Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java hack? -- Unable to install programs, unusual bandwidth activity, etc.


  • Please log in to reply
23 replies to this topic

#1 NotGonnaTakeIt

NotGonnaTakeIt

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 14 October 2014 - 04:11 PM

I am experiencing unusual activity on my desktop computer, (Windows Vista Home Premium, Service Pack 2)

 

  • UNABLE TO UPLOAD DOCUMENTS FROM MY COMPUTER TO THE INTERNET---[I used caps because this means that I can't actually attach the requested attach.txt file generated by DDS]
  • Some programs won't install.  [eg., Mozilla Thunderbird, or TeamViewer_setup_en.exe (attempt made via a trusted third party who hosts the server of a website I'm building)].  An error is generated in a pop-up window: "Run as:   You may not have the necessary permissions to use all the features of the program you are about to run.  You may run this program as a different user or continue to run the program as the current user.  [radio buttons to select another user, with an area for a user name and password]"---however, I *am* an administrator---and no password is required to enter my user account.
  • My initial run of HijackThis generated the following message: "For some reason your system denied write access to the Hosts file.  If any hijacked domains are in this file, HijackThis may NOT be able to fix this."  [followed by more detailed instructions.]
  • A sudden spike in unusual bandwidth usage: [we run off of 10 GB/month, which has always been more than enough---we don't download videos or large files---and suddenly that is being eaten away so quickly (60 MB/hour, give or take)---that we won't have nearly enough bandwidth for the month.  Our usual online activity is such that we have 2 computers actively connected to the internet 24/7, and still have plenty of bandwidth at the end of the month; currently, we are having to completely disable *any* internet connectivity because background behaviors on the computer are eating bandwidth.]
  • A *known* infection on a computer on the same LAN (possibly resolved)
  • Inability --on firefox-- to log into a remote server's C-Panel (despite *knowing* via phone conversation with the server's owner that there is nothing wrong on the server end)

 

These things combined make me very concerned that I have an infection deep inside my computer.

 

In response I:

  • Installed and ran AdwCleaner
  • Installed and ran Malwarebytes
  • Installed and ran Panda Free
  • Am disabling internet connection with this computer while I am not directly using the internet.
  • Have tried to find a specific "obvious" cause or name for the given infection, but have been unable to do it.

Problems have not been resolved.

 

So I have run HijackThis, as well as the DDS program recommended on this site:

 

 

HijackThis log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:59:13 PM, on 10/14/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16575)

FIREFOX: 32.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\IrfanView\i_view32.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Jess\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
O4 - HKLM\..\Run: [KBD] "C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go"

UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector"

UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)

\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
O4 - HKLM\..\Run: [BrStsMon01] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
O4 - HKLM\..\Run: [BrStsMon02] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [OsdMaestro] "c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64

\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Free Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media

Player\wmpnetwk.exe (file missing)

--
End of file - 10447 bytes
 

 

 

