Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Generic5 and Java Exploit Virus


  • This topic is locked This topic is locked
27 replies to this topic

#1 slowcompmark

slowcompmark

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 24 July 2014 - 11:35 PM

Recently my computer has been getting pop-ups and AVG keeps picking up a couple of infections.  AVG says they have been secured, but they keep coming back in the scans and the popups are still occurring.  Here is my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by T at 21:19:21 on 2014-07-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.1962 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Users\T\AppData\Local\fst_ca_190\upfst_ca_190.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
C:\Program Files (x86)\fst_ca_190\fst_ca_190.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\windows\splwow64.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [ctfmon.exe] C:\windows\System32\ctfmon.exe
uRun: [AVG-Secure-Search-Update_0913b] C:\Users\T\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 728fb40a7ceb440d907b9e5fa837d665-a00d0221272b5b728990e78ded5e1a95537bf145 --CMPID 0913b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [fst_ca_190] "C:\Program Files (x86)\fst_ca_190\fst_ca_190.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [upfst_ca_190.exe] C:\Users\T\AppData\Local\fst_ca_190\upfst_ca_190.exe -runonce
StartupFolder: C:\Users\T\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 64.59.144.17 64.59.150.133
TCP: Interfaces\{934325CF-ADE5-48AE-8465-F3FB180EC75E} : DHCPNameServer = 64.59.144.17 64.59.150.133
TCP: Interfaces\{934325CF-ADE5-48AE-8465-F3FB180EC75E}\05F434F4F57457563747 : DHCPNameServer = 8.8.8.8 4.2.2.1 64.59.144.18 64.59.144.19
TCP: Interfaces\{934325CF-ADE5-48AE-8465-F3FB180EC75E}\345324242353 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{934325CF-ADE5-48AE-8465-F3FB180EC75E}\4554C4553543039323 : DHCPNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{934325CF-ADE5-48AE-8465-F3FB180EC75E}\535424642344 : DHCPNameServer = 64.59.144.17 64.59.150.133
TCP: Interfaces\{A369DE45-0390-4F73-BE06-BA8DA11BD03E} : DHCPNameServer = 172.27.172.1
TCP: Interfaces\{A8C17799-0268-4C8C-8AE3-B33058CB5676} : DHCPNameServer = 64.71.255.254 64.71.255.253
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://www.toshiba.ca/welcome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\
FF - prefs.js: browser.search.selectedEngine - AVG Nation Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: keyword.URL -
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-6-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-17 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-9-29 50464]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-7-2 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-6-27 3241488]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-6-17 289328]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.SYS [2010-9-11 11576]
R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [2014-5-2 1793536]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-7-2 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-7-2 35008]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-8-6 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-6-25 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-7-2 232992]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-7-2 51512]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-6-25 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-8-31 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-07-22 04:50:45    --------    d-----w-    C:\Program Files\iPod
2014-07-22 04:50:43    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-22 04:50:43    --------    d-----w-    C:\Program Files\iTunes
2014-07-22 04:50:43    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-07-20 05:16:29    --------    d-----w-    C:\Users\T\AppData\Roaming\uTorrent
2014-07-20 05:13:17    --------    d-----w-    C:\Users\T\AppData\Local\fst_ca_190
2014-07-20 05:13:17    --------    d-----w-    C:\Program Files (x86)\fst_ca_190
2014-07-20 05:13:15    --------    d-----w-    C:\Users\T\AppData\Local\Programs
2014-07-20 05:13:04    --------    d-----w-    C:\Program Files (x86)\di7BlockAndSurf
2014-07-20 05:12:47    --------    d-----w-    C:\Users\T\AppData\Roaming\GetPrivate
2014-07-20 05:10:02    --------    d-----w-    C:\Users\T\AppData\Roaming\.ABC
2014-07-20 05:09:47    --------    d-----w-    C:\Program Files (x86)\ABC
2014-07-18 03:40:05    --------    d-----w-    C:\Users\T\AppData\Local\Skype
2014-07-18 03:39:35    --------    d-----r-    C:\Program Files (x86)\Skype
2014-07-17 04:46:16    --------    d-----w-    C:\Users\T\AppData\Roaming\DropboxMaster
2014-07-10 04:26:50    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-07-10 04:26:49    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-07-10 04:26:49    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
.
==================== Find3M  ====================
.
2014-07-10 05:44:29    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 05:44:29    699056    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33    519168    ----a-w-    C:\windows\System32\aepdu.dll
2014-06-30 02:04:49    424448    ----a-w-    C:\windows\System32\aeinv.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\windows\System32\win32k.sys
2014-06-17 23:21:34    235800    ----a-w-    C:\windows\System32\drivers\avgldx64.sys
2014-06-17 23:07:12    328984    ----a-w-    C:\windows\System32\drivers\avgloga.sys
2014-06-17 23:06:58    269080    ----a-w-    C:\windows\System32\drivers\avgtdia.sys
2014-06-17 23:06:24    190744    ----a-w-    C:\windows\System32\drivers\avgidsha.sys
2014-06-17 23:06:22    242968    ----a-w-    C:\windows\System32\drivers\avgidsdrivera.sys
2014-06-17 23:06:22    153368    ----a-w-    C:\windows\System32\drivers\avgdiska.sys
2014-06-17 23:06:20    123672    ----a-w-    C:\windows\System32\drivers\avgmfx64.sys
2014-06-17 23:06:06    31512    ----a-w-    C:\windows\System32\drivers\avgrkx64.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-05-30 08:08:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
2014-05-08 09:32:11    3178496    ----a-w-    C:\windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\windows\System32\RdpGroupPolicyExtension.dll
2014-05-02 17:29:24    50464    ----a-w-    C:\windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 21:20:31.96 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 AM

Posted 29 July 2014 - 11:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542170 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:17 AM

Posted 30 July 2014 - 02:27 PM

Hello slowcompmark and welcome to BleepingComputer!  :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be check for approval first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 2 days, feel free to PM me.  :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

 

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 slowcompmark

slowcompmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 31 July 2014 - 07:09 PM

