Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan help please. "Trojanhorse Crypt3.AHNF"


  • This topic is locked This topic is locked
18 replies to this topic

#1 jabberwaulk

jabberwaulk

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 04 August 2014 - 06:17 PM

As the topic title implies... AVG keeps on detecting "Trojan horse Crypt3.AHNF" .  I take actions through AVG to try to remove it from my laptop but it will always be redetected.  One of the attachements is a screenshot of my desktop which can hopefully better explain.

 

DDS Log is as follows:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207
Run by FrankyG at 0:59:31 on 2014-08-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3559.1703 [GMT 2:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Scarlet Crush Productions\ScpService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Users\FrankyG\AppData\Local\Viber\Viber.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\windows\system32\mspaint.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: smartdownloader Class: {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Viber] "C:\Users\FrankyG\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [AcapoCivto] regsvr32.exe "C:\ProgramData\AcapoCivto\AcapoCivto.dat"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AprvRemoveLegacyExcelKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
mRun: [AprvRemoveLegacyWordKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
mRun: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\FrankyG\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\at.lnk - C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\IEUpdate\at.exe
StartupFolder: C:\Users\FrankyG\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\FrankyG\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APPROV~1.LNK - C:\windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{039974E5-25A6-4A26-9A8E-B7ABA32734FF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{039974E5-25A6-4A26-9A8E-B7ABA32734FF}\A61626265627771657C6B674 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4A6CB65D-3FCC-4892-BDFA-1D888707C0AB} : DHCPNameServer = 192.168.42.129
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\5xpqtu8v.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQSdpcMyZ&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 1e14a3800000000000009cb70d775f39
FF - user.js: extensions.incredibar_i.instlDay - 15683
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:57:47
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQSdpcMyZ
FF - user.js: extensions.incredibar_i.upn2n - 92544068116837193
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10674
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2011-5-23 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-4-15 240952]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-1-30 50464]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-2-18 204288]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-10-23 1432080]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 cpuz135;cpuz135;C:\windows\System32\drivers\cpuz135_x64.sys [2012-6-2 23816]
R2 Ds3Service;SCP DS3 Service;C:\Program Files (x86)\Scarlet Crush Productions\ScpService.exe [2013-7-5 388352]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-18 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 vToolbarUpdater18.1.7;vToolbarUpdater18.1.7;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [2014-6-23 1813528]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-2-18 116752]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-18 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
R3 rzjoystk;Razer VJoystick;C:\windows\System32\drivers\rzjoystk.sys [2011-3-24 19968]
R3 ScpVBus;Scp Virtual Bus Driver;C:\windows\System32\drivers\ScpVBus.sys [2013-7-5 39168]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-2-18 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-6-28 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-1-4 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-18 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-2-18 307304]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-2-18 1109096]
S3 RzSynapse;Razer Driver;C:\windows\System32\drivers\RzSynapse.sys [2011-7-14 157184]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-1-4 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-1-4 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-21 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\masqform.exe="C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\masqform.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-07-31 07:54:03    2620928    ----a-w-    C:\windows\System32\wucltux.dll
2014-07-31 07:53:05    97792    ----a-w-    C:\windows\System32\wudriver.dll
2014-07-31 07:53:05    92672    ----a-w-    C:\windows\SysWow64\wudriver.dll
2014-07-31 07:52:30    36864    ----a-w-    C:\windows\System32\wuapp.exe
2014-07-31 07:52:30    33792    ----a-w-    C:\windows\SysWow64\wuapp.exe
2014-07-31 07:52:30    198600    ----a-w-    C:\windows\System32\wuwebv.dll
2014-07-31 07:52:30    179656    ----a-w-    C:\windows\SysWow64\wuwebv.dll
2014-07-30 20:32:56    --------    d-----w-    C:\Users\FrankyG\AppData\Roaming\ViberPC
2014-07-30 20:32:02    --------    d-----w-    C:\Users\FrankyG\AppData\Local\Viber
2014-07-30 12:04:20    --------    d-----w-    C:\ProgramData\AcapoCivto
2014-07-16 14:57:58    --------    d-----w-    C:\Users\FrankyG\AppData\Local\Adobe
2014-07-14 13:56:37    --------    d-----w-    C:\Program Files\iPod
2014-07-14 13:56:36    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 13:56:36    --------    d-----w-    C:\Program Files\iTunes
2014-07-14 13:56:36    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-07-09 13:53:12    1719296    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 13:53:11    1389568    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-09 13:53:11    1380864    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-09 13:53:11    1354240    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 13:53:10    936960    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 13:53:06    519168    ----a-w-    C:\windows\System32\aepdu.dll
2014-07-09 13:53:02    424448    ----a-w-    C:\windows\System32\aeinv.dll
2014-07-09 13:50:56    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-07-09 13:50:56    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-07-09 13:50:56    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
.
==================== Find3M  ====================
.
2014-07-09 13:53:27    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 13:53:27    699056    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-23 21:03:06    50464    ----a-w-    C:\windows\System32\drivers\avgtpx64.sys
2014-06-19 01:06:55    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\windows\System32\win32k.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-05-30 08:08:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
2014-05-08 09:32:11    3178496    ----a-w-    C:\windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\windows\System32\RdpGroupPolicyExtension.dll
.
============= FINISH:  1:01:37.38 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:29 AM

Posted 05 August 2014 - 05:35 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 jabberwaulk

jabberwaulk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 August 2014 - 10:53 AM