DDS.txt file

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16575  BrowserJavaVersion: 10.67.2
Run by Jess at 15:48:51 on 2014-10-14
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.7038.4167 [GMT -4:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Free Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\conime.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\rstrui.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Users\Jess\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [KBD] "C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE"
mRun: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
mRun: [BrStsMon01] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
mRun: [BrStsMon02] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mRun: [OsdMaestro] "c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe"
mRun: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
StartupFolder: C:\Users\Jess\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:24
IE: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2278CD0B-8C0E-4BC0-ACC4-107DE22A8C6C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{812F64B3-F106-4CDD-B8EF-54D0EB7FA5A6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A921595D-D237-4840-92DA-2EE747B9FE21} : DHCPNameServer = 204.89.253.2 204.89.253.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
x64-Run: [NvCplDaemon] "C:\Windows\System32\RUNDLL32.EXE" C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NvMediaCenter] "C:\Windows\System32\RUNDLL32.EXE" C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
x64-Run: [SmartMenu] "C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe"
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:24
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\x12ja6vt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.craftster.org/forum/index.php?topic=314569.0|http://www.okcupid.com/mailbox|http://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=273c9mojr0ajh|http://www.ldslinkup.com/members/main.asp?rmc=1
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 03:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 NNSALPC;NNSAlpc;C:\Windows\System32\drivers\NNSAlpc.sys [2014-6-4 96800]
R1 NNSHTTP;NNSHttp;C:\Windows\System32\drivers\NNSHttp.sys [2014-6-18 162336]
R1 NNSHTTPS;NNSHttps;C:\Windows\System32\drivers\NNSHttps.sys [2014-6-4 112160]
R1 NNSIDS;NNSids;C:\Windows\System32\drivers\NNSIds.sys [2014-6-4 115232]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2014-1-16 46336]
R1 NNSPICC;NNSPicc;C:\Windows\System32\drivers\NNSpicc.sys [2014-6-4 95776]
R1 NNSPIHSW;NNSPihsw;C:\Windows\System32\drivers\NNSPihsw.sys [2014-6-4 70176]
R1 NNSPOP3;NNSPop3;C:\Windows\System32\drivers\NNSPop3.sys [2014-6-4 125984]
R1 NNSPROT;NNSProt;C:\Windows\System32\drivers\NNSProt.sys [2014-6-4 306720]
R1 NNSPRV;NNSPrv;C:\Windows\System32\drivers\NNSPrv.sys [2014-6-4 169504]
R1 NNSSMTP;NNSSmtp;C:\Windows\System32\drivers\NNSSmtp.sys [2014-6-4 115744]
R1 NNSSTRM;NNSStrm;C:\Windows\System32\drivers\NNSStrm.sys [2014-6-4 261152]
R1 NNSTLSC;NNSTlsc;C:\Windows\System32\drivers\NNStlsc.sys [2014-6-4 109088]
R1 PSINKNC;PSINKnc;C:\Windows\System32\drivers\PSINKNC.sys [2014-7-24 195616]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 NanoServiceMain;Panda Free Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2014-7-24 141560]
R2 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2013-2-28 36600]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-7-23 61688]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2014-7-24 160800]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2014-7-24 120352]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2014-7-24 122400]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2014-7-24 132128]
R2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2014-7-24 106016]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2014-7-24 38136]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2009-3-25 3580712]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-3-1 245760]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-5-24 626176]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-10-13 60400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-15 90776]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-10-13 15:32:59    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-12 17:05:04    1942    --sha-w-    C:\Windows\SysWow64\KGyGaAvL.sys
2014-09-23 20:42:16    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 20:42:16    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-15 13:06:02    278152    ------w-    C:\Windows\System32\MpSigStub.exe
2014-09-10 07:00:39    101694776    ----a-w-    C:\Windows\System32\mrt.exe
2014-09-09 06:40:37    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 06:24:46    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-08-23 01:05:12    304128    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:42:45    390144    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-22 23:38:23    2782208    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-15 15:48:56    17868288    ----a-w-    C:\Windows\System32\mshtml.dll
2014-08-15 15:36:31    10920960    ----a-w-    C:\Windows\System32\ieframe.dll
2014-08-15 15:35:56    2339328    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-15 15:31:44    1384960    ----a-w-    C:\Windows\System32\urlmon.dll
2014-08-15 15:31:16    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-15 15:30:08    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-15 15:30:06    816640    ----a-w-    C:\Windows\System32\jscript.dll
2014-08-15 15:30:00    1494016    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-15 15:29:52    237056    ----a-w-    C:\Windows\System32\url.dll
2014-08-15 15:29:49    2156032    ----a-w-    C:\Windows\System32\iertutil.dll
2014-08-15 15:29:45    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-08-15 15:29:33    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-15 15:29:25    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-08-15 15:29:14    453120    ----a-w-    C:\Windows\System32\dxtmsft.dll
2014-08-15 15:29:08    282112    ----a-w-    C:\Windows\System32\dxtrans.dll
2014-08-15 15:29:03    55296    ----a-w-    C:\Windows\System32\msfeedsbs.dll
2014-08-15 15:29:01    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-08-15 15:28:56    11264    ----a-w-    C:\Windows\System32\msfeedssync.exe
2014-08-15 15:28:53    248320    ----a-w-    C:\Windows\System32\ieui.dll
2014-08-15 15:28:50    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-15 15:28:47    12800    ----a-w-    C:\Windows\System32\mshta.exe
2014-08-15 14:51:34    12363264    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-08-15 14:42:27    1810432    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-15 14:42:11    9739776    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-08-15 14:37:24    1137664    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-08-15 14:37:03    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-15 14:36:30    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-15 14:35:56    1802240    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-08-15 14:35:47    421376    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-15 14:35:46    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2014-08-15 14:35:41    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-08-15 14:35:35    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2014-08-15 14:35:34    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-15 14:35:21    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-08-15 14:35:14    223232    ----a-w-    C:\Windows\SysWow64\dxtrans.dll
2014-08-15 14:35:13    353792    ----a-w-    C:\Windows\SysWow64\dxtmsft.dll
2014-08-15 14:35:07    41472    ----a-w-    C:\Windows\SysWow64\msfeedsbs.dll
2014-08-15 14:34:55    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-08-15 14:34:53    10752    ----a-w-    C:\Windows\SysWow64\msfeedssync.exe
2014-08-15 14:34:49    11776    ----a-w-    C:\Windows\SysWow64\mshta.exe
2014-08-15 14:34:48    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-08-15 14:34:47    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-25 16:55:09    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 16:49:57    272808    ----a-w-    C:\Windows\SysWow64\javaws.exe
2014-07-25 16:49:52    175528    ----a-w-    C:\Windows\SysWow64\javaw.exe
2014-07-25 16:49:19    175528    ----a-w-    C:\Windows\SysWow64\java.exe
2014-07-25 06:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 18:24:04    132128    ----a-w-    C:\Windows\System32\drivers\PSINProt.sys
2014-07-24 18:24:04    106016    ----a-w-    C:\Windows\System32\drivers\PSINReg.sys
2014-07-24 18:24:03    195616    ----a-w-    C:\Windows\System32\drivers\PSINKNC.sys
2014-07-24 18:24:03    122400    ----a-w-    C:\Windows\System32\drivers\PSINProc.sys
2014-07-24 18:24:03    120352    ----a-w-    C:\Windows\System32\drivers\PSINFile.sys
2014-07-24 18:24:02    160800    ----a-w-    C:\Windows\System32\drivers\PSINAflt.sys
.
============= FINISH: 15:49:41.20 ===============
 