Thanks Sirawit!  I have removed utorrent and reran DDS as per HelpBot.  I will attach that log followed by the two Farbar logs.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by T at 16:51:18 on 2014-07-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.2039 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Users\T\AppData\Local\fst_ca_190\upfst_ca_190.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
C:\Program Files (x86)\fst_ca_190\fst_ca_190.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [ctfmon.exe] C:\windows\System32\ctfmon.exe
uRun: [AVG-Secure-Search-Update_0913b] C:\Users\T\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 728fb40a7ceb440d907b9e5fa837d665-a00d0221272b5b728990e78ded5e1a95537bf145 --CMPID 0913b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [fst_ca_190] "C:\Program Files (x86)\fst_ca_190\fst_ca_190.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [upfst_ca_190.exe] C:\Users\T\AppData\Local\fst_ca_190\upfst_ca_190.exe -runonce
StartupFolder: C:\Users\T\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 64.59.144.17 64.59.150.133
TCP: Interfaces\{934325CF-ADE5-48AE-8465-F3FB180EC75E} : DHCPNameServer = 64.59.144.17 64.59.150.133
TCP: Interfaces\{934325CF-ADE5-48AE-8465-F3FB180EC75E}\05F434F4F57457563747 : DHCPNameServer = 8.8.8.8 4.2.2.1 64.59.144.18 64.59.144.19
TCP: Interfaces\{934325CF-ADE5-48AE-8465-F3FB180EC75E}\345324242353 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{934325CF-ADE5-48AE-8465-F3FB180EC75E}\4554C4553543039323 : DHCPNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{934325CF-ADE5-48AE-8465-F3FB180EC75E}\D41627B67237027596D2649602E4564777F627B6 : DHCPNameServer = 64.59.144.17 64.59.150.133
TCP: Interfaces\{A369DE45-0390-4F73-BE06-BA8DA11BD03E} : DHCPNameServer = 172.27.172.1
TCP: Interfaces\{A8C17799-0268-4C8C-8AE3-B33058CB5676} : DHCPNameServer = 64.71.255.254 64.71.255.253
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://www.toshiba.ca/welcome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\
FF - prefs.js: browser.search.selectedEngine - AVG Nation Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: keyword.URL -
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-6-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-17 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-9-29 50464]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-7-2 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-6-27 3241488]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-6-17 289328]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.SYS [2010-9-11 11576]
R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [2014-5-2 1793536]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-7-2 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-7-2 35008]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-8-6 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-6-25 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-7-2 232992]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-7-2 51512]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-6-25 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-8-31 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-07-22 04:50:45    --------    d-----w-    C:\Program Files\iPod
2014-07-22 04:50:43    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-22 04:50:43    --------    d-----w-    C:\Program Files\iTunes
2014-07-22 04:50:43    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-07-20 05:16:29    --------    d-----w-    C:\Users\T\AppData\Roaming\uTorrent
2014-07-20 05:13:17    --------    d-----w-    C:\Users\T\AppData\Local\fst_ca_190
2014-07-20 05:13:17    --------    d-----w-    C:\Program Files (x86)\fst_ca_190
2014-07-20 05:13:15    --------    d-----w-    C:\Users\T\AppData\Local\Programs
2014-07-20 05:13:04    --------    d-----w-    C:\Program Files (x86)\di7BlockAndSurf
2014-07-20 05:12:47    --------    d-----w-    C:\Users\T\AppData\Roaming\GetPrivate
2014-07-20 05:10:02    --------    d-----w-    C:\Users\T\AppData\Roaming\.ABC
2014-07-20 05:09:47    --------    d-----w-    C:\Program Files (x86)\ABC
2014-07-18 03:40:05    --------    d-----w-    C:\Users\T\AppData\Local\Skype
2014-07-18 03:39:35    --------    d-----r-    C:\Program Files (x86)\Skype
2014-07-17 04:46:16    --------    d-----w-    C:\Users\T\AppData\Roaming\DropboxMaster
2014-07-10 04:26:50    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-07-10 04:26:49    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-07-10 04:26:49    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
.
==================== Find3M  ====================
.
2014-07-10 05:44:29    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 05:44:29    699056    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33    519168    ----a-w-    C:\windows\System32\aepdu.dll
2014-06-30 02:04:49    424448    ----a-w-    C:\windows\System32\aeinv.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\windows\System32\win32k.sys
2014-06-17 23:21:34    235800    ----a-w-    C:\windows\System32\drivers\avgldx64.sys
2014-06-17 23:07:12    328984    ----a-w-    C:\windows\System32\drivers\avgloga.sys
2014-06-17 23:06:58    269080    ----a-w-    C:\windows\System32\drivers\avgtdia.sys
2014-06-17 23:06:24    190744    ----a-w-    C:\windows\System32\drivers\avgidsha.sys
2014-06-17 23:06:22    242968    ----a-w-    C:\windows\System32\drivers\avgidsdrivera.sys
2014-06-17 23:06:22    153368    ----a-w-    C:\windows\System32\drivers\avgdiska.sys
2014-06-17 23:06:20    123672    ----a-w-    C:\windows\System32\drivers\avgmfx64.sys
2014-06-17 23:06:06    31512    ----a-w-    C:\windows\System32\drivers\avgrkx64.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-05-30 08:08:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
2014-05-08 09:32:11    3178496    ----a-w-    C:\windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\windows\System32\RdpGroupPolicyExtension.dll
.
============= FINISH: 16:52:27.27 ===============
 

 

Farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by T (administrator) on TRISH on 31-07-2014 17:00:07
Running from C:\Users\T\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
() C:\Users\T\AppData\Local\fst_ca_190\upfst_ca_190.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Dropbox, Inc.) C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
() C:\Program Files (x86)\fst_ca_190\fst_ca_190.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2556744 2014-05-02] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [fst_ca_190] => C:\Program Files (x86)\fst_ca_190\fst_ca_190.exe [3976160 2014-07-18] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\RunOnce: [upfst_ca_190.exe] => C:\Users\T\AppData\Local\fst_ca_190\upfst_ca_190.exe [3320800 2014-07-18] ()
HKU\S-1-5-21-3014093584-858147209-3527509038-1001\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3014093584-858147209-3527509038-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\T\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 728fb40a7ceb440d907b9e5fa837d665-a00d0221272b5b728990e78ded5e1a95537bf145 --CMPID 0913b
HKU\S-1-5-21-3014093584-858147209-3527509038-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3014093584-858147209-3527509038-1001\...\MountPoints2: {13470e32-591e-11e1-86a7-00266c59749a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3014093584-858147209-3527509038-1001\...\MountPoints2: {e65ff98b-d0f2-11df-af1d-00266c59749a} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3014093584-858147209-3527509038-1001\...\Winlogon: [Shell]
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en
SearchScopes: HKCU - {88F81143-A971-4EFB-97C9-A26E28D07678} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=ca&nt=1
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.17 64.59.150.133