Listed below is the log from FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by FrankyG (administrator) on DALAPTOP on 05-08-2014 17:48:13
Running from C:\Users\FrankyG\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Scarlet.Crush Productions) C:\Program Files (x86)\Scarlet Crush Productions\ScpService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
() C:\Users\FrankyG\AppData\Local\Viber\Viber.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-18] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-25] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-07-01] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [ApproveItForOfficeSetup] => C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [155648 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-20] (Sony Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2571288 2014-06-23] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1727355828-322045687-3582784030-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-06-02] (Google Inc.)
HKU\S-1-5-21-1727355828-322045687-3582784030-1001\...\Run: [Viber] => C:\Users\FrankyG\AppData\Local\Viber\Viber.exe [936656 2014-07-24] ()
HKU\S-1-5-21-1727355828-322045687-3582784030-1001\...\Run: [AcapoCivto] => regsvr32.exe "C:\ProgramData\AcapoCivto\AcapoCivto.dat"
HKU\S-1-5-21-1727355828-322045687-3582784030-1001\...\Command Processor: "C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\IEUpdate\at.exe" <===== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\at.lnk
ShortcutTarget: at.lnk -> C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\IEUpdate\at.exe (No File)
Startup: C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={88CDF68A-13A1-4293-9A46-6769F6535D5B}&mid=a3bcd35940c547d08793d5343d824b6c-36a85fa83e797e64ffea363ea9ca884a3956b6fd&lang=en&ds=AVG&pr=fr&d=2013-01-30 18:33:57&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: smartdownloader Class -> {F1AF26F8-1828-4279-ABCE-074EF3235BD7} -> C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (TODO: <Company name>)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\5xpqtu8v.default
FF NewTab: hxxp://mystart.incredibar.com/mb128?a=6PQSdpcMyZ&i=26
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Blekko
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\5xpqtu8v.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\5xpqtu8v.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: incredibar.com - C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\5xpqtu8v.default\Extensions\ffxtlbr@incredibar.com [2012-12-09]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\5xpqtu8v.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-05]
FF Extension: PutLockerDownloader - C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\5xpqtu8v.default\Extensions\putlockerdownloader@putlockerdownloader.com.xpi [2012-11-06]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-09]
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-19]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.7.644
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.7.644 [2014-06-23]
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxxp://www.msn.com/?pc=UP97&ocid={88CDF68A-13A1-4293-9A46-6769F6535D5B}&mid=a3bcd35940c547d08793d5343d824b6c-36a85fa83e797e64ffea363ea9ca884a3956b6fd&lang=en&ds=AVG&pr=fr&d=2013-01-30 18:33:57&v=18.0.5.292&pid=avg&sg=0&sap=hp"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchURL: http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
CHR Extension: (PutLockerDownloader) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci [2012-12-28]
CHR Extension: (IB Updater) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2012-12-28]
CHR Extension: (AVG Security Toolbar) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-28]
CHR Extension: (Google Wallet) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-11-07]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-09]
CHR HKLM-x32\...\Chrome\Extension: [apfdadfinodckpcehhdhjlgiphgnbfci] - C:\Program Files (x86)\PutLockerDownloader\putlockerdownloader10.crx [2012-11-06]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-09]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Brandon Latus\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-12-09]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Ds3Service; C:\Program Files (x86)\Scarlet Crush Productions\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1813528 2014-06-23] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-06-23] (AVG Technologies)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 17:48 - 2014-08-05 17:49 - 00031076 _____ () C:\Users\FrankyG\Desktop\FRST.txt
2014-08-05 17:47 - 2014-08-05 17:48 - 00000000 ____D () C:\FRST
2014-08-05 17:46 - 2014-08-05 17:46 - 02094080 _____ (Farbar) C:\Users\FrankyG\Desktop\FRST64.exe
2014-08-05 01:06 - 2014-08-05 01:06 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\FrankyG\Desktop\mbam-setup.exe
2014-08-05 01:05 - 2014-08-05 01:05 - 01016261 _____ (Thisisu) C:\Users\FrankyG\Desktop\JRT.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 05567674 _____ (Swearware) C:\Users\FrankyG\Desktop\ComboFix.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\FrankyG\Desktop\tdsskiller.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\FrankyG\Desktop\rkill.exe
2014-08-05 01:01 - 2014-08-05 01:01 - 00028197 _____ () C:\Users\FrankyG\Desktop\dds.txt
2014-08-05 01:01 - 2014-08-05 01:01 - 00010068 _____ () C:\Users\FrankyG\Desktop\attach.txt
2014-08-05 00:58 - 2014-08-05 00:58 - 00688992 ____R (Swearware) C:\Users\FrankyG\Desktop\dds.com
2014-08-04 11:42 - 2014-08-04 11:42 - 00643936 _____ () C:\windows\Minidump\080414-53664-01.dmp
2014-08-03 19:44 - 2014-08-03 19:45 - 00374384 _____ () C:\windows\Minidump\080314-58937-01.dmp
2014-07-31 19:59 - 2014-07-31 19:59 - 00374424 _____ () C:\windows\Minidump\073114-45645-01.dmp
2014-07-31 09:54 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-31 09:54 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-31 09:54 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-07-31 09:54 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-07-31 09:53 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-31 09:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-31 09:52 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-31 09:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-31 09:52 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-31 09:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-30 22:32 - 2014-08-04 22:18 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Viber
2014-07-30 22:32 - 2014-08-04 11:45 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\ViberPC
2014-07-30 22:32 - 2014-07-30 22:32 - 00001043 _____ () C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-07-30 14:04 - 2014-08-05 17:42 - 00000000 ____D () C:\ProgramData\AcapoCivto
2014-07-30 14:04 - 2014-07-30 14:04 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-07-28 15:16 - 2014-07-28 15:17 - 00374400 _____ () C:\windows\Minidump\072814-57299-01.dmp
2014-07-17 21:29 - 2014-08-04 11:42 - 447173461 _____ () C:\windows\MEMORY.DMP
2014-07-17 21:29 - 2014-07-17 21:30 - 00374416 _____ () C:\windows\Minidump\071714-40887-01.dmp
2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Adobe
2014-07-14 15:58 - 2014-07-14 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-14 15:56 - 2014-07-14 15:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 15:56 - 2014-07-14 15:58 - 00000000 ____D () C:\Program Files\iTunes
2014-07-14 15:56 - 2014-07-14 15:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-14 15:56 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files\iPod
2014-07-09 15:53 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 15:53 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 15:52 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 15:52 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 15:52 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 15:52 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 15:52 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 15:52 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 15:51 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 15:51 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 15:51 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 15:51 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 15:51 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 15:51 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 15:51 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 15:51 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 15:51 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 15:51 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 15:51 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 15:51 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 15:51 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 15:51 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 15:51 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 15:51 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 15:51 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 15:51 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 15:51 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 15:51 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 15:51 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 15:51 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 15:51 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 15:51 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 15:51 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 15:51 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 15:51 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 15:51 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 15:51 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 15:51 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 15:51 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 15:51 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 15:51 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 15:51 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 15:51 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 15:51 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 15:51 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 15:51 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 15:51 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 15:51 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 15:51 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 15:51 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 15:51 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 15:51 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 15:51 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 15:51 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 15:51 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 15:51 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 15:51 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 15:51 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 15:51 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 15:51 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 15:51 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 15:51 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 15:51 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 15:51 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 15:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 15:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 15:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 17:49 - 2014-08-05 17:48 - 00031076 _____ () C:\Users\FrankyG\Desktop\FRST.txt
2014-08-05 17:49 - 2012-02-18 00:22 - 01707431 _____ () C:\windows\WindowsUpdate.log
2014-08-05 17:48 - 2014-08-05 17:47 - 00000000 ____D () C:\FRST
2014-08-05 17:46 - 2014-08-05 17:46 - 02094080 _____ (Farbar) C:\Users\FrankyG\Desktop\FRST64.exe
2014-08-05 17:43 - 2012-12-25 20:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-05 17:42 - 2014-07-30 14:04 - 00000000 ____D () C:\ProgramData\AcapoCivto
2014-08-05 17:37 - 2012-07-03 14:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 17:37 - 2012-06-02 20:16 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 17:37 - 2012-06-02 20:16 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 01:06 - 2014-08-05 01:06 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\FrankyG\Desktop\mbam-setup.exe
2014-08-05 01:05 - 2014-08-05 01:05 - 01016261 _____ (Thisisu) C:\Users\FrankyG\Desktop\JRT.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 05567674 _____ (Swearware) C:\Users\FrankyG\Desktop\ComboFix.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\FrankyG\Desktop\tdsskiller.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\FrankyG\Desktop\rkill.exe
2014-08-05 01:01 - 2014-08-05 01:01 - 00028197 _____ () C:\Users\FrankyG\Desktop\dds.txt
2014-08-05 01:01 - 2014-08-05 01:01 - 00010068 _____ () C:\Users\FrankyG\Desktop\attach.txt
2014-08-05 00:58 - 2014-08-05 00:58 - 00688992 ____R (Swearware) C:\Users\FrankyG\Desktop\dds.com
2014-08-04 22:18 - 2014-07-30 22:32 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Viber
2014-08-04 11:51 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 11:51 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 11:45 - 2014-07-30 22:32 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\ViberPC
2014-08-04 11:43 - 2013-06-03 15:54 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-08-04 11:43 - 2012-06-02 22:16 - 00000000 ___RD () C:\Users\FrankyG\Dropbox
2014-08-04 11:43 - 2012-06-02 22:12 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\Dropbox
2014-08-04 11:42 - 2014-08-04 11:42 - 00643936 _____ () C:\windows\Minidump\080414-53664-01.dmp
2014-08-04 11:42 - 2014-07-17 21:29 - 447173461 _____ () C:\windows\MEMORY.DMP
2014-08-04 11:42 - 2013-10-05 23:08 - 00038048 _____ () C:\windows\setupact.log
2014-08-04 11:42 - 2013-07-05 09:55 - 00000000 ____D () C:\Program Files (x86)\Scarlet Crush Productions
2014-08-04 11:42 - 2013-04-24 14:52 - 00000000 ____D () C:\windows\Minidump
2014-08-04 11:42 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-03 19:45 - 2014-08-03 19:44 - 00374384 _____ () C:\windows\Minidump\080314-58937-01.dmp
2014-07-31 19:59 - 2014-07-31 19:59 - 00374424 _____ () C:\windows\Minidump\073114-45645-01.dmp
2014-07-31 12:58 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-07-30 22:32 - 2014-07-30 22:32 - 00001043 _____ () C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-07-30 14:04 - 2014-07-30 14:04 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-07-28 15:20 - 2012-06-02 22:13 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-28 15:17 - 2014-07-28 15:16 - 00374400 _____ () C:\windows\Minidump\072814-57299-01.dmp
2014-07-28 15:16 - 2012-06-02 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-28 15:16 - 2012-05-03 21:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 15:16 - 2012-05-03 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 03:02 - 2012-05-03 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 11:54 - 2009-07-14 07:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-17 21:30 - 2014-07-17 21:29 - 00374416 _____ () C:\windows\Minidump\071714-40887-01.dmp
2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Adobe
2014-07-14 15:58 - 2014-07-14 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-14 15:58 - 2014-07-14 15:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 15:58 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files\iTunes
2014-07-14 15:58 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-14 15:56 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files\iPod
2014-07-10 03:14 - 2009-07-14 06:45 - 00310952 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-10 03:10 - 2014-05-07 01:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 03:10 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:10 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-10 03:10 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-10 03:07 - 2013-07-18 00:42 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 03:04 - 2012-04-13 04:51 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 15:53 - 2012-07-03 14:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 15:53 - 2012-05-11 04:58 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 15:53 - 2011-11-02 05:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\FrankyG\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjdrwzg.dll
C:\Users\FrankyG\AppData\Local\Temp\ose00000.exe
C:\Users\FrankyG\AppData\Local\Temp\tmpA354.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 01:22