 

 

NOTE:  I am unable to upload attach.txt    This is part of the problem my computer is currently experiencing.

 

I am not planning to run any more malware removal, etc., until I get a response to this post, as per request---so that the system stays the same.

 

Thanks!


Edited by NotGonnaTakeIt, 14 October 2014 - 04:30 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 19 October 2014 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 19 October 2014 - 11:11 PM

Thank you for your help and service!  I am going to download the program tonight, and tomorrow post about the results.



#4 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 October 2014 - 08:10 AM

I tried to run that program (FRST64.exe--downloaded from bleepingcomputer via your message above) this morning.  I double-clicked the icon on my desktop and a quick message appeared and disappeared that said something like, "You don't have sufficient privileges to access this" and then the icon completely disappeared.  Almost simultaneously a pop-up appeared from the bottom right of my desktop on the start bar near my "panda free antivirus" icon that said, "One virus neutralized"---and then the pop-up disappeared.  In checking my panda-free antivirus---I can see that Panda has taken the file and quarantened it "suspicious file neutralized" it says.

 

Why would panda be responding this way?  I'm assuming Panda Free Antivirus is legit, as is your file.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 20 October 2014 - 08:18 AM

In checking my panda-free antivirus---I can see that Panda has taken the file and quarantened it "suspicious file neutralized" it says.

Why would panda be responding this way? I'm assuming Panda Free Antivirus is legit, as is your file.


De-quarantine the file. It's good.

#6 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 October 2014 - 08:38 AM

I am running the scan now.