FireFox:
========
FF ProfilePath: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default
FF DefaultSearchEngine: AVG Nation Search
FF SelectedSearchEngine: AVG Nation Search
FF Homepage: https://www.google.ca/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-06-04]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\18.1.0.443
FF Extension: AVG Nation toolbar - C:\ProgramData\AVG Nation toolbar\FireFoxExt\18.1.0.443 [2014-05-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1793536 2014-05-02] (AVG Secure Search) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-05-02] (AVG Technologies)
S2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) [File not signed]
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 17:00 - 2014-07-31 17:01 - 00019443 _____ () C:\Users\T\Desktop\FRST.txt
2014-07-31 16:59 - 2014-07-31 17:00 - 00000000 ____D () C:\FRST
2014-07-31 16:57 - 2014-07-31 16:59 - 02094080 _____ (Farbar) C:\Users\T\Desktop\FRST64.exe
2014-07-31 16:56 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-31 16:56 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-31 16:56 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-07-31 16:56 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-07-31 16:55 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-31 16:55 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-31 16:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-31 16:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-31 16:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-31 16:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-24 21:20 - 2014-07-31 16:53 - 00020125 _____ () C:\Users\T\Desktop\dds.txt
2014-07-24 21:20 - 2014-07-31 16:53 - 00007942 _____ () C:\Users\T\Desktop\attach.txt
2014-07-22 00:14 - 2014-07-22 01:53 - 00048540 _____ () C:\Users\T\Desktop\avgrep.txt
2014-07-21 21:52 - 2014-07-21 21:52 - 00001754 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-21 21:52 - 2014-07-21 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-21 21:50 - 2014-07-21 21:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-21 21:50 - 2014-07-21 21:52 - 00000000 ____D () C:\Program Files\iTunes
2014-07-21 21:50 - 2014-07-21 21:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-21 21:50 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files\iPod
2014-07-19 22:13 - 2014-07-25 09:02 - 00000000 ____D () C:\Users\T\AppData\Local\fst_ca_190
2014-07-19 22:13 - 2014-07-20 22:12 - 00000000 ____D () C:\Program Files (x86)\di7BlockAndSurf
2014-07-19 22:13 - 2014-07-19 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
2014-07-19 22:13 - 2014-07-19 22:13 - 00000000 ____D () C:\Program Files (x86)\fst_ca_190
2014-07-19 22:12 - 2014-07-19 22:13 - 00000000 ____D () C:\Users\T\AppData\Roaming\GetPrivate
2014-07-19 22:10 - 2014-07-19 22:10 - 00000000 ____D () C:\Users\T\AppData\Roaming\.ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Program Files (x86)\ABC
2014-07-17 20:40 - 2014-07-17 20:40 - 00000000 ____D () C:\Users\T\AppData\Local\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-16 22:21 - 2014-07-20 15:05 - 71631473 _____ () C:\Users\T\Desktop\Cyrus' 6th Birthday.pptx
2014-07-16 21:46 - 2014-07-22 10:12 - 00000000 ____D () C:\Users\T\AppData\Roaming\DropboxMaster
2014-07-09 21:27 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 21:27 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 21:27 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 21:27 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 21:27 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 21:27 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 21:27 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 21:27 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 21:27 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 21:27 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 21:27 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 21:27 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 21:27 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 21:27 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 21:27 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 21:27 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 21:27 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 21:27 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 21:27 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 21:27 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 21:27 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 21:27 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 21:26 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 21:26 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 21:26 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 17:01 - 2014-07-31 17:00 - 00019443 _____ () C:\Users\T\Desktop\FRST.txt
2014-07-31 17:00 - 2014-07-31 16:59 - 00000000 ____D () C:\FRST
2014-07-31 16:59 - 2014-07-31 16:57 - 02094080 _____ (Farbar) C:\Users\T\Desktop\FRST64.exe
2014-07-31 16:57 - 2010-07-02 21:10 - 01418357 _____ () C:\windows\WindowsUpdate.log
2014-07-31 16:57 - 2009-07-13 21:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 16:57 - 2009-07-13 21:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 16:53 - 2014-07-24 21:20 - 00020125 _____ () C:\Users\T\Desktop\dds.txt
2014-07-31 16:53 - 2014-07-24 21:20 - 00007942 _____ () C:\Users\T\Desktop\attach.txt
2014-07-31 16:50 - 2010-08-29 18:58 - 00000000 ____D () C:\Users\T\AppData\Roaming\Skype
2014-07-31 16:48 - 2010-10-19 12:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-31 16:45 - 2009-07-13 22:13 - 00786780 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-31 16:44 - 2012-06-16 16:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 09:02 - 2014-07-19 22:13 - 00000000 ____D () C:\Users\T\AppData\Local\fst_ca_190
2014-07-24 03:03 - 2013-03-13 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 03:01 - 2013-03-13 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:01 - 2013-03-13 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-22 10:12 - 2014-07-16 21:46 - 00000000 ____D () C:\Users\T\AppData\Roaming\DropboxMaster
2014-07-22 10:12 - 2011-10-29 21:43 - 00000000 ___RD () C:\Users\T\Dropbox
2014-07-22 10:12 - 2010-09-19 21:32 - 00000000 ____D () C:\Users\T\AppData\Roaming\Dropbox
2014-07-22 10:09 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-22 10:08 - 2009-07-13 21:51 - 00078676 _____ () C:\windows\setupact.log
2014-07-22 01:53 - 2014-07-22 00:14 - 00048540 _____ () C:\Users\T\Desktop\avgrep.txt
2014-07-21 21:59 - 2010-07-02 21:46 - 00670624 _____ () C:\windows\PFRO.log
2014-07-21 21:52 - 2014-07-21 21:52 - 00001754 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-21 21:52 - 2014-07-21 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-21 21:52 - 2014-07-21 21:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-21 21:52 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files\iTunes
2014-07-21 21:52 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-21 21:50 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 22:12 - 2014-07-19 22:13 - 00000000 ____D () C:\Program Files (x86)\di7BlockAndSurf
2014-07-20 15:05 - 2014-07-16 22:21 - 71631473 _____ () C:\Users\T\Desktop\Cyrus' 6th Birthday.pptx
2014-07-19 22:13 - 2014-07-19 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
2014-07-19 22:13 - 2014-07-19 22:13 - 00000000 ____D () C:\Program Files (x86)\fst_ca_190
2014-07-19 22:13 - 2014-07-19 22:12 - 00000000 ____D () C:\Users\T\AppData\Roaming\GetPrivate
2014-07-19 22:10 - 2014-07-19 22:10 - 00000000 ____D () C:\Users\T\AppData\Roaming\.ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Program Files (x86)\ABC
2014-07-17 20:40 - 2014-07-17 20:40 - 00000000 ____D () C:\Users\T\AppData\Local\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-17 20:39 - 2010-08-29 18:48 - 00000000 ____D () C:\ProgramData\Skype
2014-07-16 21:46 - 2011-10-29 21:43 - 00001014 _____ () C:\Users\T\Desktop\Dropbox.lnk
2014-07-16 21:46 - 2010-09-19 21:32 - 00000000 ____D () C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-14 08:31 - 2014-04-04 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-14 08:31 - 2013-10-07 19:26 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-14 04:02 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-07-14 03:21 - 2009-07-13 21:45 - 00428736 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-14 03:18 - 2014-05-18 15:32 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-14 03:18 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 03:18 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-14 03:18 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-14 03:02 - 2010-07-02 21:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 00:06 - 2013-08-21 10:03 - 00000000 ____D () C:\windows\system32\MRT
2014-07-13 23:51 - 2012-04-25 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-09 22:44 - 2012-06-16 16:50 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 22:44 - 2012-06-16 16:50 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 22:44 - 2011-06-05 19:19 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\Users\T\AppData\Local\6cb86d4a
C:\Users\T\AppData\Local\6cb86d4a\@