==================== End Of Log ============================



#4 jabberwaulk

jabberwaulk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 August 2014 - 10:56 AM

Listed below is the ADDITION Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by FrankyG at 2014-08-05 17:49:56
Running from C:\Users\FrankyG\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{16EA5479-5CE2-F045-8D65-3F1FC41B90E5}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.61110.2305 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ApproveIt Desktop (HKLM-x32\...\{4E01B649-0023-4EB5-9263-57DE317C3418}) (Version: 6.50.25.1000 - Silanis Technology Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3955 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.7.644 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.51 - Conexant)
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Flixster Collections (HKLM-x32\...\FlixsterCollections) (Version: 1.0.76 - Warner Bros. Entertainment Inc.)
Flixster Collections (x32 Version: 1.0.76 - Warner Bros. Entertainment Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IB Updater 2.0.0.574 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.574 - IncrediBar) <==== ATTENTION
IB Updater Service (HKLM\...\WNLT) (Version: 2.0.1.1 - ) <==== ATTENTION
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.123 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Java™ 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Netwaiting (HKLM-x32\...\{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}) (Version: 1.0.1 - Conexant Systems, Inc)
NWZ-W260 WALKMAN Guide (HKLM-x32\...\{55DD5CE4-6949-4F6D-AA60-EDE8383CE748}) (Version: 2.1.0.28280 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Nostromo (HKLM-x32\...\{0214578F-4888-43FB-9E34-C14FCFDEDDEB}) (Version: 2.02.08 - Razer USA Ltd.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.09.03.00 - TOSHIBA)
TOSHIBA Hardware Setup (Version: 4.09.03.00 - TOSHIBA) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.8.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.20.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.20.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.09.03.00 - TOSHIBA)
TOSHIBA Supervisor Password (Version: 4.09.03.00 - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Viber (HKCU\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
Viewer_armyifx (HKLM-x32\...\Viewer_armyifx) (Version: 3.5.1 - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinX DVD Ripper 5.5.5 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{95257618-472b-4183-807b-661361dc1d4d}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{fc2854c3-76b9-4661-b715-e33850048be5}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

02-07-2014 18:01:46 Scheduled Checkpoint
09-07-2014 21:15:14 Scheduled Checkpoint
10-07-2014 01:00:34 Windows Update
18-07-2014 08:05:36 Scheduled Checkpoint
25-07-2014 01:00:14 Windows Update
31-07-2014 07:51:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4C3C434C-16E3-4F07-A636-2D244E57119F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: {7E61445E-17FA-4719-9E75-5698044637C7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8FE76695-12F1-42BE-8494-434D659EB1E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {C737155E-EBEE-49AB-98DD-B674E324059A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: {D684F07E-5AD1-4B39-B1C1-B0BD8F27C393} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{7614D60A-9AB7-4694-BC97-2CDCB80479CE}.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{7614D60A-9AB7-4694-BC97-2CDCB80479CE}.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-23 23:04 - 2014-06-23 23:03 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
2010-11-19 03:18 - 2010-11-19 03:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-16 01:19 - 2010-12-16 01:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2014-07-30 22:32 - 2014-07-24 19:40 - 00936656 _____ () C:\Users\FrankyG\AppData\Local\Viber\Viber.exe
2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-11-11 09:24 - 2011-11-11 09:24 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 19:55 - 2011-11-09 19:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-01-30 19:33 - 2014-06-23 23:03 - 02571288 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2011-06-10 07:09 - 2011-06-10 07:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-23 23:04 - 2014-06-23 23:03 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
2014-07-30 22:32 - 2014-07-24 19:40 - 22591488 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\libViber.dll
2014-07-30 22:32 - 2014-03-21 11:20 - 00732160 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\libGLESv2.dll
2014-07-30 22:32 - 2014-07-24 19:15 - 00092160 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\qfacebook.dll
2014-07-30 22:32 - 2014-03-21 11:20 - 00047104 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\libEGL.dll
2014-07-30 22:32 - 2014-03-21 11:25 - 00856064 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\platforms\qwindows.dll
2014-07-30 22:32 - 2014-03-21 11:25 - 00021504 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\imageformats\qgif.dll
2014-07-30 22:32 - 2014-03-21 11:25 - 00020992 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\imageformats\qico.dll
2014-07-30 22:32 - 2014-03-21 11:25 - 00204800 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\imageformats\qjpeg.dll
2014-07-30 22:32 - 2014-03-21 11:28 - 00218112 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\imageformats\qmng.dll
2014-07-30 22:32 - 2014-03-21 11:26 - 00015872 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\imageformats\qsvg.dll
2014-07-30 22:32 - 2014-03-21 11:28 - 00015360 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\imageformats\qtga.dll
2014-07-30 22:32 - 2014-03-21 11:28 - 00307712 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\imageformats\qtiff.dll
2014-07-30 22:32 - 2014-03-21 11:28 - 00014848 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\imageformats\qwbmp.dll
2014-07-30 22:32 - 2014-03-21 11:25 - 00620544 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\sqldrivers\qsqlite.dll
2014-07-30 22:32 - 2014-03-21 11:26 - 00026624 _____ () C:\Users\FrankyG\AppData\Local\Viber\4.2.2.6\iconengines\qsvgicon.dll
2014-08-04 11:43 - 2014-08-04 11:43 - 00043008 _____ () c:\users\frankyg\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjdrwzg.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\libcef.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-06-29 17:13 - 2014-06-29 17:14 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-23 23:04 - 2014-06-23 23:03 - 00693272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.7\NativeBrowserApi.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Razer Nostromo Driver => C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2014 05:37:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36224571

Error: (08/05/2014 05:37:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36224571

Error: (08/05/2014 05:37:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/05/2014 07:33:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18159

Error: (08/05/2014 07:33:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18159

Error: (08/05/2014 07:33:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/05/2014 07:33:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17160

Error: (08/05/2014 07:33:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17160

Error: (08/05/2014 07:33:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/05/2014 07:33:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16162


System errors:
=============
Error: (08/05/2014 07:33:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.

