Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Triggered Randomly - Malicious Website Being Blocked "xmlclick-g.com"


  • This topic is locked This topic is locked
10 replies to this topic

#1 Yvetzky

Yvetzky

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 14 September 2014 - 12:56 PM

This PC is running Windows 7 64 bit.
 
User experiencing slowdown/freezing.  Also the browser (Chrome) would open on its own and connect to what seems like random websites. Trend Micro detected "SWF_EXPLOYT.LPE" but was not able to remove it.  
 
I uninstalled Trend Micro and installed Malwarebytes.  Used it to scan and found a number of viruses (have log).  The ones it found were removed successfully.
 
I then installed ADW and it found a couple more issues.  It was able to clean those.
 
I reran Malwarebytes and it no longer detect any more viruses.  BUT, it continues to show "Malicious Website Blocked" Domain: "xmlclick-g.com"
 
I can see this "virus" in the Task Manager disguising itself as Chrome.  I know where the .exe is located, but I can't delete it.
 
Please help.
 
========================
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576
Run by toni at 10:05:47 on 2014-09-14
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.6016.3769 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\HPSIsvc.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\hfqfzgauh.exe
C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\hfqfzgauh.exe
C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\hfqfzgauh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [onjitwmbynl] rundll32.exe "C:\Users\toni\AppData\Local\Google\onjitwmbynl.dll",DllRegisterServer
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: RunStartupScriptSync = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
TCP: NameServer = 192.168.0.200
TCP: Interfaces\{7F4EE9D5-C845-489F-80FB-549C2495068B} : NameServer = 192.168.0.200
TCP: Interfaces\{7F4EE9D5-C845-489F-80FB-549C2495068B} : DHCPNameServer = 192.168.0.200
TCP: Interfaces\{FBF88D72-A633-4780-8349-7ECE9A2F262B} : NameServer = 192.168.0.200
TCP: Interfaces\{FBF88D72-A633-4780-8349-7ECE9A2F262B} : DHCPNameServer = 206.13.29.12 206.13.30.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - 
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - 
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-12-4 16152]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-24 136704]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2013-4-5 127800]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-4 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-13 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-13 860472]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-12-4 1695040]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-4 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-4 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-4 788760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-13 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-13 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-13 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-4 565352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-9 166912]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-12-24 20480]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2014-09-13 22:37:19 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-13 22:36:52 -------- d-----w- C:\AdwCleaner
2014-09-13 21:50:09 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-13 21:49:30 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-13 21:49:30 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-13 21:49:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-13 21:49:30 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-13 21:49:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 21:49:09 -------- d-----w- C:\Users\toni\AppData\Local\Programs
2014-09-04 17:23:59 -------- d-----w- C:\Users\toni\AppData\Local\GameAssistant
2014-09-02 18:39:24 42496 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\x5pp.dll
2014-09-02 18:39:24 11264 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\x5print.dll
2014-08-25 17:17:32 22064 ----a-w- C:\Windows\DCEBoot64.exe
2014-08-22 19:22:12 12288 --sh--r- C:\Users\toni\AppData\Roaming\{0000277F-214F-25E8-718B-0B56867226D1}.exe
.
==================== Find3M  ====================
.
2014-08-11 22:08:23 234544 ----a-w- C:\Windows\RegBootClean64.exe
2014-08-11 22:08:19 181808 ----a-w- C:\Windows\RegBootClean.exe
.
============= FINISH: 10:18:55.39 ===============
 
 
I also have Malwarebytes and ADW logs if needed.


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 14 September 2014 - 01:00 PM

Hi there,

I also have Malwarebytes and ADW logs if needed.

yes please post them, too.

And in addition run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Yvetzky

Yvetzky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 14 September 2014 - 02:53 PM

Hello aharonov,

 

Zip file with Malwarebytes, ADW, and DDS attach.txt logs attached.

 

I will run Farbar on Monday (PST) and attach the logs for that as soon as I have them.

 

Thank you

Attached Files



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 14 September 2014 - 02:59 PM

Ok, I'll wait for the FRST logs.