 

1.  Do I need to plug in all of my thumb flash drives during this scanning, etc. process?

2.  If I plug in an external drive/flash drive in the gaps between scans, etc, does it mess up this process?

 

 

Here are the results of the scan:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
Ran by Jess (administrator) on ARBORVITAE--PC on 20-10-2014 09:24:59
Running from C:\Users\Jess\Downloads
Loaded Profile: Jess (Available profiles: Arborvitae & Jess)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Farbar) C:\Users\Jess\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [84576 2013-07-23] (Nullsoft, Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE [83568 2007-01-03] (Corel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon01] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon02] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.)
HKLM-x32\...\Run: [OsdMaestro] => c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-08-07] (alch)
HKU\S-1-5-21-776447029-958987439-96121110-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)
HKU\S-1-5-21-776447029-958987439-96121110-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-776447029-958987439-96121110-1002\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9F97BCFC-B369-48A7-92BB-15F2883FFF4E} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {9F97BCFC-B369-48A7-92BB-15F2883FFF4E} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\x12ja6vt.default
FF Homepage: hxxp://www.craftster.org/forum/index.php?topic=314569.0|hxxp://www.okcupid.com/mailbox|hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=273c9mojr0ajh|hxxp://www.ldslinkup.com/members/main.asp?rmc=1
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\x12ja6vt.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-24]
FF Extension: Firebug - C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\x12ja6vt.default\Extensions\firebug@software.joehewitt.com.xpi [2014-10-17]
FF Extension: Pin It Button - C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\x12ja6vt.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-02]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed]
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [3580712 2008-10-30] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-07-21] (NVIDIA Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2006-10-02] (Padus, Inc.) [File not signed]
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-07-24] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120352 2014-07-24] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-07-24] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [0 2011-05-05] () [File not signed]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 09:24 - 2014-10-20 09:25 - 00018269 _____ () C:\Users\Jess\Downloads\FRST.txt
2014-10-20 09:23 - 2014-10-20 09:25 - 00000000 ____D () C:\FRST
2014-10-20 09:22 - 2014-10-20 09:23 - 02111488 _____ (Farbar) C:\Users\Jess\Downloads\FRST64(1).exe
2014-10-20 09:22 - 2014-10-20 09:22 - 02112512 _____ (Farbar) C:\Users\Jess\Desktop\FRST64.exe
2014-10-20 08:30 - 2014-03-25 09:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-10-20 00:03 - 2014-10-20 00:03 - 02112512 _____ (Farbar) C:\Users\Jess\Downloads\FRST64.exe
2014-10-19 18:00 - 2014-10-19 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-19 16:42 - 2014-10-19 16:42 - 00001858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-10-19 16:42 - 2014-10-19 16:42 - 00001846 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-10-19 16:42 - 2014-10-19 16:42 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\Thunderbird
2014-10-19 16:42 - 2014-10-19 16:42 - 00000000 ____D () C:\Users\Jess\AppData\Local\Thunderbird
2014-10-18 21:47 - 2014-10-18 22:14 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\FileZilla
2014-10-18 21:47 - 2014-10-18 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-10-18 21:46 - 2014-10-18 21:47 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-10-18 21:45 - 2014-10-18 21:46 - 06057862 _____ (Tim Kosse) C:\Users\Jess\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-10-17 03:08 - 2014-09-27 19:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 03:08 - 2014-09-17 02:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 03:08 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 03:03 - 2014-06-15 18:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 03:03 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 03:03 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 03:03 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 03:03 - 2014-06-13 13:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 03:03 - 2014-06-13 13:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 03:02 - 2014-09-04 19:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 08:00 - 2014-09-19 20:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 08:00 - 2014-09-19 19:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 08:00 - 2014-09-19 19:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 08:00 - 2014-09-19 19:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 08:00 - 2014-09-19 19:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 08:00 - 2014-09-19 19:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 08:00 - 2014-09-19 19:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-16 08:00 - 2014-09-19 19:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 08:00 - 2014-09-19 19:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 08:00 - 2014-09-19 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 08:00 - 2014-09-19 19:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 08:00 - 2014-09-19 19:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 08:00 - 2014-09-19 19:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 08:00 - 2014-09-19 19:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 08:00 - 2014-09-19 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 08:00 - 2014-09-19 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 08:00 - 2014-09-19 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 08:00 - 2014-09-19 19:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-16 08:00 - 2014-09-19 19:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-16 08:00 - 2014-09-19 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 08:00 - 2014-09-19 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-16 08:00 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 08:00 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 08:00 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 08:00 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 08:00 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 08:00 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 08:00 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-16 08:00 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 08:00 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 08:00 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 08:00 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-16 08:00 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 08:00 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 08:00 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-16 08:00 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 08:00 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 08:00 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 08:00 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 08:00 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-16 08:00 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-16 08:00 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 16:59 - 2014-10-14 16:59 - 00010449 _____ () C:\Users\Jess\Desktop\2014, 10-04--hijackthis.log