Error: (08/04/2014 11:42:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/04/2014 11:42:50 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0xfffffa8003fb51e0, 0xfffff880041128b8, 0x0000000000000000, 0x0000000000000002)C:\windows\MEMORY.DMP080414-53664-01

Error: (08/04/2014 11:42:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:40:32 AM on ‎8/‎4/‎2014 was unexpected.

Error: (08/04/2014 01:03:24 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (08/04/2014 01:03:24 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (08/03/2014 11:43:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (08/03/2014 07:44:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/03/2014 07:45:04 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0xfffffa80041874e0, 0xfffff880043108b8, 0x0000000000000000, 0x0000000000000002)C:\windows\MEMORY.DMP080314-58937-01

Error: (08/03/2014 07:44:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:42:30 PM on ‎8/‎3/‎2014 was unexpected.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 80%
Total physical RAM: 3558.87 MB
Available physical RAM: 698.52 MB
Total Pagefile: 7115.91 MB
Available Pagefile: 3883.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI106304W0E) (Fixed) (Total:449.63 GB) (Free:375.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 52A8BCE0)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

==================== End Of Log ============================



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:29 AM

Posted 05 August 2014 - 01:27 PM

Hello jabberwaulk,
our next steps are:


Step 1

Please uninstall some programs:
  • Windows 7w7.png: Click on the Start Menu button, open Control Panel and click Uninstall a program.
Search and select the following programs one by one and click on Uninstall:

IB Updater 2.0.0.574
IB Updater Service
  • Reboot your computer.
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 jabberwaulk

jabberwaulk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 August 2014 - 02:51 PM

Below is the resulting FRST Scan Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by FrankyG (administrator) on DALAPTOP on 05-08-2014 21:47:08
Running from C:\Users\FrankyG\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Scarlet.Crush Productions) C:\Program Files (x86)\Scarlet Crush Productions\ScpService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Users\FrankyG\AppData\Local\Viber\Viber.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-18] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-25] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-07-01] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [ApproveItForOfficeSetup] => C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [155648 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-20] (Sony Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1727355828-322045687-3582784030-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-06-02] (Google Inc.)
HKU\S-1-5-21-1727355828-322045687-3582784030-1001\...\Run: [Viber] => C:\Users\FrankyG\AppData\Local\Viber\Viber.exe [936656 2014-07-24] ()
HKU\S-1-5-21-1727355828-322045687-3582784030-1001\...\Run: [AcapoCivto] => regsvr32.exe "C:\ProgramData\AcapoCivto\AcapoCivto.dat"
HKU\S-1-5-21-1727355828-322045687-3582784030-1001\...\Command Processor: "C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\IEUpdate\at.exe" <===== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\at.lnk
ShortcutTarget: at.lnk -> C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\IEUpdate\at.exe (No File)
Startup: C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\m4remznd.default-1407265948404
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Firefox Old Version Update Hotfix - C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\m4remznd.default-1407265948404\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-05]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-19]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP",
            "hxxp://www.msn.com/?pc=UP97&ocid={88CDF68A-13A1-4293-9A46-6769F6535D5B}&mid=a3bcd35940c547d08793d5343d824b6c-36a85fa83e797e64ffea363ea9ca884a3956b6fd&lang=en&ds=AVG&pr=fr&d=2013-01-30 18:33:57&v=18.0.5.292&pid=avg&sg=0&sap=hp"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (IBM Lotus Forms Viewer 7.6.1.123) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll (IBM Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (No Name) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-28]
CHR Extension: (Google Wallet) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Brandon Latus\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Ds3Service; C:\Program Files (x86)\Scarlet Crush Productions\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-06-23] (AVG Technologies)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 21:47 - 2014-08-05 21:47 - 00028540 _____ () C:\Users\FrankyG\Desktop\FRST.txt
2014-08-05 21:34 - 2014-08-05 21:34 - 01361309 _____ () C:\Users\FrankyG\Downloads\AdwCleaner.exe
2014-08-05 21:29 - 2014-08-05 21:36 - 00000000 ____D () C:\AdwCleaner
2014-08-05 21:21 - 2014-08-05 21:22 - 00000000 ____D () C:\Users\FrankyG\Desktop\OldTxt files
2014-08-05 21:12 - 2014-08-05 21:12 - 00000000 ____D () C:\Users\FrankyG\Desktop\Old Firefox Data
2014-08-05 17:47 - 2014-08-05 21:47 - 00000000 ____D () C:\FRST
2014-08-05 17:46 - 2014-08-05 17:46 - 02094080 _____ (Farbar) C:\Users\FrankyG\Desktop\FRST64.exe
2014-08-05 01:06 - 2014-08-05 01:06 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\FrankyG\Desktop\mbam-setup.exe
2014-08-05 01:05 - 2014-08-05 01:05 - 01016261 _____ (Thisisu) C:\Users\FrankyG\Desktop\JRT.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 05567674 _____ (Swearware) C:\Users\FrankyG\Desktop\ComboFix.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\FrankyG\Desktop\tdsskiller.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\FrankyG\Desktop\rkill.exe
2014-08-05 00:58 - 2014-08-05 00:58 - 00688992 ____R (Swearware) C:\Users\FrankyG\Desktop\dds.com
2014-08-04 11:42 - 2014-08-04 11:42 - 00643936 _____ () C:\windows\Minidump\080414-53664-01.dmp
2014-08-03 19:44 - 2014-08-03 19:45 - 00374384 _____ () C:\windows\Minidump\080314-58937-01.dmp
2014-07-31 19:59 - 2014-07-31 19:59 - 00374424 _____ () C:\windows\Minidump\073114-45645-01.dmp
2014-07-31 09:54 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-31 09:54 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-31 09:54 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-07-31 09:54 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-07-31 09:53 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-31 09:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-31 09:52 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-31 09:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-31 09:52 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-31 09:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-30 22:32 - 2014-08-05 21:39 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\ViberPC
2014-07-30 22:32 - 2014-08-05 21:38 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Viber
2014-07-30 22:32 - 2014-07-30 22:32 - 00001043 _____ () C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-07-30 14:04 - 2014-08-05 18:18 - 00000000 ____D () C:\ProgramData\AcapoCivto
2014-07-30 14:04 - 2014-07-30 14:04 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-07-28 15:16 - 2014-07-28 15:17 - 00374400 _____ () C:\windows\Minidump\072814-57299-01.dmp
2014-07-17 21:29 - 2014-08-04 11:42 - 447173461 _____ () C:\windows\MEMORY.DMP
2014-07-17 21:29 - 2014-07-17 21:30 - 00374416 _____ () C:\windows\Minidump\071714-40887-01.dmp
2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Adobe
2014-07-14 15:58 - 2014-07-14 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-14 15:56 - 2014-07-14 15:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 15:56 - 2014-07-14 15:58 - 00000000 ____D () C:\Program Files\iTunes
2014-07-14 15:56 - 2014-07-14 15:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-14 15:56 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files\iPod
2014-07-09 15:53 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 15:53 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 15:52 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 15:52 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 15:52 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 15:52 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 15:52 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 15:52 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 15:51 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 15:51 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 15:51 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 15:51 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 15:51 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 15:51 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 15:51 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 15:51 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 15:51 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 15:51 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 15:51 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 15:51 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 15:51 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 15:51 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 15:51 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 15:51 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 15:51 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 15:51 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 15:51 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 15:51 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 15:51 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 15:51 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 15:51 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 15:51 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 15:51 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 15:51 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 15:51 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 15:51 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 15:51 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 15:51 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 15:51 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 15:51 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 15:51 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 15:51 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 15:51 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 15:51 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 15:51 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 15:51 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 15:51 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 15:51 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 15:51 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 15:51 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 15:51 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 15:51 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 15:51 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 15:51 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 15:51 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 15:51 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 15:51 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 15:51 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 15:51 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 15:51 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 15:51 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 15:51 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 15:51 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 15:51 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 15:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 15:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 15:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 21:48 - 2014-08-05 21:47 - 00028540 _____ () C:\Users\FrankyG\Desktop\FRST.txt
2014-08-05 21:47 - 2014-08-05 17:47 - 00000000 ____D () C:\FRST
2014-08-05 21:45 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 21:45 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 21:42 - 2012-02-18 00:22 - 01721817 _____ () C:\windows\WindowsUpdate.log
2014-08-05 21:39 - 2014-07-30 22:32 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\ViberPC
2014-08-05 21:39 - 2012-06-02 22:16 - 00000000 ___RD () C:\Users\FrankyG\Dropbox
2014-08-05 21:39 - 2012-06-02 22:12 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\Dropbox
2014-08-05 21:38 - 2014-07-30 22:32 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Viber
2014-08-05 21:38 - 2014-06-29 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 21:38 - 2013-10-05 23:08 - 00038160 _____ () C:\windows\setupact.log
2014-08-05 21:38 - 2013-07-05 09:55 - 00000000 ____D () C:\Program Files (x86)\Scarlet Crush Productions
2014-08-05 21:38 - 2013-06-03 15:54 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-08-05 21:38 - 2012-06-02 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-05 21:38 - 2012-06-02 20:16 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 21:38 - 2010-11-21 05:47 - 00756318 _____ () C:\windows\PFRO.log
2014-08-05 21:38 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-05 21:36 - 2014-08-05 21:29 - 00000000 ____D () C:\AdwCleaner
2014-08-05 21:34 - 2014-08-05 21:34 - 01361309 _____ () C:\Users\FrankyG\Downloads\AdwCleaner.exe
2014-08-05 21:30 - 2012-12-25 20:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-05 21:23 - 2012-06-02 20:16 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 21:22 - 2014-08-05 21:21 - 00000000 ____D () C:\Users\FrankyG\Desktop\OldTxt files
2014-08-05 21:12 - 2014-08-05 21:12 - 00000000 ____D () C:\Users\FrankyG\Desktop\Old Firefox Data
2014-08-05 20:52 - 2012-07-03 14:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 18:57 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-08-05 18:18 - 2014-07-30 14:04 - 00000000 ____D () C:\ProgramData\AcapoCivto
2014-08-05 17:46 - 2014-08-05 17:46 - 02094080 _____ (Farbar) C:\Users\FrankyG\Desktop\FRST64.exe
2014-08-05 01:06 - 2014-08-05 01:06 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\FrankyG\Desktop\mbam-setup.exe
2014-08-05 01:05 - 2014-08-05 01:05 - 01016261 _____ (Thisisu) C:\Users\FrankyG\Desktop\JRT.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 05567674 _____ (Swearware) C:\Users\FrankyG\Desktop\ComboFix.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\FrankyG\Desktop\tdsskiller.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\FrankyG\Desktop\rkill.exe
2014-08-05 00:58 - 2014-08-05 00:58 - 00688992 ____R (Swearware) C:\Users\FrankyG\Desktop\dds.com
2014-08-04 11:42 - 2014-08-04 11:42 - 00643936 _____ () C:\windows\Minidump\080414-53664-01.dmp
2014-08-04 11:42 - 2014-07-17 21:29 - 447173461 _____ () C:\windows\MEMORY.DMP
2014-08-04 11:42 - 2013-04-24 14:52 - 00000000 ____D () C:\windows\Minidump
2014-08-03 19:45 - 2014-08-03 19:44 - 00374384 _____ () C:\windows\Minidump\080314-58937-01.dmp
2014-07-31 19:59 - 2014-07-31 19:59 - 00374424 _____ () C:\windows\Minidump\073114-45645-01.dmp
2014-07-30 22:32 - 2014-07-30 22:32 - 00001043 _____ () C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-07-30 14:04 - 2014-07-30 14:04 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-07-28 15:20 - 2012-06-02 22:13 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-28 15:17 - 2014-07-28 15:16 - 00374400 _____ () C:\windows\Minidump\072814-57299-01.dmp
2014-07-28 15:16 - 2012-05-03 21:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 15:16 - 2012-05-03 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 03:02 - 2012-05-03 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 11:54 - 2009-07-14 07:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-17 21:30 - 2014-07-17 21:29 - 00374416 _____ () C:\windows\Minidump\071714-40887-01.dmp
2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Adobe
2014-07-14 15:58 - 2014-07-14 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-14 15:58 - 2014-07-14 15:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 15:58 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files\iTunes
2014-07-14 15:58 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-14 15:56 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files\iPod
2014-07-10 03:14 - 2009-07-14 06:45 - 00310952 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-10 03:10 - 2014-05-07 01:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 03:10 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:10 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-10 03:10 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-10 03:07 - 2013-07-18 00:42 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 03:04 - 2012-04-13 04:51 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 15:53 - 2012-07-03 14:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 15:53 - 2012-05-11 04:58 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 15:53 - 2011-11-02 05:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\FrankyG\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkvt3at.dll
C:\Users\FrankyG\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 01:22