Files to move or delete:
====================
C:\ProgramData\hnfp.exe
C:\ProgramData\kuwy.exe
C:\ProgramData\ucww.exe
C:\ProgramData\yhhd.exe
C:\Users\T\taskmgr.exe


Some content of TEMP:
====================
C:\Users\T\AppData\Local\Temp\BJMYPRT.EXE
C:\Users\T\AppData\Local\Temp\CNEZMAIN.EXE
C:\Users\T\AppData\Local\Temp\diio.exe
C:\Users\T\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmt58kl.dll
C:\Users\T\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\T\AppData\Local\Temp\install_flashplayer13x32au_mssd_aaa_aih.exe
C:\Users\T\AppData\Local\Temp\kbi0sqpb.apt.exe
C:\Users\T\AppData\Local\Temp\MSETUP4.EXE
C:\Users\T\AppData\Local\Temp\myff.exe
C:\Users\T\AppData\Local\Temp\qeia.exe
C:\Users\T\AppData\Local\Temp\SkypeSetup.exe
C:\Users\T\AppData\Local\Temp\sq0sxy0f.upx.exe
C:\Users\T\AppData\Local\Temp\xxya.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 01:47

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by T at 2014-07-31 17:01:57
Running from C:\Users\T\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABC (remove only) (HKLM-x32\...\ABC) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{5792CD64-61B4-C448-0D22-3C51DD73AB2A}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG Nation toolbar (HKLM-x32\...\AVG Nation toolbar) (Version: 18.1.0.443 - InfoSpace)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0315.1050.17562 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help English (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help French (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help German (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
ccc-utility64 (Version: 2010.0315.1050.17562 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.64 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
FreeSoftToday 026.190 (HKLM-x32\...\fst_ca_190_is1) (Version:  - FREESOFTTODAY) <==== ATTENTION
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Samsung ML-1740 Series (HKLM-x32\...\Samsung ML-1740 Series) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3014093584-858147209-3527509038-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3014093584-858147209-3527509038-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3014093584-858147209-3527509038-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3014093584-858147209-3527509038-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3014093584-858147209-3527509038-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

22-07-2014 05:38:30 Scheduled Checkpoint
24-07-2014 10:00:12 Windows Update
31-07-2014 23:54:20 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {036D9B7F-9D28-4EC2-BBFB-495692144F36} - System32\Tasks\{9167F777-BBAC-4675-B2CA-68D96FBF1863} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {1CB03592-3DA3-4B82-B1A3-7E18F3937E87} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {20D24677-196F-4347-B4F7-387B4A9F2D3B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {27DA6221-6D72-4FFA-A75D-4A845411A62D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {34EF2032-242F-4B2B-A0A6-A249DA2E7B90} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {4C8CEB49-C424-4CE2-98CA-DF6FA52C640F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {AE1E95F9-1664-4750-8307-6497652F8552} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2014-05-02 10:29 - 2014-05-02 10:29 - 00158536 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-19 22:13 - 2014-07-18 14:54 - 03320800 _____ () C:\Users\T\AppData\Local\fst_ca_190\upfst_ca_190.exe
2010-03-03 14:15 - 2010-03-03 14:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-03-22 23:32 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2013-09-29 20:33 - 2014-05-02 10:29 - 02556744 _____ () C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
2014-07-19 22:13 - 2014-07-18 14:54 - 03976160 _____ () C:\Program Files (x86)\fst_ca_190\fst_ca_190.exe
2009-10-13 10:00 - 2009-10-13 10:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-02 21:12 - 2010-07-02 21:12 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-02 10:29 - 2014-05-02 10:29 - 00518472 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
2014-07-22 10:11 - 2014-07-22 10:11 - 00043008 _____ () c:\users\t\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmt58kl.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\T\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-19 15:12 - 2014-06-19 15:12 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 22:44 - 2014-07-09 22:44 - 17029808 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^T^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2014 02:18:05 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/20/2014 10:11:51 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/20/2014 07:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9157

Error: (07/20/2014 07:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9157

Error: (07/20/2014 07:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2014 07:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8096

Error: (07/20/2014 07:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8096

Error: (07/20/2014 07:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2014 07:01:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7098

Error: (07/20/2014 07:01:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7098


System errors:
=============
Error: (07/22/2014 06:44:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 06:44:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 06:44:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 06:44:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 06:44:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 06:44:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 06:39:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 06:39:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 06:39:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 06:39:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/30/2014 02:18:05 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/20/2014 10:11:51 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/20/2014 07:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9157

Error: (07/20/2014 07:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9157

Error: (07/20/2014 07:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2014 07:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8096

Error: (07/20/2014 07:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8096

Error: (07/20/2014 07:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/20/2014 07:01:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7098

Error: (07/20/2014 07:01:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7098


CodeIntegrity Errors:
===================================
  Date: 2013-04-10 03:01:24.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\268508fd4ccc167ed4a39a80b42d2570\inst\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 3834.9 MB
Available physical RAM: 1507.06 MB
Total Pagefile: 7667.98 MB
Available Pagefile: 5261.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (S3A8955D003) (Fixed) (Total:453.62 GB) (Free:253.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Burn Photos) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C8F45358)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11 GB) - (Type=17)

==================== End Of Log ============================

 

Thanks again!!



#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:17 AM

Posted 02 August 2014 - 01:33 PM

Hi Slowcompmark.

 

I'm sorry for slow response, I'm currently talking with my instructor about fixing procedures and will reply back in short time.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:17 AM

Posted 02 August 2014 - 11:29 PM

OK, here is the instruction, sorry for long wait.

 

Now we need to run Combofix.

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or>here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.
 
Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 slowcompmark

slowcompmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 05 August 2014 - 11:44 AM

Thanks.  I will run Combofix tonight and report back.

