07-21 19:24:03    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-07-21 19:24:03    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-07-21 19:03:25    122584    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-07-21 19:03:01    91352    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-07-21 19:03:01    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-07-21 19:03:01    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-07-21 19:03:01    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-07-21 19:03:01    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-16 17:14:33    29160    ----a-w-    C:\windows\SysWow64\drivers\TrueSight.sys
2014-07-16 17:14:32    --------    d-----w-    C:\ProgramData\RogueKiller
2014-07-16 15:22:18    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2014-07-16 15:22:16    --------    d-----w-    C:\Program Files\Microsoft Security Client
2014-07-16 01:08:41    536576    ----a-w-    C:\windows\SysWow64\sqlite3.dll
2014-07-16 00:46:53    6574592    ----a-w-    C:\windows\System32\mstscax.dll
2014-07-16 00:46:53    5694464    ----a-w-    C:\windows\SysWow64\mstscax.dll
2014-07-16 00:46:34    10924376    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{321AEA6D-AA1B-4669-B4BC-0F680FE38A52}\mpengine.dll
2014-07-15 05:14:34    64856    ----a-w-    C:\windows\System32\klfphc.dll
2014-07-15 05:14:02    66616    ----a-w-    C:\windows\System32\drivers\CSVirtualDiskDrv.sys
2014-07-15 05:14:00    84536    ----a-w-    C:\windows\System32\drivers\CSCrySec.sys
2014-07-15 05:13:42    --------    d-----w-    C:\windows\ELAMBKUP
2014-07-15 05:13:40    --------    d-----w-    C:\Program Files (x86)\Common Files\InfoWatch
2014-07-15 05:13:39    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2014-07-15 05:13:26    92768    ----a-w-    C:\windows\System32\drivers\klflt.sys
2014-07-15 03:08:07    --------    d-----w-    C:\windows\System32\drivers\NSSx64\0401000.01C
2014-07-15 03:08:07    --------    d-----w-    C:\windows\System32\drivers\NSSx64
2014-07-15 03:08:07    --------    d-----w-    C:\Program Files (x86)\Norton Security Scan
2014-07-15 03:08:01    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2014-07-14 23:47:02    --------    d-----w-    C:\Program Files (x86)\Microsoft
2014-07-14 23:46:10    792576    ----a-w-    C:\windows\SysWow64\TSWorkspace.dll
2014-07-14 23:46:10    1030144    ----a-w-    C:\windows\System32\TSWorkspace.dll
2014-07-14 19:53:02    98216    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-12 06:36:56    --------    d-----w-    C:\Program Files (x86)\SWiX
2014-07-12 05:11:38    --------    d-----w-    C:\Users\Sho'na\Adobe Flash Builder 4
2014-07-10 05:41:53    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
2014-07-10 05:36:46    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-07-10 05:36:45    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-07-10 05:36:45    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-07-10 05:36:42    936960    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 05:36:42    1719296    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-10 05:36:42    1389568    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-10 05:36:42    1380864    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-10 05:36:42    1354240    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
.
==================== Find3M  ====================
.
2014-07-15 05:35:27    458336    ----a-w-    C:\windows\System32\drivers\kl1.sys
2014-07-09 02:58:27    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 02:58:27    699056    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-19 01:06:55    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\windows\System32\win32k.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-05-30 08:08:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-05-09 06:14:03    477184    ----a-w-    C:\windows\System32\aepdu.dll
2014-05-09 06:11:23    424448    ----a-w-    C:\windows\System32\aeinv.dll
2014-05-08 09:32:11    3178496    ----a-w-    C:\windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\windows\System32\RdpGroupPolicyExtension.dll
.
============= FINISH:  3:05:12.55 ===============
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 24 July 2014 - 07:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 dreamgirl barbie

dreamgirl barbie
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:07 AM

Posted 24 July 2014 - 11:29 AM

hi Nasdaq, Thank you for your response.

 

I ran adwcleaner before your instructions and before the above response from helpbot ( I ran it when I was waiting for a response from bleeping computer to tell me what I should do because things were worsening) and the only thing my adwcleaner scan results included differently was this part..

 

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp

 

( which I deleted )

 

here are the Adwcleaner scan results from the current scan I just finished.Before delete

# AdwCleaner v3.216 - Report created 24/07/2014 at 10:41:22
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sho'na - SHONA-PC
# Running from : C:\Users\Sho'na\Desktop\DOWNLOADS\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Sho'na\AppData\Roaming\Mozilla\Firefox\Profiles\v9kw7h6i.default-1366691043918\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R1].txt - [712 octets] - [24/07/2014 10:41:22]
AdwCleaner[S0].txt - [932 octets] - [24/07/2014 00:18:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [830 octets] ##########

 

Here is the adwcleaner log after deletion and restart

# AdwCleaner v3.216 - Report created 24/07/2014 at 11:14:06
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sho'na - SHONA-PC
# Running from : C:\Users\Sho'na\Desktop\DOWNLOADS\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Sho'na\AppData\Roaming\Mozilla\Firefox\Profiles\v9kw7h6i.default-1366691043918\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R1].txt - [880 octets] - [24/07/2014 10:41:22]
AdwCleaner[S0].txt - [932 octets] - [24/07/2014 00:18:54]
AdwCleaner[S1].txt - [831 octets] - [24/07/2014 11:14:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [890 octets] ##########
 