2014-10-14 15:49 - 2014-10-14 15:52 - 00013050 _____ () C:\Users\Jess\Desktop\attach.txt
2014-10-14 15:49 - 2014-10-14 15:51 - 00019284 _____ () C:\Users\Jess\Desktop\dds.txt
2014-10-14 15:47 - 2014-10-14 15:47 - 00688992 ____R (Swearware) C:\Users\Jess\Downloads\dds.com
2014-10-14 13:12 - 2014-10-14 13:12 - 06588560 _____ (TeamViewer GmbH) C:\Users\Jess\Downloads\TeamViewer_Setup_en.exe
2014-10-14 13:10 - 2014-10-14 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-13 23:48 - 2014-10-14 16:59 - 00010449 _____ () C:\Users\Jess\Desktop\hijackthis.log
2014-10-13 12:09 - 2014-10-13 12:09 - 00010250 _____ () C:\Users\Jess\Downloads\hijackthis.log
2014-10-13 12:08 - 2014-10-13 12:08 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jess\Desktop\HijackThis.exe
2014-10-13 11:53 - 2014-10-13 12:38 - 00000000 ____D () C:\AdwCleaner
2014-10-13 11:51 - 2014-10-13 11:51 - 01976320 _____ () C:\Users\Jess\Desktop\AdwCleaner.exe
2014-10-13 09:35 - 2014-10-13 09:36 - 26478984 _____ (Mozilla) C:\Users\Jess\Downloads\Thunderbird Setup 31.1.2.exe
2014-10-13 09:12 - 2014-10-13 09:24 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\.clamwin
2014-10-13 09:12 - 2014-10-13 09:12 - 00000954 _____ () C:\Users\Public\Desktop\ClamWin Antivirus.lnk
2014-10-13 09:12 - 2014-10-13 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2014-10-13 09:12 - 2014-10-13 09:12 - 00000000 ____D () C:\ProgramData\.clamwin
2014-10-13 09:12 - 2014-10-13 09:12 - 00000000 ____D () C:\Program Files (x86)\ClamWin
2014-10-12 18:09 - 2014-10-12 18:11 - 101262137 _____ (alch ) C:\Users\Jess\Downloads\clamwin-0.98.4.1-setup.exe
2014-10-12 14:16 - 2014-10-12 14:16 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\Wireshark
2014-10-12 09:05 - 2014-10-12 09:05 - 00000000 ____D () C:\Users\Jess\Documents\WiresharkTroubleshooting
2014-10-12 00:47 - 2014-10-12 00:48 - 00000000 ____D () C:\Program Files\Wireshark
2014-10-12 00:47 - 2014-10-12 00:47 - 00001780 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-10-12 00:47 - 2014-10-12 00:47 - 00001489 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-10-12 00:47 - 2014-10-12 00:47 - 00001477 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2014-10-12 00:47 - 2014-10-12 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-10-12 00:47 - 2014-10-12 00:47 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-10-12 00:44 - 2014-10-12 00:45 - 35534616 _____ (Wireshark development team) C:\Users\Jess\Downloads\Wireshark-win64-1.12.1.exe
2014-10-09 13:15 - 2014-10-14 17:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 13:15 - 2014-10-09 13:15 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-09 13:15 - 2014-10-09 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-09 13:14 - 2014-10-09 13:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-09 13:14 - 2014-10-09 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jess\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-09 13:14 - 2014-10-09 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 13:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-09 13:14 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-09 13:14 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 08:55 - 2014-10-09 08:56 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-10-09 08:55 - 2014-10-09 08:55 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\Panda Security
2014-10-09 08:55 - 2014-10-09 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2014-10-09 08:53 - 2014-10-09 08:56 - 00000000 ____D () C:\ProgramData\Panda Security
2014-10-09 08:52 - 2014-10-09 08:52 - 01329312 _____ () C:\Users\Jess\Downloads\PANDAFREEAV.exe
2014-09-24 00:25 - 2014-09-09 02:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 00:25 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 08:42 - 2012-12-14 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 08:37 - 2009-01-30 20:56 - 01480652 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 08:34 - 2008-12-04 07:08 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-10-20 08:30 - 2012-05-06 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-20 08:30 - 2010-01-04 14:14 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\WTablet
2014-10-20 08:30 - 2008-01-20 23:26 - 00563230 _____ () C:\Windows\PFRO.log
2014-10-20 08:30 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 08:30 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 08:30 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 00:16 - 2006-11-02 11:42 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-19 16:28 - 2011-04-19 11:18 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\HpUpdate
2014-10-18 13:39 - 2009-02-28 14:21 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-17 07:38 - 2009-02-28 14:26 - 00001942 ___SH () C:\Windows\SysWOW64\KGyGaAvL.sys
2014-10-17 03:28 - 2006-11-02 11:21 - 01371856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:02 - 2013-07-27 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:00 - 2006-11-02 08:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-13 11:25 - 2012-12-31 20:41 - 00008540 _____ () C:\Users\Jess\AppData\Local\d3d9caps64.dat
2014-10-13 09:45 - 2009-07-15 19:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-09 08:57 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2014-10-09 08:55 - 2010-01-04 14:14 - 00465760 _____ () C:\Users\Jess\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-09 08:48 - 2014-08-15 08:10 - 00000680 _____ () C:\Users\Jess\AppData\Local\d3d9caps.dat
2014-09-28 00:20 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 08:37 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-09-23 16:42 - 2012-12-14 12:32 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 16:42 - 2012-04-27 09:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 16:42 - 2011-08-19 12:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Jess\SyncToy_97cbbfd0-3ad6-49ae-be4b-f5f15cfb8023.dat
C:\Users\Jessica--Files in folder though dont show possible old guest account\SyncToy_10af2ad6-a04e-422a-8af9-9ca1158721aa.dat