 



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:11:17 AM

Posted 05 August 2014 - 11:45 AM

OK, keep us updated. :)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 slowcompmark

slowcompmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 07 August 2014 - 08:42 AM

Here is the combofix log report:

 

ComboFix 14-08-06.02 - T 06/08/2014  20:15:03.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.2391 [GMT -7:00]
Running from: c:\users\T\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\T\AppData\Local\duja.exe
c:\users\T\AppData\Local\jllk.exe
c:\users\T\AppData\Local\pkps.exe
c:\users\T\AppData\Local\reyf.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-07 to 2014-08-07  )))))))))))))))))))))))))))))))
.
.
2014-08-07 03:27 . 2014-08-07 03:27    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-07 03:11 . 2014-08-07 03:11    --------    d-----w-    c:\program files (x86)\predm
2014-07-31 23:59 . 2014-08-01 00:03    --------    d-----w-    C:\FRST
2014-07-31 23:56 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-07-31 23:56 . 2014-05-14 16:23    58336    ----a-w-    c:\windows\system32\wuauclt.exe
2014-07-31 23:56 . 2014-05-14 16:21    2620928    ----a-w-    c:\windows\system32\wucltux.dll
2014-07-31 23:56 . 2014-05-14 16:23    2477536    ----a-w-    c:\windows\system32\wuaueng.dll
2014-07-31 23:55 . 2014-05-14 16:23    38880    ----a-w-    c:\windows\system32\wups.dll
2014-07-31 23:55 . 2014-05-14 16:23    36320    ----a-w-    c:\windows\SysWow64\wups.dll
2014-07-31 23:55 . 2014-05-14 16:23    700384    ----a-w-    c:\windows\system32\wuapi.dll
2014-07-31 23:55 . 2014-05-14 16:23    581600    ----a-w-    c:\windows\SysWow64\wuapi.dll
2014-07-31 23:55 . 2014-05-14 16:20    97792    ----a-w-    c:\windows\system32\wudriver.dll
2014-07-31 23:55 . 2014-05-14 16:17    92672    ----a-w-    c:\windows\SysWow64\wudriver.dll
2014-07-31 23:54 . 2014-05-14 16:23    198600    ----a-w-    c:\windows\system32\wuwebv.dll
2014-07-31 23:54 . 2014-05-14 16:23    179656    ----a-w-    c:\windows\SysWow64\wuwebv.dll
2014-07-31 23:54 . 2014-05-14 16:20    36864    ----a-w-    c:\windows\system32\wuapp.exe
2014-07-31 23:54 . 2014-05-14 16:17    33792    ----a-w-    c:\windows\SysWow64\wuapp.exe
2014-07-22 04:50 . 2014-07-22 04:50    --------    d-----w-    c:\program files\iPod
2014-07-22 04:50 . 2014-07-22 04:52    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-22 04:50 . 2014-07-22 04:52    --------    d-----w-    c:\program files\iTunes
2014-07-22 04:50 . 2014-07-22 04:52    --------    d-----w-    c:\program files (x86)\iTunes
2014-07-20 05:13 . 2014-07-20 05:13    --------    d-----w-    c:\users\T\AppData\Local\Programs
2014-07-20 05:13 . 2014-07-21 05:12    --------    d-----w-    c:\program files (x86)\di7BlockAndSurf
2014-07-20 05:12 . 2014-07-20 05:13    --------    d-----w-    c:\users\T\AppData\Roaming\GetPrivate
2014-07-20 05:10 . 2014-07-20 05:10    --------    d-----w-    c:\users\T\AppData\Roaming\.ABC
2014-07-20 05:09 . 2014-07-20 05:09    --------    d-----w-    c:\program files (x86)\ABC
2014-07-18 03:40 . 2014-07-18 03:40    --------    d-----w-    c:\users\T\AppData\Local\Skype
2014-07-18 03:39 . 2014-07-18 03:39    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-07-18 03:39 . 2014-07-18 03:39    --------    d-----r-    c:\program files (x86)\Skype
2014-07-17 04:46 . 2014-07-22 17:12    --------    d-----w-    c:\users\T\AppData\Roaming\DropboxMaster
2014-07-10 04:26 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-10 04:26 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-10 04:26 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 05:44 . 2012-06-16 23:50    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-10 05:44 . 2011-06-06 02:19    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-27 00:40 . 2010-09-05 05:28    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-06-17 23:21 . 2014-06-17 23:21    235800    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-06-17 23:07 . 2014-06-17 23:07    328984    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-06-17 23:06 . 2014-06-17 23:06    269080    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-06-17 23:06 . 2014-06-17 23:06    190744    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-06-17 23:06 . 2014-06-17 23:06    242968    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 23:06 . 2014-06-17 23:06    153368    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-06-17 23:06 . 2014-06-17 23:06    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 23:06 . 2014-06-17 23:06    31512    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
.
c:\users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avgtp
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 05:44]
.
2013-01-27 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-26 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 64.59.144.17 64.59.150.133
FF - ProfilePath - c:\users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\
FF - prefs.js: browser.search.selectedEngine - AVG Nation Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\T\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
Wow6432Node-HKLM-Run-fst_ca_190 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-06  20:31:55
ComboFix-quarantined-files.txt  2014-08-07 03:31
.
Pre-Run: 277,425,610,752 bytes free
Post-Run: 278,802,677,760 bytes free
.
- - End Of File - - F8768BD8052EF06DB953B86AD9C15322
5B5E648D12FCADC244C1EC30318E1EB9
 

Thanks!



#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:17 AM

Posted 08 August 2014 - 03:25 PM

Hi slowcompmark,

Sirawit is not available at the moment, so I will work with you from now on.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69


Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Also please post back with a fresh FRST logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 slowcompmark

slowcompmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 11 August 2014 - 08:52 AM

Hi schrauber.  When i try to run combofix i get a warning that says avg 2011 is active.  According to my programs in the control panel, I have avg 2014.  I dont see anything running in my task manager son i dont know if i should proceed despite the warning or not?

 

Thanks.



#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:17 AM

Posted 11 August 2014 - 10:57 AM

Hi there,

 

please skip Combofix for the moment and just post back with a fresh FRST logfile.


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 slowcompmark

slowcompmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 11 August 2014 - 11:12 PM

Here's the new FRST log file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by T (administrator) on TRISH on 11-08-2014 20:52:51
Running from C:\Users\T\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en
SearchScopes: HKCU - {88F81143-A971-4EFB-97C9-A26E28D07678} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=ca&nt=1
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 64.59.144.17 64.59.150.133