==================== End Of Log ============================



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:29 AM

Posted 05 August 2014 - 03:09 PM

Hi,
can you please post up the Adwarecleaner-Log? :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 jabberwaulk

jabberwaulk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 August 2014 - 03:16 PM

Sorry.  Below is AdwCleaner [S0]

 

# AdwCleaner v3.302 - Report created 05/08/2014 at 21:36:21
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : FrankyG - DALAPTOP
# Running from : C:\Users\FrankyG\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.7

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\PutLockerDownloader
Folder Deleted : C:\Program Files (x86)\PutLockerDownloader.com
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\Users\FrankyG\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\FrankyG\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\FrankyG\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\FrankyG\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
Folder Deleted : C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\PutLockerDownloader
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\IB Updater
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\m4remznd.default-1407265948404\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : apfdadfinodckpcehhdhjlgiphgnbfci
Deleted [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [22863 octets] - [05/08/2014 21:29:48]
AdwCleaner[S0].txt - [11132 octets] - [05/08/2014 21:36:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11193 octets] ##########



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:29 AM

Posted 05 August 2014 - 04:05 PM

Hi, good job so far! :)
I have seen, that you downloaded combofix already to your desktop.

Scan with combofix.pngCombofix (by sUBs).
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 jabberwaulk

jabberwaulk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 August 2014 - 04:38 PM

The search is still going on... It seems to be stuck on "Completed Stage_4" though... Just leave it?



#11 jabberwaulk

jabberwaulk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 August 2014 - 05:02 PM

NVM...  A little patience goes a longway...