#5 Yvetzky

Yvetzky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 15 September 2014 - 02:06 PM

Hi aharonov,

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by toni (administrator) on GEORGIANNA-PC-3 on 15-09-2014 12:00:20
Running from C:\Users\toni\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\hfqfzgauh.exe
(Google Inc.) C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\hfqfzgauh.exe
(Google Inc.) C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\hfqfzgauh.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4137540349-854692904-3098068916-3155\...\Run: [.tluafed** <*>] => C:\Users\toni\Application Data\{0000277F-214F-25E8-718B-0B56867226D1}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-4137540349-854692904-3098068916-3155\...\Run: [onjitwmbynl] => rundll32.exe "C:\Users\toni\AppData\Local\Google\onjitwmbynl.dll",DllRegisterServer <===== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DBA1B9DF8A5CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {DB6E179D-B502-4A96-B726-F9C5267C6861} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS
SearchScopes: HKLM-x32 - {DB6E179D-B502-4A96-B726-F9C5267C6861} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS
SearchScopes: HKCU - DefaultScope {DB6E179D-B502-4A96-B726-F9C5267C6861} URL = 
SearchScopes: HKCU - {DB6E179D-B502-4A96-B726-F9C5267C6861} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1016\TmIEPlg.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1016\TmIEPlg32.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1016\TmIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1016\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.200
Tcpip\..\Interfaces\{7F4EE9D5-C845-489F-80FB-549C2495068B}: [NameServer] 192.168.0.200
Tcpip\..\Interfaces\{FBF88D72-A633-4780-8349-7ECE9A2F262B}: [NameServer] 192.168.0.200
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1016\FirefoxExtension
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> DA0B94AC5008B21EA0574B724675262C4F8E16A4836A6CD3922B31EE294DBCF1
CHR DefaultSearchProvider: Default -> E2D3EBE0E603AD0D1B275950C41272B3BE69C95B6AD93B4D2E9C10C1DD373962
CHR DefaultSearchURL: Default -> 123A8576628BE61DB3C109F2F207F3A452874BB0BD72C3929D51CE84E6336187
CHR Profile: C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-22]
CHR Extension: (Google Drive) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-22]
CHR Extension: (YouTube) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-22]
CHR Extension: (Google Search) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
CHR Extension: (Gmail) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-09] (Dell Products, LP.) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 12:00 - 2014-09-15 12:00 - 00013096 _____ () C:\Users\toni\Downloads\FRST.txt
2014-09-15 11:59 - 2014-09-15 12:00 - 00000000 ____D () C:\FRST
2014-09-15 11:59 - 2014-09-15 11:59 - 02105856 _____ (Farbar) C:\Users\toni\Downloads\FRST64.exe
2014-09-14 10:20 - 2014-09-14 10:20 - 00008108 _____ () C:\Users\toni\Documents\Attach.txt
2014-09-14 10:19 - 2014-09-14 10:19 - 00012181 _____ () C:\Users\toni\Documents\DDS.txt
2014-09-14 10:19 - 2014-09-14 10:19 - 00008108 _____ () C:\Users\toni\Desktop\attach.txt
2014-09-14 10:19 - 2014-09-14 10:18 - 00012181 _____ () C:\Users\toni\Desktop\dds.txt
2014-09-14 10:05 - 2014-09-14 10:05 - 00688992 ____R (Swearware) C:\Users\toni\Downloads\dds.com
2014-09-13 15:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-13 15:36 - 2014-09-13 15:50 - 00000000 ____D () C:\AdwCleaner
2014-09-13 15:36 - 2014-09-13 15:36 - 01373475 _____ () C:\Users\toni\Downloads\AdwCleaner.exe
2014-09-13 15:25 - 2014-09-13 15:25 - 00189384 _____ (Kaspersky Lab) C:\Users\toni\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6245.exe
2014-09-13 14:50 - 2014-09-15 09:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 14:49 - 2014-09-13 14:49 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 14:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-13 14:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-13 14:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-13 14:45 - 2014-09-13 14:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\toni\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-11 16:14 - 2014-09-11 16:14 - 662145534 _____ () C:\Windows\MEMORY.DMP
2014-09-11 16:14 - 2014-09-11 16:14 - 00279360 _____ () C:\Windows\Minidump\091114-20935-01.dmp
2014-09-11 16:14 - 2014-09-11 16:14 - 00000000 ____D () C:\Windows\Minidump
2014-09-11 15:54 - 2014-09-12 10:00 - 00070656 _____ () C:\Users\toni\Documents\XMASLIST2014.xls
2014-09-04 10:23 - 2014-09-04 10:23 - 00000000 ____D () C:\Users\toni\AppData\Local\GameAssistant
2014-09-02 11:39 - 2014-09-02 11:39 - 00004310 _____ () C:\Windows\default.xpb
2014-08-26 08:31 - 2014-09-13 13:56 - 00017358 _____ () C:\Windows\DCEBOOT.RST
2014-08-26 08:31 - 2014-09-13 13:56 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-08-25 10:17 - 2014-09-13 05:15 - 00022064 _____ () C:\Windows\DCEBoot64.exe
2014-08-22 12:22 - 2014-08-22 12:22 - 00012288 __RSH () C:\Users\toni\AppData\Roaming\{0000277F-214F-25E8-718B-0B56867226D1}.exe
2014-08-22 09:37 - 2014-08-25 10:17 - 00027136 _____ () C:\Users\toni\Documents\BuckeyeClubPigeonShoot18-27-14.xls