FireFox:
========
FF ProfilePath: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default
FF DefaultSearchEngine: AVG Nation Search
FF SelectedSearchEngine: AVG Nation Search
FF Homepage: https://www.google.ca/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\searchplugins\nation-secure-search.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-06-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) [File not signed]
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 20:52 - 2014-08-11 20:52 - 00000000 ____D () C:\Users\T\Desktop\FRST-OlderVersion
2014-08-11 06:50 - 2014-08-11 06:50 - 00000000 ___SD () C:\ComboFix
2014-08-11 06:47 - 2014-08-11 06:47 - 00000061 _____ () C:\Users\T\Desktop\CFScript.txt
2014-08-06 20:11 - 2014-08-06 20:11 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-06 20:11 - 2011-06-25 23:45 - 00256000 _____ () C:\windows\PEV.exe
2014-08-06 20:11 - 2010-11-07 10:20 - 00208896 _____ () C:\windows\MBR.exe
2014-08-06 20:11 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-08-06 20:11 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-08-06 20:11 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-08-06 20:11 - 2000-08-30 17:00 - 00098816 _____ () C:\windows\sed.exe
2014-08-06 20:11 - 2000-08-30 17:00 - 00080412 _____ () C:\windows\grep.exe
2014-08-06 20:11 - 2000-08-30 17:00 - 00068096 _____ () C:\windows\zip.exe
2014-08-06 19:58 - 2014-08-11 06:50 - 00000000 ____D () C:\Qoobox
2014-08-06 19:58 - 2014-08-06 20:29 - 00000000 ____D () C:\windows\erdnt
2014-08-06 19:55 - 2014-08-06 19:55 - 05568206 ____R (Swearware) C:\Users\T\Desktop\ComboFix.exe
2014-07-31 18:30 - 2014-07-31 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 17:01 - 2014-07-31 17:03 - 00040953 _____ () C:\Users\T\Desktop\Addition.txt
2014-07-31 17:00 - 2014-08-11 20:52 - 00016107 _____ () C:\Users\T\Desktop\FRST.txt
2014-07-31 16:59 - 2014-08-11 20:52 - 00000000 ____D () C:\FRST
2014-07-31 16:57 - 2014-08-11 20:52 - 02099712 _____ (Farbar) C:\Users\T\Desktop\FRST64.exe
2014-07-31 16:56 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-31 16:56 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-31 16:56 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-07-31 16:56 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-07-31 16:55 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-31 16:55 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-31 16:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-31 16:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-31 16:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-31 16:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-24 21:20 - 2014-07-31 16:53 - 00020125 _____ () C:\Users\T\Desktop\dds.txt
2014-07-24 21:20 - 2014-07-31 16:53 - 00007942 _____ () C:\Users\T\Desktop\attach.txt
2014-07-22 00:14 - 2014-07-22 01:53 - 00048540 _____ () C:\Users\T\Desktop\avgrep.txt
2014-07-21 21:52 - 2014-07-21 21:52 - 00001754 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-21 21:52 - 2014-07-21 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-21 21:50 - 2014-07-21 21:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-21 21:50 - 2014-07-21 21:52 - 00000000 ____D () C:\Program Files\iTunes
2014-07-21 21:50 - 2014-07-21 21:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-21 21:50 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files\iPod
2014-07-19 22:13 - 2014-07-20 22:12 - 00000000 ____D () C:\Program Files (x86)\di7BlockAndSurf
2014-07-19 22:12 - 2014-07-19 22:13 - 00000000 ____D () C:\Users\T\AppData\Roaming\GetPrivate
2014-07-19 22:10 - 2014-07-19 22:10 - 00000000 ____D () C:\Users\T\AppData\Roaming\.ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Program Files (x86)\ABC
2014-07-17 20:40 - 2014-07-17 20:40 - 00000000 ____D () C:\Users\T\AppData\Local\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-16 22:21 - 2014-07-20 15:05 - 71631473 _____ () C:\Users\T\Desktop\Cyrus' 6th Birthday.pptx
2014-07-16 21:46 - 2014-07-22 10:12 - 00000000 ____D () C:\Users\T\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 20:53 - 2014-07-31 17:00 - 00016107 _____ () C:\Users\T\Desktop\FRST.txt
2014-08-11 20:52 - 2014-08-11 20:52 - 00000000 ____D () C:\Users\T\Desktop\FRST-OlderVersion
2014-08-11 20:52 - 2014-07-31 16:59 - 00000000 ____D () C:\FRST
2014-08-11 20:52 - 2014-07-31 16:57 - 02099712 _____ (Farbar) C:\Users\T\Desktop\FRST64.exe
2014-08-11 20:52 - 2012-06-16 16:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-11 06:56 - 2010-10-19 12:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-11 06:50 - 2014-08-11 06:50 - 00000000 ___SD () C:\ComboFix
2014-08-11 06:50 - 2014-08-06 19:58 - 00000000 ____D () C:\Qoobox
2014-08-11 06:47 - 2014-08-11 06:47 - 00000061 _____ () C:\Users\T\Desktop\CFScript.txt
2014-08-11 06:46 - 2009-07-13 22:13 - 00786780 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-06 20:31 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-06 20:29 - 2014-08-06 19:58 - 00000000 ____D () C:\windows\erdnt
2014-08-06 20:28 - 2009-07-13 19:34 - 00000215 _____ () C:\windows\system.ini
2014-08-06 20:11 - 2014-08-06 20:11 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-06 19:57 - 2010-08-29 18:58 - 00000000 ____D () C:\Users\T\AppData\Roaming\Skype
2014-08-06 19:55 - 2014-08-06 19:55 - 05568206 ____R (Swearware) C:\Users\T\Desktop\ComboFix.exe
2014-08-01 16:49 - 2012-04-25 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 11:16 - 2009-07-13 21:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 11:16 - 2009-07-13 21:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 18:30 - 2014-07-31 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 17:03 - 2014-07-31 17:01 - 00040953 _____ () C:\Users\T\Desktop\Addition.txt
2014-07-31 16:57 - 2010-07-02 21:10 - 01526795 _____ () C:\windows\WindowsUpdate.log
2014-07-31 16:53 - 2014-07-24 21:20 - 00020125 _____ () C:\Users\T\Desktop\dds.txt
2014-07-31 16:53 - 2014-07-24 21:20 - 00007942 _____ () C:\Users\T\Desktop\attach.txt
2014-07-24 03:03 - 2013-03-13 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 03:01 - 2013-03-13 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:01 - 2013-03-13 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-22 10:12 - 2014-07-16 21:46 - 00000000 ____D () C:\Users\T\AppData\Roaming\DropboxMaster
2014-07-22 10:12 - 2011-10-29 21:43 - 00000000 ___RD () C:\Users\T\Dropbox
2014-07-22 10:12 - 2010-09-19 21:32 - 00000000 ____D () C:\Users\T\AppData\Roaming\Dropbox
2014-07-22 10:09 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-22 10:08 - 2009-07-13 21:51 - 00078676 _____ () C:\windows\setupact.log
2014-07-22 01:53 - 2014-07-22 00:14 - 00048540 _____ () C:\Users\T\Desktop\avgrep.txt
2014-07-21 21:59 - 2010-07-02 21:46 - 00670624 _____ () C:\windows\PFRO.log
2014-07-21 21:52 - 2014-07-21 21:52 - 00001754 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-21 21:52 - 2014-07-21 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-21 21:52 - 2014-07-21 21:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-21 21:52 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files\iTunes
2014-07-21 21:52 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-21 21:50 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 22:12 - 2014-07-19 22:13 - 00000000 ____D () C:\Program Files (x86)\di7BlockAndSurf
2014-07-20 15:05 - 2014-07-16 22:21 - 71631473 _____ () C:\Users\T\Desktop\Cyrus' 6th Birthday.pptx
2014-07-19 22:13 - 2014-07-19 22:12 - 00000000 ____D () C:\Users\T\AppData\Roaming\GetPrivate
2014-07-19 22:10 - 2014-07-19 22:10 - 00000000 ____D () C:\Users\T\AppData\Roaming\.ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Program Files (x86)\ABC
2014-07-17 20:40 - 2014-07-17 20:40 - 00000000 ____D () C:\Users\T\AppData\Local\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-17 20:39 - 2010-08-29 18:48 - 00000000 ____D () C:\ProgramData\Skype
2014-07-16 21:46 - 2011-10-29 21:43 - 00001014 _____ () C:\Users\T\Desktop\Dropbox.lnk
2014-07-16 21:46 - 2010-09-19 21:32 - 00000000 ____D () C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-14 08:31 - 2014-04-04 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-14 08:31 - 2013-10-07 19:26 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-14 04:02 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-07-14 03:21 - 2009-07-13 21:45 - 00428736 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-14 03:18 - 2014-05-18 15:32 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-14 03:18 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 03:18 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-14 03:18 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-14 03:02 - 2010-07-02 21:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 00:06 - 2013-08-21 10:03 - 00000000 ____D () C:\windows\system32\MRT