#12 jabberwaulk

jabberwaulk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 August 2014 - 05:29 PM

Below is the ComboFix Log file:

 

ComboFix 14-08-05.01 - FrankyG 08/05/2014  23:14:57.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3559.1444 [GMT 2:00]
Running from: c:\users\FrankyG\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe
c:\users\FrankyG\AppData\Roaming\Wamox
c:\users\FrankyG\AppData\Roaming\Wamox\abva.niy
c:\users\FrankyG\AppData\Roaming\Ycvyq
c:\users\FrankyG\AppData\Roaming\Ycvyq\ipliu.yky
c:\windows\isRS-000.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-05 to 2014-08-05  )))))))))))))))))))))))))))))))
.
.
2014-08-05 22:22 . 2014-08-05 22:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-05 19:36 . 2014-06-06 04:38    822384    ----a-w-    c:\program files (x86)\Mozilla Firefox\icuuc52.dll
2014-08-05 19:36 . 2014-06-06 04:38    1022576    ----a-w-    c:\program files (x86)\Mozilla Firefox\icuin52.dll
2014-08-05 19:36 . 2014-06-06 04:38    10594416    ----a-w-    c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-08-05 19:29 . 2014-08-05 19:36    --------    d-----w-    C:\AdwCleaner
2014-08-05 15:47 . 2014-08-05 19:49    --------    d-----w-    C:\FRST
2014-07-31 07:54 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-07-31 07:54 . 2014-05-14 16:23    58336    ----a-w-    c:\windows\system32\wuauclt.exe
2014-07-31 07:54 . 2014-05-14 16:23    2477536    ----a-w-    c:\windows\system32\wuaueng.dll
2014-07-31 07:54 . 2014-05-14 16:21    2620928    ----a-w-    c:\windows\system32\wucltux.dll
2014-07-31 07:53 . 2014-05-14 16:23    38880    ----a-w-    c:\windows\system32\wups.dll
2014-07-31 07:53 . 2014-05-14 16:23    36320    ----a-w-    c:\windows\SysWow64\wups.dll
2014-07-31 07:53 . 2014-05-14 16:23    700384    ----a-w-    c:\windows\system32\wuapi.dll
2014-07-31 07:53 . 2014-05-14 16:23    581600    ----a-w-    c:\windows\SysWow64\wuapi.dll
2014-07-31 07:53 . 2014-05-14 16:20    97792    ----a-w-    c:\windows\system32\wudriver.dll
2014-07-31 07:53 . 2014-05-14 16:17    92672    ----a-w-    c:\windows\SysWow64\wudriver.dll
2014-07-31 07:52 . 2014-05-14 07:23    198600    ----a-w-    c:\windows\system32\wuwebv.dll
2014-07-31 07:52 . 2014-05-14 07:23    179656    ----a-w-    c:\windows\SysWow64\wuwebv.dll
2014-07-31 07:52 . 2014-05-14 07:20    36864    ----a-w-    c:\windows\system32\wuapp.exe
2014-07-31 07:52 . 2014-05-14 07:17    33792    ----a-w-    c:\windows\SysWow64\wuapp.exe
2014-07-30 20:32 . 2014-08-05 19:39    --------    d-----w-    c:\users\FrankyG\AppData\Roaming\ViberPC
2014-07-30 20:32 . 2014-08-05 19:38    --------    d-----w-    c:\users\FrankyG\AppData\Local\Viber
2014-07-30 12:04 . 2014-08-05 19:51    --------    d-----w-    c:\programdata\AcapoCivto
2014-07-16 14:57 . 2014-07-16 14:57    --------    d-----w-    c:\users\FrankyG\AppData\Local\Adobe
2014-07-14 13:56 . 2014-07-14 13:56    --------    d-----w-    c:\program files\iPod
2014-07-14 13:56 . 2014-07-14 13:58    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 13:56 . 2014-07-14 13:58    --------    d-----w-    c:\program files\iTunes
2014-07-14 13:56 . 2014-07-14 13:58    --------    d-----w-    c:\program files (x86)\iTunes
2014-07-09 13:53 . 2014-06-03 10:02    1719296    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 13:53 . 2014-06-03 10:02    1389568    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 13:53 . 2014-06-03 10:02    1380864    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 13:53 . 2014-06-03 10:02    1354240    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 13:53 . 2014-06-03 09:29    936960    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 13:53 . 2014-06-30 02:09    519168    ----a-w-    c:\windows\system32\aepdu.dll
2014-07-09 13:53 . 2014-06-30 02:04    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-07-09 13:51 . 2014-06-19 00:53    48640    ----a-w-    c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-07-09 13:50 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-09 13:50 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-09 13:50 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 01:04 . 2012-04-13 02:51    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-07-09 13:53 . 2012-05-11 02:58    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 13:53 . 2011-11-02 03:40    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-23 21:03 . 2013-01-30 17:33    50464    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-05-08 09:32 . 2014-06-12 13:31    3178496    ----a-w-    c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 13:31    16384    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-02 39408]
"Viber"="c:\users\FrankyG\AppData\Local\Viber\Viber.exe" [2014-07-24 936656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
"AprvRemoveLegacyWordKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-11 343168]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ApproveItForOfficeSetup"="c:\program files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2010-01-26 155648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-01-21 4411952]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
.
c:\users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\FrankyG\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
ApproveIt StartUp.lnk - c:\windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico [2012-6-2 9216]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 Ds3Service;SCP DS3 Service;c:\program files (x86)\Scarlet Crush Productions\ScpService.exe;c:\program files (x86)\Scarlet Crush Productions\ScpService.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjoystk.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 17:23    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 13:53]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 18:16]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02 18:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\m4remznd.default-1407265948404\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
c:\users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\at.lnk - c:\users\FrankyG\AppData\Roaming\Microsoft\Windows\IEUpdate\at.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-06  00:25:41
ComboFix-quarantined-files.txt  2014-08-05 22:25
.
Pre-Run: 408,222,130,176 bytes free
Post-Run: 411,469,971,456 bytes free
.
- - End Of File - - 965AE8D31B247D5E87EB6F3C1E714354
5B5E648D12FCADC244C1EC30318E1EB9



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:29 AM

Posted 06 August 2014 - 02:19 PM

Hi,
well done! :thumbup2:

Next steps are:

Step 1


Please install mbam.pngMalwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 2


Please download the eset.pngESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 jabberwaulk

jabberwaulk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 06 August 2014 - 05:08 PM

A rather lenghty post but here are all 4 logs:

 

 

 

Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/6/2014
Scan Time: 10:04:26 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.06.08
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: FrankyG

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313810
Time Elapsed: 17 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



















ESET Log File:


ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ad0dc52aaea27c42914ec06da976261e
# engine=19533
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-06 09:56:05
# local_time=2014-08-06 11:56:05 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2013'
# compatibility_mode=1046 16777213 100 88 11195 94496149 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 33661623 158992015 0 0
# scanned=163830
# found=6
# cleaned=0
# scan_time=4951
sh=775D36458D022E18DD83B8AFF3DC75F20DA0E38D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\source.crx.vir"
sh=05F172E15709DB6378CA6C23C9EF970A58C6B0E4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\main.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\resources\localscript.js.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=C81AF9CB8A4DA43FA65CBCFAF33BA88CB24B8743 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\FrankyG\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\2996a818-7f75def8"


