2014-08-21 11:53 - 2014-08-21 11:54 - 00010514 _____ () C:\Users\toni\Documents\0814BlairWaterGallonage.xlsx
2014-08-19 08:38 - 2014-08-19 10:20 - 00033280 _____ () C:\Users\toni\Documents\0814SCE2013and2014Invoices2.xls
2014-08-18 14:49 - 2014-08-18 15:15 - 00031744 _____ () C:\Users\toni\Documents\0814SCE2013and2014Invoices1.xls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 12:00 - 2014-09-15 12:00 - 00013096 _____ () C:\Users\toni\Downloads\FRST.txt
2014-09-15 12:00 - 2014-09-15 11:59 - 00000000 ____D () C:\FRST
2014-09-15 11:59 - 2014-09-15 11:59 - 02105856 _____ (Farbar) C:\Users\toni\Downloads\FRST64.exe
2014-09-15 11:54 - 2014-07-22 13:09 - 00000000 ____D () C:\Users\toni\Documents\HSRJulyDec13
2014-09-15 11:49 - 2012-12-04 11:41 - 01486543 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 11:26 - 2013-09-19 12:39 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 10:37 - 2013-04-05 14:28 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
2014-09-15 09:34 - 2014-09-13 14:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 09:01 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 09:01 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 08:55 - 2013-09-19 12:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 08:55 - 2012-12-04 12:10 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-15 08:55 - 2012-12-04 12:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-15 08:55 - 2012-12-04 11:57 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-15 08:54 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 08:54 - 2009-07-13 21:51 - 00058351 _____ () C:\Windows\setupact.log
2014-09-14 10:20 - 2014-09-14 10:20 - 00008108 _____ () C:\Users\toni\Documents\Attach.txt
2014-09-14 10:19 - 2014-09-14 10:19 - 00012181 _____ () C:\Users\toni\Documents\DDS.txt
2014-09-14 10:19 - 2014-09-14 10:19 - 00008108 _____ () C:\Users\toni\Desktop\attach.txt
2014-09-14 10:18 - 2014-09-14 10:19 - 00012181 _____ () C:\Users\toni\Desktop\dds.txt
2014-09-14 10:05 - 2014-09-14 10:05 - 00688992 ____R (Swearware) C:\Users\toni\Downloads\dds.com
2014-09-13 15:51 - 2010-11-20 20:47 - 00189654 _____ () C:\Windows\PFRO.log
2014-09-13 15:50 - 2014-09-13 15:36 - 00000000 ____D () C:\AdwCleaner
2014-09-13 15:36 - 2014-09-13 15:36 - 01373475 _____ () C:\Users\toni\Downloads\AdwCleaner.exe
2014-09-13 15:25 - 2014-09-13 15:25 - 00189384 _____ (Kaspersky Lab) C:\Users\toni\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6245.exe
2014-09-13 15:09 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media
2014-09-13 14:49 - 2014-09-13 14:49 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 14:48 - 2014-09-13 14:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\toni\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 13:56 - 2014-08-26 08:31 - 00017358 _____ () C:\Windows\DCEBOOT.RST
2014-09-13 13:56 - 2014-08-26 08:31 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-09-13 05:15 - 2014-08-25 10:17 - 00022064 _____ () C:\Windows\DCEBoot64.exe
2014-09-12 10:00 - 2014-09-11 15:54 - 00070656 _____ () C:\Users\toni\Documents\XMASLIST2014.xls
2014-09-12 09:33 - 2014-07-22 13:09 - 00030827 _____ () C:\Users\toni\Documents\CheckReg2014.xlsx
2014-09-11 16:14 - 2014-09-11 16:14 - 662145534 _____ () C:\Windows\MEMORY.DMP
2014-09-11 16:14 - 2014-09-11 16:14 - 00279360 _____ () C:\Windows\Minidump\091114-20935-01.dmp
2014-09-11 16:14 - 2014-09-11 16:14 - 00000000 ____D () C:\Windows\Minidump
2014-09-11 15:43 - 2014-07-22 13:09 - 00207872 _____ () C:\Users\toni\Documents\XMASLIST.XLS
2014-09-10 14:29 - 2013-09-19 12:41 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 10:51 - 2014-07-22 13:09 - 00000000 ____D () C:\Users\toni\Documents\HSRJulyDec12
2014-09-09 10:50 - 2014-07-22 13:09 - 00000000 ____D () C:\Users\toni\Documents\HSRJanJune12
2014-09-09 10:50 - 2014-07-22 13:09 - 00000000 ____D () C:\Users\toni\Documents\HSRJanJune10
2014-09-09 09:20 - 2014-07-22 13:09 - 00032768 _____ () C:\Users\toni\Documents\NFL Log 2014.xls
2014-09-08 14:16 - 2014-07-22 12:53 - 00000000 ____D () C:\Users\toni\AppData\Local\Google
2014-09-08 14:08 - 2014-07-22 13:10 - 00000000 ____D () C:\Users\toni\Documents\Toni
2014-09-04 10:23 - 2014-09-04 10:23 - 00000000 ____D () C:\Users\toni\AppData\Local\GameAssistant
2014-09-02 11:39 - 2014-09-02 11:39 - 00004310 _____ () C:\Windows\default.xpb
2014-08-27 08:34 - 2009-07-13 22:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-25 10:17 - 2014-08-22 09:37 - 00027136 _____ () C:\Users\toni\Documents\BuckeyeClubPigeonShoot18-27-14.xls
2014-08-22 12:22 - 2014-08-22 12:22 - 00012288 __RSH () C:\Users\toni\AppData\Roaming\{0000277F-214F-25E8-718B-0B56867226D1}.exe
2014-08-21 11:54 - 2014-08-21 11:53 - 00010514 _____ () C:\Users\toni\Documents\0814BlairWaterGallonage.xlsx
2014-08-21 08:36 - 2009-07-13 22:13 - 00824410 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 11:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-19 10:20 - 2014-08-19 08:38 - 00033280 _____ () C:\Users\toni\Documents\0814SCE2013and2014Invoices2.xls
2014-08-18 15:15 - 2014-08-18 14:49 - 00031744 _____ () C:\Users\toni\Documents\0814SCE2013and2014Invoices1.xls
 