ZeroAccess:
C:\Users\T\AppData\Local\6cb86d4a
C:\Users\T\AppData\Local\6cb86d4a\@

Files to move or delete:
====================
C:\ProgramData\hnfp.exe
C:\ProgramData\kuwy.exe
C:\ProgramData\ucww.exe
C:\ProgramData\yhhd.exe
C:\Users\T\taskmgr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-11 07:26

==================== End Of Log ============================

 

Thanks.



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:17 AM

Posted 12 August 2014 - 01:11 PM

Hi,

Please open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

C:\Users\T\AppData\Local\6cb86d4a
C:\ProgramData\hnfp.exe
C:\ProgramData\kuwy.exe
C:\ProgramData\ucww.exe
C:\ProgramData\yhhd.exe
C:\Users\T\taskmgr.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please open FRST and click on the fix button.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt



Also please post back with a fresh FRST logfile and tell me how the system is running.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 slowcompmark

slowcompmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 12 August 2014 - 11:13 PM

Here's the ESET scan log:

 

C:\Program Files (x86)\di7BlockAndSurf\175.dll    a variant of Win32/AdWare.AddLyrics.BH application    cleaned by deleting - quarantined
C:\Program Files (x86)\di7BlockAndSurf\O0BlockAndSurfZJ175.dll    a variant of Win32/AdWare.AddLyrics.BB application    cleaned by deleting - quarantined
C:\Program Files (x86)\di7BlockAndSurf\O0BlockAndSurfZJ175.exe    a variant of Win32/AdWare.AddLyrics.BC application    cleaned by deleting - quarantined
 

Here is the fresh FRST log file (ran after doing nthe ESET scan):

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by T (administrator) on TRISH on 12-08-2014 21:07:25
Running from C:\Users\T\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\T\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\T\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA_en
SearchScopes: HKCU - {88F81143-A971-4EFB-97C9-A26E28D07678} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=ca&nt=1
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 64.59.144.17 64.59.150.133