FRST Log:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by FrankyG (administrator) on DALAPTOP on 07-08-2014 00:00:13
Running from C:\Users\FrankyG\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Scarlet.Crush Productions) C:\Program Files (x86)\Scarlet Crush Productions\ScpService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-18] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-25] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-07-01] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] => "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] => "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
HKLM-x32\...\Run: [ApproveItForOfficeSetup] => C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [155648 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-20] (Sony Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1727355828-322045687-3582784030-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-06-02] (Google Inc.)
HKU\S-1-5-21-1727355828-322045687-3582784030-1001\...\Run: [Viber] => C:\Users\FrankyG\AppData\Local\Viber\Viber.exe [936656 2014-07-24] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\FrankyG\AppData\Roaming\Mozilla\Firefox\Profiles\m4remznd.default-1407265948404
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-19]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP",
            "hxxp://www.msn.com/?pc=UP97&ocid={88CDF68A-13A1-4293-9A46-6769F6535D5B}&mid=a3bcd35940c547d08793d5343d824b6c-36a85fa83e797e64ffea363ea9ca884a3956b6fd&lang=en&ds=AVG&pr=fr&d=2013-01-30 18:33:57&v=18.0.5.292&pid=avg&sg=0&sap=hp"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (IBM Lotus Forms Viewer 7.6.1.123) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll (IBM Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (No Name) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-28]
CHR Extension: (Google Wallet) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\FrankyG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Brandon Latus\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Ds3Service; C:\Program Files (x86)\Scarlet Crush Productions\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-06-23] (AVG Technologies)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 22:26 - 2014-08-06 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-06 22:24 - 2014-08-06 22:24 - 02347384 _____ (ESET) C:\Users\FrankyG\Desktop\esetsmartinstaller_enu.exe
2014-08-06 22:03 - 2014-08-06 22:04 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 22:03 - 2014-08-06 22:03 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 22:03 - 2014-08-06 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 22:03 - 2014-08-06 22:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 22:03 - 2014-05-12 07:35 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-06 22:03 - 2014-05-12 07:35 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-06 22:03 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-08-06 00:25 - 2014-08-06 00:25 - 00025229 _____ () C:\ComboFix.txt
2014-08-05 23:13 - 2014-08-06 00:25 - 00000000 ____D () C:\Qoobox
2014-08-05 23:13 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-08-05 23:13 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-08-05 23:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-08-05 23:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-08-05 23:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-08-05 23:13 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-08-05 23:13 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-08-05 23:13 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-08-05 23:12 - 2014-08-06 00:23 - 00000000 ____D () C:\windows\erdnt
2014-08-05 22:56 - 2014-08-05 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 21:47 - 2014-08-07 00:00 - 00027695 _____ () C:\Users\FrankyG\Desktop\FRST.txt
2014-08-05 21:34 - 2014-08-05 21:34 - 01361309 _____ () C:\Users\FrankyG\Downloads\AdwCleaner.exe
2014-08-05 21:29 - 2014-08-05 21:36 - 00000000 ____D () C:\AdwCleaner
2014-08-05 21:21 - 2014-08-05 21:22 - 00000000 ____D () C:\Users\FrankyG\Desktop\OldTxt files
2014-08-05 21:12 - 2014-08-05 21:12 - 00000000 ____D () C:\Users\FrankyG\Desktop\Old Firefox Data
2014-08-05 17:47 - 2014-08-07 00:00 - 00000000 ____D () C:\FRST
2014-08-05 17:46 - 2014-08-05 17:46 - 02094080 _____ (Farbar) C:\Users\FrankyG\Desktop\FRST64.exe
2014-08-05 01:06 - 2014-08-05 01:06 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\FrankyG\Desktop\mbam-setup.exe
2014-08-05 01:05 - 2014-08-05 01:05 - 01016261 _____ (Thisisu) C:\Users\FrankyG\Desktop\JRT.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 05567674 ____R (Swearware) C:\Users\FrankyG\Desktop\ComboFix.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\FrankyG\Desktop\tdsskiller.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\FrankyG\Desktop\rkill.exe
2014-08-05 00:58 - 2014-08-05 00:58 - 00688992 ____R (Swearware) C:\Users\FrankyG\Desktop\dds.com
2014-08-04 11:42 - 2014-08-04 11:42 - 00643936 _____ () C:\windows\Minidump\080414-53664-01.dmp
2014-08-03 19:44 - 2014-08-03 19:45 - 00374384 _____ () C:\windows\Minidump\080314-58937-01.dmp
2014-07-31 19:59 - 2014-07-31 19:59 - 00374424 _____ () C:\windows\Minidump\073114-45645-01.dmp
2014-07-31 09:54 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-31 09:54 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-31 09:54 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-07-31 09:54 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-07-31 09:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-07-31 09:53 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-31 09:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-31 09:52 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-31 09:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-31 09:52 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-31 09:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-30 22:32 - 2014-08-05 21:39 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\ViberPC
2014-07-30 22:32 - 2014-08-05 21:38 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Viber
2014-07-30 22:32 - 2014-07-30 22:32 - 00001043 _____ () C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-07-30 14:04 - 2014-08-05 21:51 - 00000000 ____D () C:\ProgramData\AcapoCivto
2014-07-30 14:04 - 2014-07-30 14:04 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-07-28 15:16 - 2014-07-28 15:17 - 00374400 _____ () C:\windows\Minidump\072814-57299-01.dmp
2014-07-17 21:29 - 2014-08-04 11:42 - 447173461 _____ () C:\windows\MEMORY.DMP
2014-07-17 21:29 - 2014-07-17 21:30 - 00374416 _____ () C:\windows\Minidump\071714-40887-01.dmp
2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Adobe
2014-07-14 15:58 - 2014-07-14 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-14 15:56 - 2014-07-14 15:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 15:56 - 2014-07-14 15:58 - 00000000 ____D () C:\Program Files\iTunes
2014-07-14 15:56 - 2014-07-14 15:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-14 15:56 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files\iPod
2014-07-09 15:53 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 15:53 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 15:52 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 15:52 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 15:52 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 15:52 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 15:52 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 15:52 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 15:52 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 15:52 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 15:51 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 15:51 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 15:51 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 15:51 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 15:51 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 15:51 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 15:51 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 15:51 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 15:51 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 15:51 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 15:51 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 15:51 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 15:51 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 15:51 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 15:51 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 15:51 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 15:51 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 15:51 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 15:51 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 15:51 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 15:51 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 15:51 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 15:51 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 15:51 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 15:51 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 15:51 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 15:51 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 15:51 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 15:51 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 15:51 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 15:51 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 15:51 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 15:51 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 15:51 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 15:51 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 15:51 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 15:51 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 15:51 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 15:51 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 15:51 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 15:51 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 15:51 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 15:51 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 15:51 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 15:51 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 15:51 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 15:51 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 15:51 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 15:51 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 15:51 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 15:51 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 15:51 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 15:51 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 15:51 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 15:51 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 15:51 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 15:50 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 15:50 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 15:50 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 00:00 - 2014-08-05 21:47 - 00027695 _____ () C:\Users\FrankyG\Desktop\FRST.txt
2014-08-07 00:00 - 2014-08-05 17:47 - 00000000 ____D () C:\FRST
2014-08-06 23:52 - 2012-07-03 14:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-06 23:22 - 2012-06-02 20:16 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-06 22:28 - 2012-12-25 20:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-06 22:26 - 2014-08-06 22:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-06 22:24 - 2014-08-06 22:24 - 02347384 _____ (ESET) C:\Users\FrankyG\Desktop\esetsmartinstaller_enu.exe
2014-08-06 22:04 - 2014-08-06 22:03 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 22:03 - 2014-08-06 22:03 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 22:03 - 2014-08-06 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 22:03 - 2014-08-06 22:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 22:03 - 2013-03-23 03:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 21:00 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 21:00 - 2009-07-14 06:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 20:58 - 2012-06-02 20:16 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 20:56 - 2012-02-18 00:22 - 01740430 _____ () C:\windows\WindowsUpdate.log
2014-08-06 00:28 - 2012-06-02 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-06 00:25 - 2014-08-06 00:25 - 00025229 _____ () C:\ComboFix.txt
2014-08-06 00:25 - 2014-08-05 23:13 - 00000000 ____D () C:\Qoobox
2014-08-06 00:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-06 00:23 - 2014-08-05 23:12 - 00000000 ____D () C:\windows\erdnt
2014-08-06 00:22 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-08-05 22:56 - 2014-08-05 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 21:51 - 2014-07-30 14:04 - 00000000 ____D () C:\ProgramData\AcapoCivto
2014-08-05 21:39 - 2014-07-30 22:32 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\ViberPC
2014-08-05 21:39 - 2012-06-02 22:16 - 00000000 ___RD () C:\Users\FrankyG\Dropbox
2014-08-05 21:39 - 2012-06-02 22:12 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\Dropbox
2014-08-05 21:38 - 2014-07-30 22:32 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Viber
2014-08-05 21:38 - 2013-10-05 23:08 - 00038160 _____ () C:\windows\setupact.log
2014-08-05 21:38 - 2013-07-05 09:55 - 00000000 ____D () C:\Program Files (x86)\Scarlet Crush Productions
2014-08-05 21:38 - 2010-11-21 05:47 - 00756318 _____ () C:\windows\PFRO.log
2014-08-05 21:38 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-05 21:36 - 2014-08-05 21:29 - 00000000 ____D () C:\AdwCleaner
2014-08-05 21:34 - 2014-08-05 21:34 - 01361309 _____ () C:\Users\FrankyG\Downloads\AdwCleaner.exe
2014-08-05 21:22 - 2014-08-05 21:21 - 00000000 ____D () C:\Users\FrankyG\Desktop\OldTxt files
2014-08-05 21:12 - 2014-08-05 21:12 - 00000000 ____D () C:\Users\FrankyG\Desktop\Old Firefox Data
2014-08-05 18:57 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-08-05 17:46 - 2014-08-05 17:46 - 02094080 _____ (Farbar) C:\Users\FrankyG\Desktop\FRST64.exe
2014-08-05 01:06 - 2014-08-05 01:06 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\FrankyG\Desktop\mbam-setup.exe
2014-08-05 01:05 - 2014-08-05 01:05 - 01016261 _____ (Thisisu) C:\Users\FrankyG\Desktop\JRT.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 05567674 ____R (Swearware) C:\Users\FrankyG\Desktop\ComboFix.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\FrankyG\Desktop\tdsskiller.exe
2014-08-05 01:04 - 2014-08-05 01:04 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\FrankyG\Desktop\rkill.exe
2014-08-05 00:58 - 2014-08-05 00:58 - 00688992 ____R (Swearware) C:\Users\FrankyG\Desktop\dds.com
2014-08-04 11:42 - 2014-08-04 11:42 - 00643936 _____ () C:\windows\Minidump\080414-53664-01.dmp
2014-08-04 11:42 - 2014-07-17 21:29 - 447173461 _____ () C:\windows\MEMORY.DMP
2014-08-04 11:42 - 2013-04-24 14:52 - 00000000 ____D () C:\windows\Minidump
2014-08-03 19:45 - 2014-08-03 19:44 - 00374384 _____ () C:\windows\Minidump\080314-58937-01.dmp
2014-07-31 19:59 - 2014-07-31 19:59 - 00374424 _____ () C:\windows\Minidump\073114-45645-01.dmp
2014-07-30 22:32 - 2014-07-30 22:32 - 00001043 _____ () C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-07-30 14:04 - 2014-07-30 14:04 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-07-28 15:20 - 2012-06-02 22:13 - 00000000 ____D () C:\Users\FrankyG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-28 15:17 - 2014-07-28 15:16 - 00374400 _____ () C:\windows\Minidump\072814-57299-01.dmp
2014-07-28 15:16 - 2012-05-03 21:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 15:16 - 2012-05-03 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 03:02 - 2012-05-03 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 11:54 - 2009-07-14 07:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-17 21:30 - 2014-07-17 21:29 - 00374416 _____ () C:\windows\Minidump\071714-40887-01.dmp
2014-07-16 16:57 - 2014-07-16 16:57 - 00000000 ____D () C:\Users\FrankyG\AppData\Local\Adobe
2014-07-14 15:58 - 2014-07-14 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-14 15:58 - 2014-07-14 15:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-14 15:58 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files\iTunes
2014-07-14 15:58 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-14 15:56 - 2014-07-14 15:56 - 00000000 ____D () C:\Program Files\iPod
2014-07-10 03:14 - 2009-07-14 06:45 - 00310952 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-10 03:10 - 2014-05-07 01:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 03:10 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:10 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-10 03:10 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-10 03:07 - 2013-07-18 00:42 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 03:04 - 2012-04-13 04:51 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 15:53 - 2012-07-03 14:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 15:53 - 2012-05-11 04:58 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 15:53 - 2011-11-02 05:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 01:22