Some content of TEMP:
====================
C:\Users\gthurman\AppData\Local\Temp\0hvhzxzz.dll
C:\Users\gthurman\AppData\Local\Temp\ose00000.exe
C:\Users\toni\AppData\Local\Temp\dvjanql.dll
C:\Users\toni\AppData\Local\Temp\dwegzxf.dll
C:\Users\toni\AppData\Local\Temp\jzvbqyq.dll
C:\Users\toni\AppData\Local\Temp\nbjpeuo.dll
C:\Users\toni\AppData\Local\Temp\Quarantine.exe
C:\Users\toni\AppData\Local\Temp\tufftrw.dll
C:\Users\toni\AppData\Local\Temp\womtmth.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-15 10:48
 
==================== End Of Log ============================
 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by toni at 2014-09-15 12:00:51
Running from C:\Users\toni\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.174 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2598 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 13.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 13.0.1 (x86 en-US)) (Version: 13.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{525A4A44-8940-40AD-ABA0-14501199D2F0}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{BD6B5D42-37A7-46A0-912C-E7578E1F03C5}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
18-06-2014 19:40:30 Scheduled Checkpoint
26-06-2014 16:32:06 Scheduled Checkpoint
07-07-2014 18:51:59 Scheduled Checkpoint
15-07-2014 19:22:34 Scheduled Checkpoint
23-07-2014 19:27:15 Scheduled Checkpoint
30-07-2014 19:35:36 Scheduled Checkpoint
12-08-2014 19:27:57 Scheduled Checkpoint
21-08-2014 19:34:30 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {49B9E8A5-451C-4F04-9BDF-B10EC6E9E117} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {E07A066E-71D2-43EE-985A-6649B948F661} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-05 16:47 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2013-04-05 16:47 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2012-12-04 13:13 - 2011-12-15 15:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-04 11:57 - 2012-01-26 20:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-09-08 14:16 - 2014-09-08 14:16 - 00326144 _____ () C:\Users\toni\AppData\Local\Google\onjitwmbynl.dll
2013-04-05 15:10 - 2013-04-05 15:10 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2134117ca053ce1825bac39b909a2946\IsdiInterop.ni.dll
2012-12-04 11:54 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-12-04 11:52 - 2011-12-16 11:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-10 14:29 - 2014-09-03 20:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-10 14:29 - 2014-09-03 20:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-10 14:29 - 2014-09-03 20:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-10 14:29 - 2014-09-03 20:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-10 14:29 - 2014-09-03 20:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-08 14:22 - 2014-09-08 14:22 - 00718152 _____ () C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\36.0.1985.143\libglesv2.dll
2014-09-08 14:22 - 2014-09-08 14:22 - 00126280 _____ () C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\36.0.1985.143\libegl.dll
2014-09-08 14:22 - 2014-09-08 14:22 - 08537928 _____ () C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\36.0.1985.143\pdf.dll
2014-09-08 14:22 - 2014-09-08 14:22 - 00353096 _____ () C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-09-08 14:22 - 2014-09-08 14:22 - 01732936 _____ () C:\Users\toni\AppData\LocalLow\CalculatorBeerware\dmhhnxp\omupeqc\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1506 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1506 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2014 09:45:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16576 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 690
 