FireFox:
========
FF ProfilePath: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default
FF DefaultSearchEngine: AVG Nation Search
FF SelectedSearchEngine: AVG Nation Search
FF Homepage: https://www.google.ca/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\searchplugins\nation-secure-search.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\0cpt1twr.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-06-04]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [40448 2003-07-29] (DeviceGuys, Inc.) [File not signed]
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 21:06 - 2014-08-12 21:06 - 00000431 _____ () C:\Users\T\Desktop\ESETScan.txt
2014-08-12 17:25 - 2014-08-12 17:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-12 17:20 - 2014-08-12 17:20 - 02347384 _____ (ESET) C:\Users\T\Desktop\esetsmartinstaller_enu.exe
2014-08-11 20:52 - 2014-08-12 17:15 - 00000000 ____D () C:\Users\T\Desktop\FRST-OlderVersion
2014-08-11 06:50 - 2014-08-11 06:50 - 00000000 ___SD () C:\ComboFix
2014-08-11 06:47 - 2014-08-11 06:47 - 00000061 _____ () C:\Users\T\Desktop\CFScript.txt
2014-08-06 20:11 - 2014-08-06 20:11 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-06 20:11 - 2011-06-25 23:45 - 00256000 _____ () C:\windows\PEV.exe
2014-08-06 20:11 - 2010-11-07 10:20 - 00208896 _____ () C:\windows\MBR.exe
2014-08-06 20:11 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-08-06 20:11 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-08-06 20:11 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-08-06 20:11 - 2000-08-30 17:00 - 00098816 _____ () C:\windows\sed.exe
2014-08-06 20:11 - 2000-08-30 17:00 - 00080412 _____ () C:\windows\grep.exe
2014-08-06 20:11 - 2000-08-30 17:00 - 00068096 _____ () C:\windows\zip.exe
2014-08-06 19:58 - 2014-08-11 06:50 - 00000000 ____D () C:\Qoobox
2014-08-06 19:58 - 2014-08-06 20:29 - 00000000 ____D () C:\windows\erdnt
2014-08-06 19:55 - 2014-08-06 19:55 - 05568206 ____R (Swearware) C:\Users\T\Desktop\ComboFix.exe
2014-07-31 18:30 - 2014-07-31 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 17:01 - 2014-07-31 17:03 - 00040953 _____ () C:\Users\T\Desktop\Addition.txt
2014-07-31 17:00 - 2014-08-12 21:08 - 00016187 _____ () C:\Users\T\Desktop\FRST.txt
2014-07-31 16:59 - 2014-08-12 21:07 - 00000000 ____D () C:\FRST
2014-07-31 16:57 - 2014-08-12 17:15 - 02100224 _____ (Farbar) C:\Users\T\Desktop\FRST64.exe
2014-07-31 16:56 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-31 16:56 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-31 16:56 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-07-31 16:56 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-07-31 16:55 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-07-31 16:55 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-31 16:55 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-31 16:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-31 16:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-31 16:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-31 16:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-24 21:20 - 2014-07-31 16:53 - 00020125 _____ () C:\Users\T\Desktop\dds.txt
2014-07-24 21:20 - 2014-07-31 16:53 - 00007942 _____ () C:\Users\T\Desktop\attach.txt
2014-07-22 00:14 - 2014-07-22 01:53 - 00048540 _____ () C:\Users\T\Desktop\avgrep.txt
2014-07-21 21:52 - 2014-07-21 21:52 - 00001754 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-21 21:52 - 2014-07-21 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-21 21:50 - 2014-07-21 21:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-21 21:50 - 2014-07-21 21:52 - 00000000 ____D () C:\Program Files\iTunes
2014-07-21 21:50 - 2014-07-21 21:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-21 21:50 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files\iPod
2014-07-19 22:13 - 2014-08-12 19:00 - 00000000 ____D () C:\Program Files (x86)\di7BlockAndSurf
2014-07-19 22:12 - 2014-07-19 22:13 - 00000000 ____D () C:\Users\T\AppData\Roaming\GetPrivate
2014-07-19 22:10 - 2014-07-19 22:10 - 00000000 ____D () C:\Users\T\AppData\Roaming\.ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Program Files (x86)\ABC
2014-07-17 20:40 - 2014-07-17 20:40 - 00000000 ____D () C:\Users\T\AppData\Local\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-16 22:21 - 2014-07-20 15:05 - 71631473 _____ () C:\Users\T\Desktop\Cyrus' 6th Birthday.pptx
2014-07-16 21:46 - 2014-07-22 10:12 - 00000000 ____D () C:\Users\T\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 21:08 - 2014-07-31 17:00 - 00016187 _____ () C:\Users\T\Desktop\FRST.txt
2014-08-12 21:07 - 2014-07-31 16:59 - 00000000 ____D () C:\FRST
2014-08-12 21:06 - 2014-08-12 21:06 - 00000431 _____ () C:\Users\T\Desktop\ESETScan.txt
2014-08-12 20:44 - 2012-06-16 16:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 19:00 - 2014-07-19 22:13 - 00000000 ____D () C:\Program Files (x86)\di7BlockAndSurf
2014-08-12 17:25 - 2014-08-12 17:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-12 17:20 - 2014-08-12 17:20 - 02347384 _____ (ESET) C:\Users\T\Desktop\esetsmartinstaller_enu.exe
2014-08-12 17:15 - 2014-08-11 20:52 - 00000000 ____D () C:\Users\T\Desktop\FRST-OlderVersion
2014-08-12 17:15 - 2014-07-31 16:57 - 02100224 _____ (Farbar) C:\Users\T\Desktop\FRST64.exe
2014-08-12 17:15 - 2010-08-29 06:51 - 00000000 ____D () C:\Users\T
2014-08-11 20:53 - 2009-07-13 22:13 - 00786780 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-11 06:56 - 2010-10-19 12:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-11 06:50 - 2014-08-11 06:50 - 00000000 ___SD () C:\ComboFix
2014-08-11 06:50 - 2014-08-06 19:58 - 00000000 ____D () C:\Qoobox
2014-08-11 06:47 - 2014-08-11 06:47 - 00000061 _____ () C:\Users\T\Desktop\CFScript.txt
2014-08-06 20:31 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-08-06 20:29 - 2014-08-06 19:58 - 00000000 ____D () C:\windows\erdnt
2014-08-06 20:28 - 2009-07-13 19:34 - 00000215 _____ () C:\windows\system.ini
2014-08-06 20:11 - 2014-08-06 20:11 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-06 19:57 - 2010-08-29 18:58 - 00000000 ____D () C:\Users\T\AppData\Roaming\Skype
2014-08-06 19:55 - 2014-08-06 19:55 - 05568206 ____R (Swearware) C:\Users\T\Desktop\ComboFix.exe
2014-08-01 16:49 - 2012-04-25 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 11:16 - 2009-07-13 21:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 11:16 - 2009-07-13 21:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 18:30 - 2014-07-31 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 17:03 - 2014-07-31 17:01 - 00040953 _____ () C:\Users\T\Desktop\Addition.txt
2014-07-31 16:57 - 2010-07-02 21:10 - 01545505 _____ () C:\windows\WindowsUpdate.log
2014-07-31 16:53 - 2014-07-24 21:20 - 00020125 _____ () C:\Users\T\Desktop\dds.txt
2014-07-31 16:53 - 2014-07-24 21:20 - 00007942 _____ () C:\Users\T\Desktop\attach.txt
2014-07-24 03:03 - 2013-03-13 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 03:01 - 2013-03-13 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:01 - 2013-03-13 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-22 10:12 - 2014-07-16 21:46 - 00000000 ____D () C:\Users\T\AppData\Roaming\DropboxMaster
2014-07-22 10:12 - 2011-10-29 21:43 - 00000000 ___RD () C:\Users\T\Dropbox
2014-07-22 10:12 - 2010-09-19 21:32 - 00000000 ____D () C:\Users\T\AppData\Roaming\Dropbox
2014-07-22 10:09 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-22 10:08 - 2009-07-13 21:51 - 00078676 _____ () C:\windows\setupact.log
2014-07-22 01:53 - 2014-07-22 00:14 - 00048540 _____ () C:\Users\T\Desktop\avgrep.txt
2014-07-21 21:59 - 2010-07-02 21:46 - 00670624 _____ () C:\windows\PFRO.log
2014-07-21 21:52 - 2014-07-21 21:52 - 00001754 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-21 21:52 - 2014-07-21 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-21 21:52 - 2014-07-21 21:50 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-21 21:52 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files\iTunes
2014-07-21 21:52 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-21 21:50 - 2014-07-21 21:50 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 15:05 - 2014-07-16 22:21 - 71631473 _____ () C:\Users\T\Desktop\Cyrus' 6th Birthday.pptx
2014-07-19 22:13 - 2014-07-19 22:12 - 00000000 ____D () C:\Users\T\AppData\Roaming\GetPrivate
2014-07-19 22:10 - 2014-07-19 22:10 - 00000000 ____D () C:\Users\T\AppData\Roaming\.ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABC
2014-07-19 22:09 - 2014-07-19 22:09 - 00000000 ____D () C:\Program Files (x86)\ABC
2014-07-17 20:40 - 2014-07-17 20:40 - 00000000 ____D () C:\Users\T\AppData\Local\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 20:39 - 2014-07-17 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-17 20:39 - 2010-08-29 18:48 - 00000000 ____D () C:\ProgramData\Skype
2014-07-16 21:46 - 2011-10-29 21:43 - 00001014 _____ () C:\Users\T\Desktop\Dropbox.lnk
2014-07-16 21:46 - 2010-09-19 21:32 - 00000000 ____D () C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-14 08:31 - 2014-04-04 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-14 08:31 - 2013-10-07 19:26 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-14 04:02 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-07-14 03:21 - 2009-07-13 21:45 - 00428736 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-14 03:18 - 2014-05-18 15:32 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-14 03:18 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 03:18 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-14 03:18 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-14 03:02 - 2010-07-02 21:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 00:06 - 2013-08-21 10:03 - 00000000 ____D () C:\windows\system32\MRT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-11 07:26

==================== End Of Log ============================

 

Computer seems to be running fine.  Prior to the "infection" it was running fine, but i was getting popups even when an internet browser wasn't open.  They were usually music video popups.  I haven't noticed a popup in the last 2 or 3 days.

 

Thanks !!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users