Here is the the FRST scan results. FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by Sho'na (administrator) on SHONA-PC on 24-07-2014 12:15:47
Running from C:\Users\Sho'na\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Google Inc.) C:\Users\Sho'na\AppData\Local\Google\Update\GoogleUpdate.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-2100857055-2375584793-429400098-1001\...\Run: [Google Update] => C:\Users\Sho'na\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-08] (Google Inc.)
HKU\S-1-5-21-2100857055-2375584793-429400098-1001\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-2100857055-2375584793-429400098-1001\...\Policies\Explorer: [NoBandCustomize] 0
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?pc=BDT3&ocid=BDT3DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSND&bmod=TSND
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.toshiba.com/g/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {AC4FF943-A866-4520-BC11-E636B5A44BF3} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {5F809BCD-AAC0-415B-88B9-11E041908E0A} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
SearchScopes: HKCU - {AC4FF943-A866-4520-BC11-E636B5A44BF3} URL =
SearchScopes: HKCU - {FEB4EAF6-3217-47C4-BB9E-668C98014687} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Sho'na\AppData\Roaming\Mozilla\Firefox\Profiles\v9kw7h6i.default-1366691043918
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1212152.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Sho'na\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Sho'na\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sho'na\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Sho'na\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Sho'na\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sho'na\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Sho'na\AppData\Roaming\Mozilla\Firefox\Profiles\v9kw7h6i.default-1366691043918\Extensions\donottrackplus@abine.com [2014-07-14]
FF Extension: NoScript - C:\Users\Sho'na\AppData\Roaming\Mozilla\Firefox\Profiles\v9kw7h6i.default-1366691043918\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-04]
FF Extension: Adblock Plus - C:\Users\Sho'na\AppData\Roaming\Mozilla\Firefox\Profiles\v9kw7h6i.default-1366691043918\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-10-08]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-07-15]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S4 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\S..VC\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel® Corporation) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38456 2013-02-11] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-02] (GFI Software)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-15] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-07-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-07-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [41304 2012-12-21] (Anchorfree Inc.)
S2 trackcam; C:\Windows\System32\DRIVERS\trackcam.sys [81352 2009-10-09] (Eagletron Inc.)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-24] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 12:15 - 2014-07-24 12:16 - 00020192 _____ () C:\Users\Sho'na\Desktop\FRST.txt
2014-07-24 11:16 - 2014-07-24 11:16 - 00000314 _____ () C:\windows\PFRO.log
2014-07-24 11:16 - 2014-07-24 11:16 - 00000056 _____ () C:\windows\setupact.log
2014-07-24 11:16 - 2014-07-24 11:16 - 00000000 _____ () C:\windows\setuperr.log
2014-07-24 11:08 - 2014-07-24 12:15 - 00000000 ____D () C:\FRST
2014-07-24 11:07 - 2014-07-24 11:07 - 02093568 _____ (Farbar) C:\Users\Sho'na\Desktop\FRST64.exe
2014-07-24 03:05 - 2014-07-24 03:05 - 00025768 _____ () C:\Users\Sho'na\Desktop\dds.txt
2014-07-24 03:05 - 2014-07-24 03:05 - 00010833 _____ () C:\Users\Sho'na\Desktop\attach.txt
2014-07-24 02:56 - 2014-07-24 02:56 - 00688992 ____R (Swearware) C:\Users\Sho'na\Downloads\dds.com
2014-07-24 01:25 - 2014-07-24 04:30 - 00000000 ____D () C:\Users\Sho'na\Desktop\SCREEN CAPTURES AND DONLOADS
2014-07-24 00:40 - 2014-07-24 00:40 - 00001069 _____ () C:\Users\Sho'na\Desktop\JRT.txt
2014-07-24 00:24 - 2014-07-24 00:25 - 00000000 ____D () C:\Users\Sho'na\Desktop\PICTURES TO  PUT ON WEBSITE
2014-07-24 00:15 - 2014-07-24 11:14 - 00000000 ____D () C:\AdwCleaner
2014-07-24 00:15 - 2014-07-24 00:15 - 00000870 _____ () C:\Users\Sho'na\Desktop\AdwCleaner[R0].txt
2014-07-23 23:37 - 2014-07-24 00:01 - 00000000 ____D () C:\Users\Sho'na\Desktop\ALL PHOTOSHOPSD PICTURES AND EVERYTHING
2014-07-23 15:33 - 2014-07-23 15:33 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\Lavasoft
2014-07-23 15:24 - 2014-07-24 11:16 - 00002316 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-07-23 15:24 - 2014-07-23 15:24 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\LavasoftStatistics
2014-07-23 15:24 - 2014-07-23 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-07-23 15:24 - 2014-07-23 15:24 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-23 15:18 - 2014-07-23 15:18 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-23 15:17 - 2014-07-23 15:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-23 15:03 - 2014-07-24 00:33 - 00002312 _____ () C:\Users\Sho'na\Desktop\Rkill.txt
2014-07-23 15:03 - 2014-07-23 15:03 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Sho'na\Desktop\rkill.exe
2014-07-23 14:54 - 2014-07-23 14:54 - 00000000 ____D () C:\windows\ERUNT
2014-07-23 14:49 - 2014-07-23 14:49 - 01016261 _____ (Thisisu) C:\Users\Sho'na\Desktop\JRT.exe
2014-07-21 15:24 - 2014-07-21 15:24 - 00001819 _____ () C:\Users\Sho'na\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-21 15:24 - 2014-07-21 15:24 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\SUPERAntiSpyware.com
2014-07-21 15:24 - 2014-07-21 15:24 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-21 15:24 - 2014-07-21 15:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-21 15:24 - 2014-07-21 15:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-21 15:03 - 2014-07-23 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 15:03 - 2014-07-21 15:04 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 15:03 - 2014-07-21 15:03 - 00001131 _____ () C:\Users\Sho'na\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 15:03 - 2014-07-21 15:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 15:03 - 2014-07-21 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-21 15:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-21 15:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-21 15:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-20 17:49 - 2014-07-20 17:54 - 00033280 ___SH () C:\Users\Sho'na\AppData\Roaming\Thumbs.db
2014-07-16 13:14 - 2014-07-24 00:44 - 00029160 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-07-16 13:14 - 2014-07-17 12:34 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-16 11:45 - 2014-07-16 11:45 - 04770904 _____ () C:\Users\Sho'na\Desktop\RogueKiller.exe
2014-07-16 11:22 - 2014-07-17 12:34 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-16 11:22 - 2014-07-17 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-16 11:22 - 2014-07-16 11:22 - 00002128 _____ () C:\Users\Sho'na\Desktop\Microsoft Security Essentials.lnk
2014-07-16 10:59 - 2014-07-24 11:20 - 00478031 _____ () C:\windows\WindowsUpdate.log
2014-07-15 21:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-15 20:46 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-07-15 20:46 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-07-15 01:14 - 2014-07-15 01:14 - 00001089 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2014-07-15 01:14 - 2013-11-11 22:18 - 00064856 _____ (Kaspersky Lab) C:\windows\system32\klfphc.dll
2014-07-15 01:14 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\windows\system32\Drivers\CSCrySec.sys
2014-07-15 01:14 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\windows\system32\Drivers\CSVirtualDiskDrv.sys
2014-07-15 01:13 - 2014-07-17 12:34 - 00000000 ____D () C:\windows\ELAMBKUP
2014-07-15 01:13 - 2014-07-15 01:35 - 00628288 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-07-15 01:13 - 2014-07-15 01:35 - 00092768 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-07-15 01:13 - 2014-07-15 01:13 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-14 23:08 - 2014-07-22 15:51 - 00000454 ____H () C:\windows\Tasks\Norton Security Scan for Sho'na.job
2014-07-14 23:08 - 2014-07-17 12:34 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-07-14 23:08 - 2014-07-14 23:08 - 00003614 _____ () C:\windows\System32\Tasks\Norton Security Scan for Sho'na
2014-07-14 23:08 - 2014-07-14 23:08 - 00000000 ____D () C:\windows\system32\Drivers\NSSx64