Start Time: 01cfd1044525954e
 
Termination Time: 6
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (09/15/2014 08:56:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/14/2014 10:38:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_8_800_174.ocx, version: 11.8.800.174, time stamp: 0x5230c1da
Exception code: 0xc0000005
Fault offset: 0x00000000000836a1
Faulting process id: 0x17e4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/14/2014 10:16:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 10.0.9200.16576, time stamp: 0x515e3795
Exception code: 0xc0000005
Fault offset: 0x0000000000056c6f
Faulting process id: 0x1258
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/14/2014 09:54:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2014 03:53:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2014 03:45:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2014 03:11:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2014 02:44:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14d8
 
Start Time: 01cfcf98aeff21c5
 
Termination Time: 28
 
Application Path: C:\Windows\system32\rundll32.exe
 
Report Id:
 
Error: (09/13/2014 02:42:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1e8c
 
Start Time: 01cfcf98aeff21c5
 
Termination Time: 2
 
Application Path: C:\Windows\system32\rundll32.exe
 
Report Id:
 
 
System errors:
=============
Error: (09/15/2014 08:56:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/14/2014 09:54:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/14/2014 09:53:06 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user RINKEROFFICE\toni (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
 
Error: (09/13/2014 03:53:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/13/2014 03:50:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (09/13/2014 03:46:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/13/2014 03:43:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (09/13/2014 03:39:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/13/2014 03:11:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/13/2014 03:09:42 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain RINKEROFFICE due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office Sessions:
=========================
Error: (08/14/2014 10:16:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4021 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error: (12/05/2013 04:25:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4293 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error: (10/08/2013 03:03:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16772 seconds with 2520 seconds of active time.  This session ended with a crash.
 
Error: (07/24/2013 09:06:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 59 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 45%
Total physical RAM: 6015.55 MB
Available physical RAM: 3301.13 MB
Total Pagefile: 12029.28 MB
Available Pagefile: 8865.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:912.9 GB) (Free:858.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 0B0ECE72)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=912.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 15 September 2014 - 02:29 PM

Ok, please do the following steps:


Step 1

Please download this attached Attached File  fixlist.txt   871bytes   11 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 Yvetzky

Yvetzky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 15 September 2014 - 03:30 PM

Hi Aharanov, 

 

Logs as follows:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by toni at 2014-09-15 12:40:04 Run:1
Running from C:\FARBAR
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
C:\Users\toni\AppData\LocalLow\CalculatorBeerware
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKU\S-1-5-21-4137540349-854692904-3098068916-3155\...\Run: [.tluafed** <*>] => C:\Users\toni\Application Data\{0000277F-214F-25E8-718B-0B56867226D1}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-4137540349-854692904-3098068916-3155\...\Run: [onjitwmbynl] => rundll32.exe "C:\Users\toni\AppData\Local\Google\onjitwmbynl.dll",DllRegisterServer <===== ATTENTION
C:\Users\toni\AppData\Local\Google\onjitwmbynl.dll
2014-08-22 12:22 - 2014-08-22 12:22 - 00012288 __RSH () C:\Users\toni\AppData\Roaming\{0000277F-214F-25E8-718B-0B56867226D1}.exe
2014-09-04 10:23 - 2014-09-04 10:23 - 00000000 ____D () C:\Users\toni\AppData\Local\GameAssistant
EmptyTemp:
*****************
 
Processes closed successfully.
C:\Users\toni\AppData\LocalLow\CalculatorBeerware => Moved successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-4137540349-854692904-3098068916-3155\Software\Microsoft\Windows\CurrentVersion\Run\\.tluafed** <*> => Value Deleted Successfully.
HKU\S-1-5-21-4137540349-854692904-3098068916-3155\Software\Microsoft\Windows\CurrentVersion\Run\\onjitwmbynl => value deleted successfully.
C:\Users\toni\AppData\Local\Google\onjitwmbynl.dll => Moved successfully.
C:\Users\toni\AppData\Roaming\{0000277F-214F-25E8-718B-0B56867226D1}.exe => Moved successfully.
C:\Users\toni\AppData\Local\GameAssistant => Moved successfully.
 