Some content of TEMP:
====================
C:\Users\Arborvitae\AppData\Local\temp\kmvlmbul.dll
C:\Users\Jess\AppData\Local\temp\aibhmwd5.dll
C:\Users\Jess\AppData\Local\temp\incredibar_installer.exe
C:\Users\Jess\AppData\Local\temp\iv_uninstall.exe
C:\Users\Jess\AppData\Local\temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Jess\AppData\Local\temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Jess\AppData\Local\temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Jess\AppData\Local\temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Jess\AppData\Local\temp\jre-7u6-windows-i586-iftw.exe
C:\Users\Jess\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jess\AppData\Local\temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Jess\AppData\Local\temp\Quarantine.exe
C:\Users\Jess\AppData\Local\temp\sqlite3.dll
C:\Users\Jess\AppData\Local\temp\UsbDriver.exe
C:\Users\Jess\AppData\Local\temp\_is4FDF.exe
C:\Users\Jess\AppData\Local\temp\_is57AE.exe
C:\Users\Jess\AppData\Local\temp\_is5961.exe
C:\Users\Jess\AppData\Local\temp\_is73E9.exe
C:\Users\Jess\AppData\Local\temp\_is7C8A.exe
C:\Users\Jess\AppData\Local\temp\_is7D84.exe
C:\Users\Jess\AppData\Local\temp\_isB3E2.exe
C:\Users\Jess\AppData\Local\temp\_isBF24.exe
C:\Users\Jess\AppData\Local\temp\_isDF47.exe
C:\Users\Jess\AppData\Local\temp\_isFFF0.exe
C:\Users\Jess\AppData\Local\temp\{FD3D3C0A-13AD-4228-A0A5-ECB30B85A227}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 08:42

==================== End Of Log ============================



#7 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 October 2014 - 08:41 AM

Org.  That scan was run with FRST64.exe being run from the downloads folder on my computer, not the desktop---which is apparently where panda restored the file to.  So, I will re-run the scan from the desktop and repost.