2014-07-14 19:50 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-07-14 19:50 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-14 19:50 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-14 19:50 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-07-14 19:50 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-07-14 19:50 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-07-14 19:50 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-07-14 19:50 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-07-14 19:50 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-07-14 19:50 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-07-14 19:50 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-07-14 19:50 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-07-14 19:50 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-07-14 19:50 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-07-14 19:50 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-07-14 19:50 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-07-14 19:46 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-07-14 19:46 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-07-14 15:53 - 2014-07-14 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-14 15:53 - 2014-07-14 15:52 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-14 15:53 - 2014-07-14 15:52 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-14 15:53 - 2014-07-14 15:52 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-14 15:53 - 2014-07-14 15:52 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-14 15:13 - 2014-07-14 15:13 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\Oracle
2014-07-14 09:11 - 2014-07-14 09:12 - 00004204 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b15.log
2014-07-12 03:42 - 2014-07-16 05:47 - 00000000 ____D () C:\Users\Sho'na\Desktop\SWIX SWF FILES
2014-07-12 02:36 - 2014-07-12 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWiX
2014-07-12 02:36 - 2014-07-12 02:36 - 00000980 _____ () C:\Users\Sho'na\Desktop\SWiX.lnk
2014-07-12 02:36 - 2014-07-12 02:36 - 00000000 ____D () C:\Program Files (x86)\SWiX
2014-07-12 01:11 - 2014-07-12 01:11 - 00000000 ____D () C:\Users\Sho'na\Adobe Flash Builder 4
2014-07-10 01:52 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-10 01:52 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-10 01:52 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 01:52 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 01:52 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-10 01:52 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 01:52 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 01:52 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-10 01:52 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-10 01:52 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-10 01:52 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 01:52 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-10 01:52 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 01:52 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 01:52 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-10 01:52 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-10 01:52 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-10 01:52 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 01:52 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 01:52 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 01:52 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-10 01:52 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-10 01:52 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 01:52 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 01:52 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 01:52 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-10 01:52 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-10 01:52 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-10 01:52 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-10 01:52 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-10 01:52 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 01:52 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-10 01:52 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-10 01:52 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-10 01:52 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 01:52 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-10 01:52 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-10 01:52 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-10 01:52 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-10 01:52 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-10 01:52 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 01:52 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-10 01:52 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-10 01:52 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 01:52 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-10 01:52 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-10 01:52 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 01:52 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-10 01:52 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-10 01:52 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-10 01:52 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-10 01:52 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 01:52 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-10 01:52 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-10 01:52 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-10 01:52 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-10 01:41 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 01:41 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-10 01:41 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 01:41 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 01:41 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-10 01:41 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 01:41 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 01:41 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 01:41 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-10 01:41 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 01:41 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 01:41 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 01:41 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-10 01:41 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-10 01:41 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-10 01:41 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-10 01:41 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-10 01:41 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-10 01:41 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-10 01:41 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-10 01:36 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 01:36 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-10 01:36 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-01 06:47 - 2014-07-01 06:47 - 00000061 _____ () C:\windows\wininit.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 12:16 - 2014-07-24 12:15 - 00020192 _____ () C:\Users\Sho'na\Desktop\FRST.txt
2014-07-24 12:15 - 2014-07-24 11:08 - 00000000 ____D () C:\FRST
2014-07-24 11:21 - 2009-07-14 01:13 - 00786578 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-24 11:21 - 2009-07-14 00:45 - 00019248 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 11:21 - 2009-07-14 00:45 - 00019248 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 11:20 - 2014-07-16 10:59 - 00478031 _____ () C:\windows\WindowsUpdate.log
2014-07-24 11:16 - 2014-07-24 11:16 - 00000314 _____ () C:\windows\PFRO.log
2014-07-24 11:16 - 2014-07-24 11:16 - 00000056 _____ () C:\windows\setupact.log
2014-07-24 11:16 - 2014-07-24 11:16 - 00000000 _____ () C:\windows\setuperr.log
2014-07-24 11:16 - 2014-07-23 15:24 - 00002316 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-07-24 11:16 - 2013-07-09 07:01 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100857055-2375584793-429400098-1001UA.job
2014-07-24 11:16 - 2013-07-09 07:01 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100857055-2375584793-429400098-1001Core.job
2014-07-24 11:16 - 2012-12-31 03:23 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 11:16 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-24 11:14 - 2014-07-24 00:15 - 00000000 ____D () C:\AdwCleaner
2014-07-24 11:07 - 2014-07-24 11:07 - 02093568 _____ (Farbar) C:\Users\Sho'na\Desktop\FRST64.exe
2014-07-24 04:30 - 2014-07-24 01:25 - 00000000 ____D () C:\Users\Sho'na\Desktop\SCREEN CAPTURES AND DONLOADS
2014-07-24 03:05 - 2014-07-24 03:05 - 00025768 _____ () C:\Users\Sho'na\Desktop\dds.txt
2014-07-24 03:05 - 2014-07-24 03:05 - 00010833 _____ () C:\Users\Sho'na\Desktop\attach.txt