ESET:
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bfef20843bdc80469a09be8fa5b4a5c8
# engine=20166
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-15 08:24:41
# local_time=2014-09-15 01:24:41 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 162356131 0 0
# scanned=163078
# found=4
# cleaned=0
# scan_time=1478
sh=646596265C3CF838F835051710D9270805E2B198 ft=1 fh=0db04fdc11339c0b vn="Win32/TrojanDownloader.Tracur.AL trojan" ac=I fn="C:\FRST\Quarantine\C\Users\toni\AppData\Local\Google\onjitwmbynl.dll.xBAD"
sh=78D39055963B638142A26F6A1CA0858557F1553D ft=1 fh=22097666a78966a3 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=E51D31466DA5738E4D029C788B93EF7D428648A3 ft=1 fh=5cf3f026d273c9eb vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=646596265C3CF838F835051710D9270805E2B198 ft=1 fh=0db04fdc11339c0b vn="Win32/TrojanDownloader.Tracur.AL trojan" ac=I fn="C:\Users\toni\AppData\Local\Temp\jzvbqyq.dll"
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by toni (administrator) on GEORGIANNA-PC-3 on 15-09-2014 13:28:23
Running from C:\FARBAR
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DBA1B9DF8A5CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {DB6E179D-B502-4A96-B726-F9C5267C6861} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS
SearchScopes: HKLM-x32 - {DB6E179D-B502-4A96-B726-F9C5267C6861} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS
SearchScopes: HKCU - DefaultScope {DB6E179D-B502-4A96-B726-F9C5267C6861} URL = 
SearchScopes: HKCU - {DB6E179D-B502-4A96-B726-F9C5267C6861} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1016\TmIEPlg.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1016\TmIEPlg32.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1016\TmIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1016\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.200
Tcpip\..\Interfaces\{7F4EE9D5-C845-489F-80FB-549C2495068B}: [NameServer] 192.168.0.200
Tcpip\..\Interfaces\{FBF88D72-A633-4780-8349-7ECE9A2F262B}: [NameServer] 192.168.0.200
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1016\FirefoxExtension
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> DA0B94AC5008B21EA0574B724675262C4F8E16A4836A6CD3922B31EE294DBCF1
CHR DefaultSearchProvider: Default -> E2D3EBE0E603AD0D1B275950C41272B3BE69C95B6AD93B4D2E9C10C1DD373962
CHR DefaultSearchURL: Default -> 123A8576628BE61DB3C109F2F207F3A452874BB0BD72C3929D51CE84E6336187
CHR Profile: C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-22]
CHR Extension: (Google Drive) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-22]
CHR Extension: (YouTube) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-22]
CHR Extension: (Google Search) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
CHR Extension: (Gmail) - C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-09] (Dell Products, LP.) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 12:55 - 2014-09-15 12:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-15 12:53 - 2014-09-15 12:54 - 02347384 _____ (ESET) C:\Users\toni\Downloads\esetsmartinstaller_enu.exe
2014-09-15 12:39 - 2014-09-15 13:28 - 00000000 ____D () C:\FARBAR
2014-09-15 12:38 - 2014-09-15 12:38 - 00000871 _____ () C:\Users\toni\Downloads\fixlist.txt
2014-09-15 12:00 - 2014-09-15 12:01 - 00029586 _____ () C:\Users\toni\Downloads\Addition.txt
2014-09-15 12:00 - 2014-09-15 12:01 - 00024125 _____ () C:\Users\toni\Downloads\FRST.txt
2014-09-15 11:59 - 2014-09-15 13:28 - 00000000 ____D () C:\FRST
2014-09-15 11:59 - 2014-09-15 11:59 - 02105856 _____ (Farbar) C:\Users\toni\Downloads\FRST64.exe
2014-09-14 10:20 - 2014-09-14 10:20 - 00008108 _____ () C:\Users\toni\Documents\Attach.txt
2014-09-14 10:19 - 2014-09-14 10:19 - 00012181 _____ () C:\Users\toni\Documents\DDS.txt
2014-09-14 10:19 - 2014-09-14 10:19 - 00008108 _____ () C:\Users\toni\Desktop\attach.txt
2014-09-14 10:19 - 2014-09-14 10:18 - 00012181 _____ () C:\Users\toni\Desktop\dds.txt
2014-09-14 10:05 - 2014-09-14 10:05 - 00688992 ____R (Swearware) C:\Users\toni\Downloads\dds.com
2014-09-13 15:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-13 15:36 - 2014-09-13 15:50 - 00000000 ____D () C:\AdwCleaner