#8 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 October 2014 - 08:46 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
Ran by Jess (administrator) on ARBORVITAE--PC on 20-10-2014 09:42:22
Running from C:\Users\Jess\Desktop
Loaded Profile: Jess (Available profiles: Arborvitae & Jess)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [84576 2013-07-23] (Nullsoft, Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE [83568 2007-01-03] (Corel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon01] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon02] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.)
HKLM-x32\...\Run: [OsdMaestro] => c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-08-07] (alch)
HKU\S-1-5-21-776447029-958987439-96121110-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-10-17] (Hewlett-Packard)
HKU\S-1-5-21-776447029-958987439-96121110-1002\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-776447029-958987439-96121110-1002\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9F97BCFC-B369-48A7-92BB-15F2883FFF4E} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {9F97BCFC-B369-48A7-92BB-15F2883FFF4E} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\x12ja6vt.default
FF Homepage: hxxp://www.craftster.org/forum/index.php?topic=314569.0|hxxp://www.okcupid.com/mailbox|hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=273c9mojr0ajh|hxxp://www.ldslinkup.com/members/main.asp?rmc=1
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\x12ja6vt.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-24]
FF Extension: Firebug - C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\x12ja6vt.default\Extensions\firebug@software.joehewitt.com.xpi [2014-10-17]
FF Extension: Pin It Button - C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\x12ja6vt.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-07-24]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-02]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed]
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [3580712 2008-10-30] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-07-21] (NVIDIA Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2006-10-02] (Padus, Inc.) [File not signed]
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-07-24] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120352 2014-07-24] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-07-24] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [0 2011-05-05] () [File not signed]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 09:42 - 2014-10-20 09:42 - 00018276 _____ () C:\Users\Jess\Desktop\FRST.txt
2014-10-20 09:42 - 2014-10-20 09:42 - 00000000 ____D () C:\Users\Jess\Desktop\FRST-OlderVersion
2014-10-20 09:26 - 2014-10-20 09:29 - 00040834 _____ () C:\Users\Jess\Downloads\Addition.txt
2014-10-20 09:24 - 2014-10-20 09:29 - 00035739 _____ () C:\Users\Jess\Downloads\FRST.txt
2014-10-20 09:23 - 2014-10-20 09:42 - 00000000 ____D () C:\FRST
2014-10-20 09:22 - 2014-10-20 09:42 - 02111488 _____ (Farbar) C:\Users\Jess\Desktop\FRST64.exe
2014-10-20 09:22 - 2014-10-20 09:23 - 02111488 _____ (Farbar) C:\Users\Jess\Downloads\FRST64(1).exe
2014-10-20 08:30 - 2014-03-25 09:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-10-20 00:03 - 2014-10-20 00:03 - 02112512 _____ (Farbar) C:\Users\Jess\Downloads\FRST64.exe
2014-10-19 18:00 - 2014-10-19 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-19 16:42 - 2014-10-19 16:42 - 00001858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-10-19 16:42 - 2014-10-19 16:42 - 00001846 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-10-19 16:42 - 2014-10-19 16:42 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\Thunderbird
2014-10-19 16:42 - 2014-10-19 16:42 - 00000000 ____D () C:\Users\Jess\AppData\Local\Thunderbird
2014-10-18 21:47 - 2014-10-18 22:14 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\FileZilla
2014-10-18 21:47 - 2014-10-18 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-10-18 21:46 - 2014-10-18 21:47 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-10-18 21:45 - 2014-10-18 21:46 - 06057862 _____ (Tim Kosse) C:\Users\Jess\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-10-17 03:08 - 2014-09-27 19:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 03:08 - 2014-09-17 02:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 03:08 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 03:03 - 2014-06-15 18:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 03:03 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 03:03 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 03:03 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 03:03 - 2014-06-13 13:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 03:03 - 2014-06-13 13:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 03:02 - 2014-09-04 19:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 08:00 - 2014-09-19 20:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 08:00 - 2014-09-19 19:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 08:00 - 2014-09-19 19:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 08:00 - 2014-09-19 19:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 08:00 - 2014-09-19 19:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 08:00 - 2014-09-19 19:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 08:00 - 2014-09-19 19:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-16 08:00 - 2014-09-19 19:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 08:00 - 2014-09-19 19:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 08:00 - 2014-09-19 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 08:00 - 