2014-07-24 02:56 - 2014-07-24 02:56 - 00688992 ____R (Swearware) C:\Users\Sho'na\Downloads\dds.com
2014-07-24 02:35 - 2013-04-18 14:17 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-24 02:35 - 2012-10-09 09:34 - 00000000 ____D () C:\ProgramData\Temp
2014-07-24 02:29 - 2013-08-30 10:14 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-07-24 02:29 - 2013-07-09 07:01 - 00003896 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2100857055-2375584793-429400098-1001UA
2014-07-24 02:29 - 2013-07-09 07:01 - 00003500 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2100857055-2375584793-429400098-1001Core
2014-07-24 02:29 - 2012-12-31 03:23 - 00003770 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-24 02:29 - 2012-10-09 08:06 - 00003506 _____ () C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-SHONA-PC-Sho'na
2014-07-24 02:19 - 2014-04-26 13:18 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\Audacity
2014-07-24 00:44 - 2014-07-16 13:14 - 00029160 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys
2014-07-24 00:40 - 2014-07-24 00:40 - 00001069 _____ () C:\Users\Sho'na\Desktop\JRT.txt
2014-07-24 00:33 - 2014-07-23 15:03 - 00002312 _____ () C:\Users\Sho'na\Desktop\Rkill.txt
2014-07-24 00:27 - 2013-12-20 06:25 - 00000000 ____D () C:\Users\Sho'na\Desktop\Website ME to edit
2014-07-24 00:26 - 2013-08-30 09:56 - 00000000 ____D () C:\Users\Sho'na\Desktop\memememe
2014-07-24 00:25 - 2014-07-24 00:24 - 00000000 ____D () C:\Users\Sho'na\Desktop\PICTURES TO  PUT ON WEBSITE
2014-07-24 00:15 - 2014-07-24 00:15 - 00000870 _____ () C:\Users\Sho'na\Desktop\AdwCleaner[R0].txt
2014-07-24 00:01 - 2014-07-23 23:37 - 00000000 ____D () C:\Users\Sho'na\Desktop\ALL PHOTOSHOPSD PICTURES AND EVERYTHING
2014-07-24 00:00 - 2014-01-27 02:14 - 00000000 ____D () C:\Users\Sho'na\Desktop\THINGS TO USE IN pics
2014-07-23 23:39 - 2014-07-21 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 22:41 - 2013-08-30 09:51 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\Auslogics
2014-07-23 15:33 - 2014-07-23 15:33 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\Lavasoft
2014-07-23 15:24 - 2014-07-23 15:24 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\LavasoftStatistics
2014-07-23 15:24 - 2014-07-23 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-07-23 15:24 - 2014-07-23 15:24 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-23 15:18 - 2014-07-23 15:18 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-23 15:17 - 2014-07-23 15:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-23 15:03 - 2014-07-23 15:03 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Sho'na\Desktop\rkill.exe
2014-07-23 14:54 - 2014-07-23 14:54 - 00000000 ____D () C:\windows\ERUNT
2014-07-23 14:49 - 2014-07-23 14:49 - 01016261 _____ (Thisisu) C:\Users\Sho'na\Desktop\JRT.exe
2014-07-22 15:51 - 2014-07-14 23:08 - 00000454 ____H () C:\windows\Tasks\Norton Security Scan for Sho'na.job
2014-07-21 15:24 - 2014-07-21 15:24 - 00001819 _____ () C:\Users\Sho'na\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-21 15:24 - 2014-07-21 15:24 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\SUPERAntiSpyware.com
2014-07-21 15:24 - 2014-07-21 15:24 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-21 15:24 - 2014-07-21 15:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-21 15:24 - 2014-07-21 15:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-21 15:04 - 2014-07-21 15:03 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 15:03 - 2014-07-21 15:03 - 00001131 _____ () C:\Users\Sho'na\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 15:03 - 2014-07-21 15:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 15:03 - 2014-07-21 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-21 14:27 - 2014-04-29 22:52 - 00000000 ____D () C:\Users\Sho'na\Desktop\VIRTUAL GIFTS
2014-07-20 17:54 - 2014-07-20 17:49 - 00033280 ___SH () C:\Users\Sho'na\AppData\Roaming\Thumbs.db
2014-07-17 12:34 - 2014-07-16 13:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-17 12:34 - 2014-07-16 11:22 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-17 12:34 - 2014-07-16 11:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-17 12:34 - 2014-07-15 01:13 - 00000000 ____D () C:\windows\ELAMBKUP
2014-07-17 12:34 - 2014-07-14 23:08 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-07-17 12:34 - 2014-01-16 00:30 - 00000000 ___RD () C:\Program Files (x86)\S..VC
2014-07-17 12:34 - 2013-04-18 14:17 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-17 12:34 - 2012-12-31 03:26 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2014-07-17 12:34 - 2012-10-09 07:55 - 00000000 ____D () C:\Users\Sho'na
2014-07-17 12:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\schemas
2014-07-17 12:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-07-17 12:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-07-17 12:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\AppCompat
2014-07-16 11:45 - 2014-07-16 11:45 - 04770904 _____ () C:\Users\Sho'na\Desktop\RogueKiller.exe
2014-07-16 11:22 - 2014-07-16 11:22 - 00002128 _____ () C:\Users\Sho'na\Desktop\Microsoft Security Essentials.lnk
2014-07-16 11:22 - 2013-04-04 03:46 - 00001945 _____ () C:\windows\epplauncher.mif
2014-07-16 05:47 - 2014-07-12 03:42 - 00000000 ____D () C:\Users\Sho'na\Desktop\SWIX SWF FILES
2014-07-15 01:49 - 2014-01-16 00:30 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-15 01:49 - 2014-01-16 00:30 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 01:49 - 2014-01-16 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-15 01:35 - 2014-07-15 01:13 - 00628288 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-07-15 01:35 - 2014-07-15 01:13 - 00092768 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-07-15 01:35 - 2013-11-11 22:18 - 00458336 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kl1.sys
2014-07-15 01:14 - 2014-07-15 01:14 - 00001089 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2014-07-15 01:13 - 2014-07-15 01:13 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-14 23:08 - 2014-07-14 23:08 - 00003614 _____ () C:\windows\System32\Tasks\Norton Security Scan for Sho'na
2014-07-14 23:08 - 2014-07-14 23:08 - 00000000 ____D () C:\windows\system32\Drivers\NSSx64
2014-07-14 20:34 - 2010-08-30 00:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-14 16:15 - 2012-10-08 13:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-14 15:53 - 2014-07-14 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-14 15:52 - 2014-07-14 15:53 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-14 15:52 - 2014-07-14 15:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-14 15:52 - 2014-07-14 15:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-14 15:52 - 2014-07-14 15:53 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-14 15:28 - 2013-10-16 08:05 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-14 15:13 - 2014-07-14 15:13 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\Oracle
2014-07-14 09:12 - 2014-07-14 09:11 - 00004204 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b15.log
2014-07-14 09:12 - 2012-10-08 12:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-12 02:47 - 2014-01-27 03:13 - 00000000 ____D () C:\Users\Sho'na\Desktop\animations
2014-07-12 02:37 - 2014-07-12 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWiX
2014-07-12 02:36 - 2014-07-12 02:36 - 00000980 _____ () C:\Users\Sho'na\Desktop\SWiX.lnk
2014-07-12 02:36 - 2014-07-12 02:36 - 00000000 ____D () C:\Program Files (x86)\SWiX
2014-07-12 02:17 - 2012-10-08 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
2014-07-12 01:11 - 2014-07-12 01:11 - 00000000 ____D () C:\Users\Sho'na\Adobe Flash Builder 4
2014-07-10 05:52 - 2012-12-10 20:07 - 00001456 _____ () C:\Users\Sho'na\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-07-10 03:25 - 2009-07-14 00:45 - 04983912 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-10 03:21 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:21 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-10 03:21 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-10 03:04 - 2013-07-30 16:13 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 03:02 - 2012-10-08 20:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 03:02 - 2012-10-08 14:00 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-08 22:58 - 2012-12-31 03:23 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 22:58 - 2012-12-31 03:23 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 17:43 - 2014-03-18 03:42 - 00000000 ____D () C:\Users\Sho'na\Desktop\....UPLOADS
2014-07-01 06:47 - 2014-07-01 06:47 - 00000061 _____ () C:\windows\wininit.ini
2014-06-27 17:14 - 2012-10-09 07:56 - 00000000 ____D () C:\Users\Sho'na\AppData\Roaming\Adobe