2014-09-13 15:36 - 2014-09-13 15:36 - 01373475 _____ () C:\Users\toni\Downloads\AdwCleaner.exe
2014-09-13 15:25 - 2014-09-13 15:25 - 00189384 _____ (Kaspersky Lab) C:\Users\toni\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6245.exe
2014-09-13 14:50 - 2014-09-15 13:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 14:49 - 2014-09-13 14:49 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 14:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-13 14:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-13 14:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-13 14:45 - 2014-09-13 14:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\toni\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-11 16:14 - 2014-09-11 16:14 - 662145534 _____ () C:\Windows\MEMORY.DMP
2014-09-11 16:14 - 2014-09-11 16:14 - 00279360 _____ () C:\Windows\Minidump\091114-20935-01.dmp
2014-09-11 16:14 - 2014-09-11 16:14 - 00000000 ____D () C:\Windows\Minidump
2014-09-11 15:54 - 2014-09-12 10:00 - 00070656 _____ () C:\Users\toni\Documents\XMASLIST2014.xls
2014-09-02 11:39 - 2014-09-02 11:39 - 00004310 _____ () C:\Windows\default.xpb
2014-08-26 08:31 - 2014-09-13 13:56 - 00017358 _____ () C:\Windows\DCEBOOT.RST
2014-08-26 08:31 - 2014-09-13 13:56 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-08-25 10:17 - 2014-09-13 05:15 - 00022064 _____ () C:\Windows\DCEBoot64.exe
2014-08-22 09:37 - 2014-08-25 10:17 - 00027136 _____ () C:\Users\toni\Documents\BuckeyeClubPigeonShoot18-27-14.xls
2014-08-21 11:53 - 2014-08-21 11:54 - 00010514 _____ () C:\Users\toni\Documents\0814BlairWaterGallonage.xlsx
2014-08-19 08:38 - 2014-08-19 10:20 - 00033280 _____ () C:\Users\toni\Documents\0814SCE2013and2014Invoices2.xls
2014-08-18 14:49 - 2014-08-18 15:15 - 00031744 _____ () C:\Users\toni\Documents\0814SCE2013and2014Invoices1.xls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 13:28 - 2014-09-15 12:39 - 00000000 ____D () C:\FARBAR
2014-09-15 13:28 - 2014-09-15 11:59 - 00000000 ____D () C:\FRST
2014-09-15 13:27 - 2014-09-13 14:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 13:26 - 2013-09-19 12:39 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 12:55 - 2014-09-15 12:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-15 12:54 - 2014-09-15 12:53 - 02347384 _____ (ESET) C:\Users\toni\Downloads\esetsmartinstaller_enu.exe
2014-09-15 12:41 - 2012-12-04 11:41 - 01495072 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 12:40 - 2014-07-22 12:53 - 00000000 ____D () C:\Users\toni\AppData\Local\Google
2014-09-15 12:38 - 2014-09-15 12:38 - 00000871 _____ () C:\Users\toni\Downloads\fixlist.txt
2014-09-15 12:34 - 2013-04-05 14:28 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
2014-09-15 12:20 - 2009-07-13 22:13 - 00824198 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 12:18 - 2009-07-13 21:51 - 00059145 _____ () C:\Windows\setupact.log
2014-09-15 12:14 - 2014-07-22 13:09 - 00000000 ____D () C:\Users\toni\Documents\HSRJulyDec13
2014-09-15 12:01 - 2014-09-15 12:00 - 00029586 _____ () C:\Users\toni\Downloads\Addition.txt
2014-09-15 12:01 - 2014-09-15 12:00 - 00024125 _____ () C:\Users\toni\Downloads\FRST.txt
2014-09-15 11:59 - 2014-09-15 11:59 - 02105856 _____ (Farbar) C:\Users\toni\Downloads\FRST64.exe
2014-09-15 09:01 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 09:01 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 08:55 - 2013-09-19 12:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 08:55 - 2012-12-04 12:10 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-15 08:55 - 2012-12-04 12:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-15 08:55 - 2012-12-04 11:57 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-15 08:54 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 10:20 - 2014-09-14 10:20 - 00008108 _____ () C:\Users\toni\Documents\Attach.txt
2014-09-14 10:19 - 2014-09-14 10:19 - 00012181 _____ () C:\Users\toni\Documents\DDS.txt
2014-09-14 10:19 - 2014-09-14 10:19 - 00008108 _____ () C:\Users\toni\Desktop\attach.txt
2014-09-14 10:18 - 2014-09-14 10:19 - 00012181 _____ () C:\Users\toni\Desktop\dds.txt