==================== End Of Log ============================






















Addition Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by FrankyG at 2014-08-07 00:01:10
Running from C:\Users\FrankyG\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{16EA5479-5CE2-F045-8D65-3F1FC41B90E5}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.61110.2305 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ApproveIt Desktop (HKLM-x32\...\{4E01B649-0023-4EB5-9263-57DE317C3418}) (Version: 6.50.25.1000 - Silanis Technology Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3955 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1110.2324.42036 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1110.2325.42036 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.51 - Conexant)
Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.3.0.23190 - Sony Corporation)
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Flixster Collections (HKLM-x32\...\FlixsterCollections) (Version: 1.0.76 - Warner Bros. Entertainment Inc.)
Flixster Collections (x32 Version: 1.0.76 - Warner Bros. Entertainment Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.123 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Java™ 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Netwaiting (HKLM-x32\...\{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}) (Version: 1.0.1 - Conexant Systems, Inc)
NWZ-W260 WALKMAN Guide (HKLM-x32\...\{55DD5CE4-6949-4F6D-AA60-EDE8383CE748}) (Version: 2.1.0.28280 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Nostromo (HKLM-x32\...\{0214578F-4888-43FB-9E34-C14FCFDEDDEB}) (Version: 2.02.08 - Razer USA Ltd.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.09.03.00 - TOSHIBA)
TOSHIBA Hardware Setup (Version: 4.09.03.00 - TOSHIBA) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.8.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.20.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.20.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.09.03.00 - TOSHIBA)
TOSHIBA Supervisor Password (Version: 4.09.03.00 - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKCU\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinX DVD Ripper 5.5.5 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{95257618-472b-4183-807b-661361dc1d4d}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FrankyG\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1727355828-322045687-3582784030-1001_Classes\CLSID\{fc2854c3-76b9-4661-b715-e33850048be5}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

25-07-2014 01:00:14 Windows Update
31-07-2014 07:51:47 Windows Update
05-08-2014 19:42:15 Removed Ventrilo Client for Windows x64

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-06 00:22 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4C3C434C-16E3-4F07-A636-2D244E57119F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: {7E61445E-17FA-4719-9E75-5698044637C7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8FE76695-12F1-42BE-8494-434D659EB1E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {C737155E-EBEE-49AB-98DD-B674E324059A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-02] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-19 03:18 - 2010-11-19 03:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-16 01:19 - 2010-12-16 01:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2011-11-11 09:24 - 2011-11-11 09:24 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 19:55 - 2011-11-09 19:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-10 07:09 - 2011-06-10 07:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-05 22:56 - 2014-08-05 22:56 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Razer Nostromo Driver => C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2014 11:57:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2014 10:29:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2014 10:26:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2014 10:26:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2014 10:26:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2014 09:39:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 09:39:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DivXUpdate.exe, version: 1.0.6.15, time stamp: 0x4e31ebcf
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x428
Faulting application start time: 0xDivXUpdate.exe0
Faulting application path: DivXUpdate.exe1
Faulting module path: DivXUpdate.exe2
Report Id: DivXUpdate.exe3

Error: (08/05/2014 09:39:08 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (08/05/2014 09:26:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 09:25:16 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)


System errors:
=============
Error: (08/06/2014 06:33:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/06/2014 00:22:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/06/2014 00:21:40 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/05/2014 09:38:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/05/2014 09:37:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/05/2014 09:24:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/05/2014 09:23:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/05/2014 07:33:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.

Error: (08/04/2014 11:42:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/04/2014 11:42:50 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0xfffffa8003fb51e0, 0xfffff880041128b8, 0x0000000000000000, 0x0000000000000002)C:\windows\MEMORY.DMP080414-53664-01


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-06 00:21:40.711
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-06 00:21:40.571
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 3558.87 MB
Available physical RAM: 1386.84 MB
Total Pagefile: 7115.91 MB
Available Pagefile: 4952.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI106304W0E) (Fixed) (Total:449.63 GB) (Free:380.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 52A8BCE0)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

==================== End Of Log ============================



#15 jabberwaulk

jabberwaulk
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 06 August 2014 - 05:15 PM

The detection of the Trojan Horse has stopped.  Computer still seems kind of sluggish.  I am not sure what else the computer picked up since my wife is the primary user of the laptop, and she is not too .... computer savy....






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users