Some content of TEMP:
====================
C:\Users\Sho'na\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 13:49

==================== End Of Log ============================

 

Here is the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014
Ran by Sho'na at 2014-07-24 12:16:29
Running from C:\Users\Sho'na\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{9F965DAA-2FFD-41E3-8125-893BFBBE01D6}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 2.5 - Auslogics Software Pty Ltd)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.110 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ENE CIR Receiver Driver (HKLM\...\2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042) (Version: 2.7.4.1 - ENE)
EPSON Artisan 830 Series Printer Uninstall (HKLM\...\EPSON Artisan 830 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTION
FileZilla Client 3.8.0 (HKCU\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Free All-In-One Media Player (HKLM-x32\...\Free Media Player_is1) (Version:  - Free Software Group)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
HitFilm Ultimate (HKLM-x32\...\{B0856D31-5B17-4D5B-819E-1CE3A5C1BBA1}) (Version: 1.1.2412.42325 - FXhome)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.4.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LMMS 0.4.15 (HKLM-x32\...\LMMS) (Version: 0.4.15 - LMMS Developers)
Logitech WebCam Driver (HKLM\...\Logitech WebCam Driver) (Version:  - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
MAGIX Video easy SE (x32 Version: 1.0.4.3 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
ManyCam 3.1.51 (HKLM-x32\...\ManyCam) (Version: 3.1.51 - ManyCam LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 20.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 327.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 327.33 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Control Panel 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5937 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2702 - NVIDIA Corporation) Hidden
NVIDIA StereoUSB Driver (x32 Version: 1.00.0000 - NVIDIA Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
SWiX 1.4.0.2318 (HKLM-x32\...\SWiX_is1) (Version: 1.4.0.2318 - Richmedia Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C - TOSHIBA CORPORATION) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0024.000101 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.14.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.14.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.14.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.0.16-A - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.29 - NCH Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.68 - NCH Software)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Movie Maker Enhancement Pack 2010 (HKLM-x32\...\{20ADC09F-B0AF-4868-85A5-45B972DC4082}_is1) (Version: 1.5 - Chapinsoft, Inc)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID entries: ==========================

(Only entries are listed that could be exploited by malware. If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2100857055-2375584793-429400098-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sho'na\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2100857055-2375584793-429400098-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sho'na\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2100857055-2375584793-429400098-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sho'na\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2100857055-2375584793-429400098-1001_Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InprocServer32 -> C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll ()
CustomCLSID: HKU\S-1-5-21-2100857055-2375584793-429400098-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sho'na\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2100857055-2375584793-429400098-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sho'na\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2100857055-2375584793-429400098-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sho'na\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

14-07-2014 23:46:43 Windows Update
15-07-2014 00:37:27 Removed Microsoft Silverlight
16-07-2014 09:23:56 Windows Update
17-07-2014 15:11:08 Restore Operation
19-07-2014 20:21:21 Windows Update
23-07-2014 18:54:20 Windows Update
23-07-2014 19:17:36 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-07-22 16:20 - 00000768 ___RA C:\windows\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {169BE2FB-57ED-4A71-9249-16FE5136A516} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2100857055-2375584793-429400098-1001UA => C:\Users\Sho'na\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-08] (Google Inc.)
Task: {2818CA48-8472-41C8-8725-A8F38D2696FB} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
Task: {2D8414D1-EF2F-483A-A5C4-CA047856C437} - System32\Tasks\{7D52AEFD-0BAA-4AF7-8EB9-45B4A6BD81BF} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.10.0.115&amp;LastError=12007
Task: {353F6D19-988D-47E2-90FD-893E569C5B55} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {482F9605-2C3D-4BAB-91C6-059FCFAFACF8} - System32\Tasks\Norton Security Scan for Sho'na => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {5125480C-8B02-495B-8064-96606FBFC551} - System32\Tasks\{8A739933-7B4D-4945-97CC-4C2F31BE844F} => Firefox.exe http://ui.skype.com/ui/0/6.11.0.102/en/eula?source=lightinstaller
Task: {72036276-1C4C-4CEB-8A1E-9DAB6339A087} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2100857055-2375584793-429400098-1001Core => C:\Users\Sho'na\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-08] (Google Inc.)
Task: {98C2DB1B-9B42-4561-961B-FFF58A5F6004} - System32\Tasks\AdobeAAMUpdater-1.0-SHONA-PC-Sho'na => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {99FD5826-4B98-4424-AE65-C7A64ECDA58C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {CFA305DE-CCFC-45A7-9C7D-4E272C6E13F1} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File <==== ATTENTION
Task: {F0A27E08-74AF-4F42-BF33-26401E32E7CD} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100857055-2375584793-429400098-1001Core.job => C:\Users\Sho'na\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100857055-2375584793-429400098-1001UA.job => C:\Users\Sho'na\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Norton Security Scan for Sho'na.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Loaded Modules (whitelisted) =============