2014-09-14 10:05 - 2014-09-14 10:05 - 00688992 ____R (Swearware) C:\Users\toni\Downloads\dds.com
2014-09-13 15:51 - 2010-11-20 20:47 - 00189654 _____ () C:\Windows\PFRO.log
2014-09-13 15:50 - 2014-09-13 15:36 - 00000000 ____D () C:\AdwCleaner
2014-09-13 15:36 - 2014-09-13 15:36 - 01373475 _____ () C:\Users\toni\Downloads\AdwCleaner.exe
2014-09-13 15:25 - 2014-09-13 15:25 - 00189384 _____ (Kaspersky Lab) C:\Users\toni\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6245.exe
2014-09-13 15:09 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media
2014-09-13 14:49 - 2014-09-13 14:49 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 14:49 - 2014-09-13 14:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 14:48 - 2014-09-13 14:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\toni\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 13:56 - 2014-08-26 08:31 - 00017358 _____ () C:\Windows\DCEBOOT.RST
2014-09-13 13:56 - 2014-08-26 08:31 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-09-13 05:15 - 2014-08-25 10:17 - 00022064 _____ () C:\Windows\DCEBoot64.exe
2014-09-12 10:00 - 2014-09-11 15:54 - 00070656 _____ () C:\Users\toni\Documents\XMASLIST2014.xls
2014-09-12 09:33 - 2014-07-22 13:09 - 00030827 _____ () C:\Users\toni\Documents\CheckReg2014.xlsx
2014-09-11 16:14 - 2014-09-11 16:14 - 662145534 _____ () C:\Windows\MEMORY.DMP
2014-09-11 16:14 - 2014-09-11 16:14 - 00279360 _____ () C:\Windows\Minidump\091114-20935-01.dmp
2014-09-11 16:14 - 2014-09-11 16:14 - 00000000 ____D () C:\Windows\Minidump
2014-09-11 15:43 - 2014-07-22 13:09 - 00207872 _____ () C:\Users\toni\Documents\XMASLIST.XLS
2014-09-10 14:29 - 2013-09-19 12:41 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 10:51 - 2014-07-22 13:09 - 00000000 ____D () C:\Users\toni\Documents\HSRJulyDec12
2014-09-09 10:50 - 2014-07-22 13:09 - 00000000 ____D () C:\Users\toni\Documents\HSRJanJune12
2014-09-09 10:50 - 2014-07-22 13:09 - 00000000 ____D () C:\Users\toni\Documents\HSRJanJune10
2014-09-09 09:20 - 2014-07-22 13:09 - 00032768 _____ () C:\Users\toni\Documents\NFL Log 2014.xls
2014-09-08 14:08 - 2014-07-22 13:10 - 00000000 ____D () C:\Users\toni\Documents\Toni
2014-09-02 11:39 - 2014-09-02 11:39 - 00004310 _____ () C:\Windows\default.xpb
2014-08-27 08:34 - 2009-07-13 22:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-25 10:17 - 2014-08-22 09:37 - 00027136 _____ () C:\Users\toni\Documents\BuckeyeClubPigeonShoot18-27-14.xls
2014-08-21 11:54 - 2014-08-21 11:53 - 00010514 _____ () C:\Users\toni\Documents\0814BlairWaterGallonage.xlsx
2014-08-19 11:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-19 10:20 - 2014-08-19 08:38 - 00033280 _____ () C:\Users\toni\Documents\0814SCE2013and2014Invoices2.xls
2014-08-18 15:15 - 2014-08-18 14:49 - 00031744 _____ () C:\Users\toni\Documents\0814SCE2013and2014Invoices1.xls
 
Some content of TEMP:
====================
C:\Users\toni\AppData\Local\Temp\dvjanql.dll
C:\Users\toni\AppData\Local\Temp\dwegzxf.dll
C:\Users\toni\AppData\Local\Temp\jzvbqyq.dll
C:\Users\toni\AppData\Local\Temp\nbjpeuo.dll
C:\Users\toni\AppData\Local\Temp\Quarantine.exe
C:\Users\toni\AppData\Local\Temp\tufftrw.dll
C:\Users\toni\AppData\Local\Temp\womtmth.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-15 10:48
 
==================== End Of Log ============================


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 15 September 2014 - 03:49 PM

It looks good.


Please download this attached Attached File  fixlist.txt   38bytes   6 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I don't need the log.



That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.11) MUI
Mozilla Firefox 13.0.1 (x86 en-US)
Internet Explorer Version 10




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#9 Yvetzky

Yvetzky
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 15 September 2014 - 06:48 PM

Thanks Aharonov for all your help!

 

We've made a donation for you!



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 15 September 2014 - 08:20 PM

Thank you very much for your donation!
All the best.

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 15 September 2014 - 08:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users