2014-06-03 15:47 - 2014-06-03 15:47 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
2014-06-03 16:19 - 2014-06-03 16:19 - 00103800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_thread-vc100-mt-1_55.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00024440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_system-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00033656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_chrono-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00055680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_date_time-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00123776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_filesystem-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 10070888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareServiceKernel.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SQLite.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 03393352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\RCF.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00788856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_regex-vc100-mt-1_55.dll
2014-06-03 16:17 - 2014-06-03 16:17 - 00604520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareActivation.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\pugixml.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00360312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareApplicationUpdater.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00149840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\libssh2.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00106824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\zlib.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00142696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareGamingMode.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00098648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareReset.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00120152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTime.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00290168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdater.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00198024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00417128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIgnoreList.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00245608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareQuarantine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00336752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiMalwareEngine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00212336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiRootkitEngine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00509808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerHistory.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00610144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScanner.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00035192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_timer-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00326000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerScheduler.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00453496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareRealTimeProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00227688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIncompatibles.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00218976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiSpam.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00171368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiPhishing.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00786800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareParentalControl.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 01936744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareWebProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00422256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareEmailProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00650608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareNetworkProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00358744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwarePromo.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00298336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareFeedback.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00371576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareThreatWorkAlliance.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00154464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SecurityCenter.dll
2014-06-18 02:38 - 2014-06-18 02:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:nYTfN6sNDTGxdj80xhMYM
AlternateDataStreams: C:\ProgramData\Microsoft:qwYOgU8N9xepYABgbhs
AlternateDataStreams: C:\ProgramData\Microsoft:yawpjeyWcu93Jnyh1qwIl9PB
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Sho'na\Local Settings:5h2VaKqRDusxOOpCwN3O
AlternateDataStreams: C:\Users\Sho'na\AppData\Local:5h2VaKqRDusxOOpCwN3O
AlternateDataStreams: C:\Users\Sho'na\AppData\Local\Application Data:5h2VaKqRDusxOOpCwN3O
AlternateDataStreams: C:\Users\Sho'na\AppData\Local\Temp:EDC5e2L4ruP2JVD3yH6Cu

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07573760.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26005352.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48043194.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84123834.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\88082371.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07573760.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26005352.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48043194.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84123834.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\88082371.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: DMAgent => 2
MSCONFIG\startupfolder: C:^Users^Sho'na^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logicool . Product Registration.lnk => C:\windows\pss\Logicool . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Sho'na^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVP => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPSON Artisan 830 Series => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE /FU "C:\windows\TEMP\E_SA505.tmp" /EF "HKCU"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: Logicool Vid => "C:\Program Files (x86)\Logicool\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

==================== Faulty Device Manager Devices =============

Name: Symantec Eraser Control driver
Description: Symantec Eraser Control driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: eeCtrl
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 11:17:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpservice.dll, version: 13.0.2.558, time stamp: 0x50d31e10
Exception code: 0xc0000005
Fault offset: 0x00002ea4
Faulting process id: 0x6f0
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (07/24/2014 11:16:28 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/24/2014 11:16:28 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/24/2014 11:16:28 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/24/2014 11:16:28 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/24/2014 11:16:27 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/24/2014 11:16:27 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/24/2014 11:16:27 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/24/2014 11:16:27 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/24/2014 11:16:27 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (07/24/2014 11:17:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/24/2014 11:16:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/24/2014 11:16:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (07/24/2014 11:16:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error: (07/24/2014 11:16:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrackerCam Video Capture Driver service failed to start due to the following error:
%%1058

Error: (07/24/2014 11:16:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2

Error: (07/24/2014 11:14:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (07/24/2014 11:14:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (07/24/2014 11:14:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (07/24/2014 11:14:33 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-24 12:06:23.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 12:06:23.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 12:06:23.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 12:06:23.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 12:06:23.332
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 12:06:23.332
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 12:40:24.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 12:40:24.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 12:40:24.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 12:40:24.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3954.67 MB
Available physical RAM: 2028.81 MB
Total Pagefile: 7907.52 MB
Available Pagefile: 5733.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106042W0A) (Fixed) (Total:452.7 GB) (Free:390.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 3961B216)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

==================== End Of Log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 24 July 2014 - 01:16 PM

This is your default Firefox profile. It will always be re-created.
[ File : C:\Users\Sho'na\AppData\Roaming\Mozilla\Firefox\Profiles\v9kw7h6i.default-1366691043918\prefs.js ]
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
Task: {CFA305DE-CCFC-45A7-9C7D-4E272C6E13F1} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File <==== ATTENTION
Task: {F0A27E08-74AF-4F42-BF33-26401E32E7CD} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {2818CA48-8472-41C8-8725-A8F38D2696FB} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:nYTfN6sNDTGxdj80xhMYM
AlternateDataStreams: C:\ProgramData\Microsoft:qwYOgU8N9xepYABgbhs
AlternateDataStreams: C:\ProgramData\Microsoft:yawpjeyWcu93Jnyh1qwIl9PB
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Sho'na\Local Settings:5h2VaKqRDusxOOpCwN3O
AlternateDataStreams: C:\Users\Sho'na\AppData\Local:5h2VaKqRDusxOOpCwN3O
AlternateDataStreams: C:\Users\Sho'na\AppData\Local\Application Data:5h2VaKqRDusxOOpCwN3O
AlternateDataStreams: C:\Users\Sho'na\AppData\Local\Temp:EDC5e2L4ruP2JVD3yH6Cu

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#7 dreamgirl barbie

dreamgirl barbie
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:07 AM

Posted 24 July 2014 - 02:23 PM

Thank you Nasdaq. I greatly appreciate it. My computer is still running slow but I noticed no ads which is good thanks. When I tried to connect to bleepingcomputer.com it gave me this message:

The connection was reset

The connection to the server was reset while the page was loading.

    The site could be temporarily unavailable or too busy. Try again in a few moments.

    If you are unable to load any pages, check your computer's network connection.

    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

  So I Tried Again to connect and it gave me this message:

Server not found

Firefox can't find the server at www.google.com.

    Check the address for typing errors such as ww.example.com instead of www.example.com

    If you are unable to load any pages, check your computer's network connection.

    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

I eventually got to load after lots of refreshing the page over and over again. It takes a very long time sometimes but

Here is my fixlist.txt file.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by Sho'na at 2014-07-24 14:44:41 Run:1
Running from C:\Users\Sho'na\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
Task: {CFA305DE-CCFC-45A7-9C7D-4E272C6E13F1} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File <==== ATTENTION
Task: {F0A27E08-74AF-4F42-BF33-26401E32E7CD} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {2818CA48-8472-41C8-8725-A8F38D2696FB} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:nYTfN6sNDTGxdj80xhMYM
AlternateDataStreams: C:\ProgramData\Microsoft:qwYOgU8N9xepYABgbhs
AlternateDataStreams: C:\ProgramData\Microsoft:yawpjeyWcu93Jnyh1qwIl9PB
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Sho'na\Local Settings:5h2VaKqRDusxOOpCwN3O
AlternateDataStreams: C:\Users\Sho'na\AppData\Local:5h2VaKqRDusxOOpCwN3O
AlternateDataStreams: C:\Users\Sho'na\AppData\Local\Application Data:5h2VaKqRDusxOOpCwN3O
AlternateDataStreams: C:\Users\Sho'na\AppData\Local\Temp:EDC5e2L4ruP2JVD3yH6Cu

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6" => Key deleted successfully.
C:\Program Files (x86)\Yahoo!\Shared\npYState.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File" => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Bulk1528 => Service deleted successfully.
Ca1528av => Service deleted successfully.
clwvd => Service deleted successfully.
eeCtrl => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFA305DE-CCFC-45A7-9C7D-4E272C6E13F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFA305DE-CCFC-45A7-9C7D-4E272C6E13F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0A27E08-74AF-4F42-BF33-26401E32E7CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0A27E08-74AF-4F42-BF33-26401E32E7CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2818CA48-8472-41C8-8725-A8F38D2696FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2818CA48-8472-41C8-8725-A8F38D2696FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST" => Key deleted successfully.
C:\ProgramData\Microsoft => ":nYTfN6sNDTGxdj80xhMYM" ADS removed successfully.
C:\ProgramData\Microsoft => ":qwYOgU8N9xepYABgbhs" ADS removed successfully.
C:\ProgramData\Microsoft => ":yawpjeyWcu93Jnyh1qwIl9PB" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
"C:\Users\Sho'na\Local Settings" => ":5h2VaKqRDusxOOpCwN3O" ADS not found.
C:\Users\Sho'na\AppData\Local => ":5h2VaKqRDusxOOpCwN3O" ADS removed successfully.
"C:\Users\Sho'na\AppData\Local\Application Data" => ":5h2VaKqRDusxOOpCwN3O" ADS not found.
C:\Users\Sho'na\AppData\Local\Temp => ":EDC5e2L4ruP2JVD3yH6Cu" ADS removed successfully.

==== End of Fixlog ====

 

I also still believe pum.dns is still on my laptop. which could possibly be what is slowing it down.I think.



#8 dreamgirl barbie

dreamgirl barbie
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:07 AM

Posted 24 July 2014 - 02:50 PM

checkup.txt

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
Ad-Aware Antivirus              
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Auslogics Registry Cleaner   
 Java 7 Update 60  
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.2.5952.0\AdAwareService.exe
 Kaspersky Lab Kaspersky PURE 3.0 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 25 July 2014 - 07:10 AM


Reset your IP.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If you DNS problem persists it just may be that your router was compromised. (If connected to a router)

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u65.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 60

===

How is the computer running now?

#10 dreamgirl barbie

dreamgirl barbie
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:07 AM

Posted 27 July 2014 - 11:23 AM

 My laptop is moving quicker thanks for that, but  I still have something that is preventing me from resetting my router though. I have reset it in the past with no problem but do not know why it wont this time.  Is there anything else you can run on my laptop to see if malware spyware or anything else is preventing this from happening or is the cause of theother wierd things still going on and present because some things are still not quite right but thanks for what you have done



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 27 July 2014 - 12:55 PM


Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#12 dreamgirl barbie

dreamgirl barbie
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:07 AM

Posted 27 July 2014 - 08:52 PM

that's strange **Tracker cam isn't sepposed to be on my laptop. do you know how to remove tracker cam fully?

wi-max shouldn't be running only wi-fi which is another thing that have concerned me.

here is MiniToolBox:

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Sho'na (administrator) on 27-07-2014 at 19:59:20
Running from "C:\Users\Sho'na\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1    localhost

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6250 AGN = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Intel® Centrino® WiMAX 6250 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Shona-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : neo.rr.com

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 00-23-15-93-23-AD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-23-15-93-23-AD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
   Physical Address. . . . . . . . . : 64-D4-DA-18-F9-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : neo.rr.com
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
   Physical Address. . . . . . . . . : 00-23-15-93-23-AC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4dea:bec6:5e6f:7228%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, July 27, 2014 7:03:06 PM
   Lease Expires . . . . . . . . . . : Sunday, July 27, 2014 8:33:05 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 301998869
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-04-D8-A3-88-AE-1D-EE-AB-4F
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 88-AE-1D-EE-AB-4F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.neo.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : neo.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EDB2B378-30A3-4ABC-BEC4-2D548416B42F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:3c09:192e:e75a:7946(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3c09:192e:e75a:7946%22(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A9DAD4C8-9052-4348-B703-5745201BB78E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A2116214-82F0-4CE2-8032-9C85AAA228D5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B7B096D5-0C6F-4D3E-AFF2-772B80CFFFA8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{50A4EA29-1006-427E-9FBA-C3EBA0955AB2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #9
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4009:805::1002
      173.194.46.72
      173.194.46.73
      173.194.46.68
      173.194.46.64
      173.194.46.71
      173.194.46.65
      173.194.46.69
      173.194.46.67
      173.194.46.78
      173.194.46.70
      173.194.46.66


Pinging google.com [74.125.225.8] with 32 bytes of data:
Reply from 74.125.225.8: bytes=32 time=41ms TTL=52
Reply from 74.125.225.8: bytes=32 time=39ms TTL=52

Ping statistics for 74.125.225.8:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 41ms, Average = 40ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=58ms TTL=49
Reply from 98.138.253.109: bytes=32 time=67ms TTL=49

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 58ms, Maximum = 67ms, Average = 62ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 21...00 23 15 93 23 ad ......Microsoft Virtual WiFi Miniport Adapter #2
 20...00 23 15 93 23 ad ......Microsoft Virtual WiFi Miniport Adapter
 12...64 d4 da 18 f9 34 ......Intel® Centrino® WiMAX 6250
 11...00 23 15 93 23 ac ......Intel® Centrino® Advanced-N 6250 AGN
 10...88 ae 1d ee ab 4f ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
 38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.4    281
      192.168.0.4  255.255.255.255         On-link       192.168.0.4    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.4    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 22     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 22     58 2001::/32                On-link
 22    306 2001:0:9d38:6abd:3c09:192e:e75a:7946/128
                                    On-link
 11    281 fe80::/64                On-link
 22    306 fe80::/64                On-link
 22    306 fe80::3c09:192e:e75a:7946/128
                                    On-link
 11    281 fe80::4dea:bec6:5e6f:7228/128
                                    On-link
  1    306 ff00::/8                 On-link
 22    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/27/2014 02:48:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpservice.dll, version: 13.0.2.558, time stamp: 0x50d31e10
Exception code: 0xc0000005
Fault offset: 0x00002ec3
Faulting process id: 0x4ec
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (07/27/2014 00:10:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpservice.dll, version: 13.0.2.558, time stamp: 0x50d31e10
Exception code: 0xc0000005
Fault offset: 0x00002ea4
Faulting process id: 0x6b4
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (07/26/2014 02:49:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpservice.dll, version: 13.0.2.558, time stamp: 0x50d31e10
Exception code: 0xc0000005
Fault offset: 0x00002ea4
Faulting process id: 0xf5c
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (07/25/2014 07:49:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpservice.dll, version: 13.0.2.558, time stamp: 0x50d31e10
Exception code: 0xc0000005
Fault offset: 0x00002ec3
Faulting process id: 0x1008
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (07/25/2014 06:23:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpservice.dll, version: 13.0.2.558, time stamp: 0x50d31e10
Exception code: 0xc0000005
Fault offset: 0x00002ea4
Faulting process id: 0x6d8
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (07/24/2014 06:11:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpservice.dll, version: 13.0.2.558, time stamp: 0x50d31e10
Exception code: 0xc0000005
Fault offset: 0x00002ea4
Faulting process id: 0x1088
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (07/24/2014 02:57:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpservice.dll, version: 13.0.2.558, time stamp: 0x50d31e10
Exception code: 0xc0000005
Fault offset: 0x00002ea4
Faulting process id: 0x6cc
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (07/24/2014 02:54:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpservice.dll, version: 13.0.2.558, time stamp: 0x50d31e10
Exception code: 0xc0000005
Fault offset: 0x00002ea4
Faulting process id: 0xb60
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (07/24/2014 11:17:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: avp.exe, version: 13.0.2.628, time stamp: 0x52558951
Faulting module name: avpservice.dll, version: 13.0.2.558, time stamp: 0x50d31e10
Exception code: 0xc0000005
Fault offset: 0x00002ea4
Faulting process id: 0x6f0
Faulting application start time: 0xavp.exe0
Faulting application path: avp.exe1
Faulting module path: avp.exe2
Report Id: avp.exe3

Error: (07/24/2014 11:16:28 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/27/2014 02:48:08 PM) (Source: Service Control Manager) (User: )
Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/27/2014 00:10:55 PM) (Source: Service Control Manager) (User: )
Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/27/2014 00:04:19 PM) (Source: Service Control Manager) (User: )
Description: The TrackerCam Video Capture Driver service failed to start due to the following error:
%%1058

Error: (07/26/2014 02:49:03 PM) (Source: Service Control Manager) (User: )
Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (07/25/2014 07:49:47 PM) (Source: Service Control Manager) (User: )
Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/25/2014 06:23:26 PM) (Source: Service Control Manager) (User: )
Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/25/2014 06:21:36 PM) (Source: Service Control Manager) (User: )
Description: The TrackerCam Video Capture Driver service failed to start due to the following error:
%%1058

Error: (07/24/2014 03:23:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.179.894.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/24/2014 03:23:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.179.894.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/24/2014 02:57:23 PM) (Source: Service Control Manager) (User: )
Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-27 13:25:51.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-27 13:25:51.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-27 13:25:51.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-27 13:25:51.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-27 13:25:51.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-27 13:25:51.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 12:06:23.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 12:06:23.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 12:06:23.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-24 12:06:23.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


**** End of log ****
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 28 July 2014 - 07:08 AM



**Tracker cam isn't sepposed to be on my laptop. do you know how to remove tracker cam fully?


The service is still running.
S2 trackcam;TrackerCam Video Capture Driver;C:\windows\System32\drivers\trackcam.sys [2012-12-22 81352]

From the start > run box enter services.msc hit the OK button.
Look for the service and disable it.
Click the apply button if required.

This will only disable the service. Should you ever need it it will be easy to re-encable it.
===

wi-max shouldn't be running only wi-fi which is another thing that have concerned me.


It looks like it's disconnected.

From your log.
Intel® Centrino® WiMAX 6250 = Local Area Connection 2 (Media disconnected)

These are from the Installed program list.
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.4.0 - Intel Corporation)
ntel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)

Possibly disconnected via the MSCONFIG.
MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash

The drivers and services on your system.
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104]

S4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]

===

The issue of Wifi etc... is not my forte.

I suggest you start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/forum21.html

An expert in this field should be able to help you better than I can.

The topic will stay open until you solve this problem.

Keep me posted.

#14 dreamgirl barbie

dreamgirl barbie
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:07 AM

Posted 30 July 2014 - 05:03 AM

 Hi thanks I was finally able to reset my router back to factory and things has gotten better in that sense but other things have gotten worse on my laptop. It kept freezing and doing weird stuff so I ranan antivirus scan and it found the security.exe to be a trojan and deleted it. ( on the finished scan results that was all it found ) I had three of them ( security.exe ) on my computer when I only downloaded one from the link you gave me.Then went to reboot my laptop and it froze up completely at start up ( boot ) I tried to unfreeze it in safe mode but that didn't work but finally after about 45 minutes I got it to unfreeze by pushing repair computer.however it did revert back to a previous time when it was working correctly...so some things have reverted back to how they were and I do not know what was affected.

   Just for informational puposes and curiosity I ran roguekiller without deleting and  I  had antirootkits in roguekiller ( kernal mode rootkits that were colored red ) which I never had on previous scans. I also have even more pum.dns then I ever had ( which is very scary and dangerous ) I am so frustrated please help. It seems things are slowly getting worse. Thanks again for your help

 


Edited by dreamgirl barbie, 30 July 2014 - 05:07 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 30 July 2014 - 08:30 AM


Lets check your boot sector.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users