2014-09-19 19:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 08:00 - 2014-09-19 19:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 08:00 - 2014-09-19 19:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 08:00 - 2014-09-19 19:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 08:00 - 2014-09-19 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 08:00 - 2014-09-19 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 08:00 - 2014-09-19 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 08:00 - 2014-09-19 19:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-16 08:00 - 2014-09-19 19:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-16 08:00 - 2014-09-19 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 08:00 - 2014-09-19 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-16 08:00 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 08:00 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 08:00 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 08:00 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 08:00 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 08:00 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 08:00 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-16 08:00 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 08:00 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 08:00 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 08:00 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-16 08:00 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 08:00 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 08:00 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-16 08:00 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 08:00 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 08:00 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 08:00 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 08:00 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-16 08:00 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-16 08:00 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 16:59 - 2014-10-14 16:59 - 00010449 _____ () C:\Users\Jess\Desktop\2014, 10-04--hijackthis.log
2014-10-14 15:49 - 2014-10-14 15:52 - 00013050 _____ () C:\Users\Jess\Desktop\attach.txt
2014-10-14 15:49 - 2014-10-14 15:51 - 00019284 _____ () C:\Users\Jess\Desktop\dds.txt
2014-10-14 15:47 - 2014-10-14 15:47 - 00688992 ____R (Swearware) C:\Users\Jess\Downloads\dds.com
2014-10-14 13:12 - 2014-10-14 13:12 - 06588560 _____ (TeamViewer GmbH) C:\Users\Jess\Downloads\TeamViewer_Setup_en.exe
2014-10-14 13:10 - 2014-10-14 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-13 23:48 - 2014-10-14 16:59 - 00010449 _____ () C:\Users\Jess\Desktop\hijackthis.log
2014-10-13 12:09 - 2014-10-13 12:09 - 00010250 _____ () C:\Users\Jess\Downloads\hijackthis.log
2014-10-13 12:08 - 2014-10-13 12:08 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jess\Desktop\HijackThis.exe
2014-10-13 11:53 - 2014-10-13 12:38 - 00000000 ____D () C:\AdwCleaner
2014-10-13 11:51 - 2014-10-13 11:51 - 01976320 _____ () C:\Users\Jess\Desktop\AdwCleaner.exe
2014-10-13 09:35 - 2014-10-13 09:36 - 26478984 _____ (Mozilla) C:\Users\Jess\Downloads\Thunderbird Setup 31.1.2.exe
2014-10-13 09:12 - 2014-10-13 09:24 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\.clamwin
2014-10-13 09:12 - 2014-10-13 09:12 - 00000954 _____ () C:\Users\Public\Desktop\ClamWin Antivirus.lnk
2014-10-13 09:12 - 2014-10-13 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2014-10-13 09:12 - 2014-10-13 09:12 - 00000000 ____D () C:\ProgramData\.clamwin
2014-10-13 09:12 - 2014-10-13 09:12 - 00000000 ____D () C:\Program Files (x86)\ClamWin
2014-10-12 18:09 - 2014-10-12 18:11 - 101262137 _____ (alch ) C:\Users\Jess\Downloads\clamwin-0.98.4.1-setup.exe
2014-10-12 14:16 - 2014-10-12 14:16 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\Wireshark
2014-10-12 09:05 - 2014-10-12 09:05 - 00000000 ____D () C:\Users\Jess\Documents\WiresharkTroubleshooting
2014-10-12 00:47 - 2014-10-12 00:48 - 00000000 ____D () C:\Program Files\Wireshark
2014-10-12 00:47 - 2014-10-12 00:47 - 00001780 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark 2 Preview.lnk
2014-10-12 00:47 - 2014-10-12 00:47 - 00001489 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-10-12 00:47 - 2014-10-12 00:47 - 00001477 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2014-10-12 00:47 - 2014-10-12 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-10-12 00:47 - 2014-10-12 00:47 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-10-12 00:44 - 2014-10-12 00:45 - 35534616 _____ (Wireshark development team) C:\Users\Jess\Downloads\Wireshark-win64-1.12.1.exe
2014-10-09 13:15 - 2014-10-14 17:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 13:15 - 2014-10-09 13:15 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-09 13:15 - 2014-10-09 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-09 13:14 - 2014-10-09 13:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-09 13:14 - 2014-10-09 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jess\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-09 13:14 - 2014-10-09 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 13:14 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-09 13:14 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-09 13:14 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 08:55 - 2014-10-09 08:56 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-10-09 08:55 - 2014-10-09 08:55 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\Panda Security
2014-10-09 08:55 - 2014-10-09 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2014-10-09 08:53 - 2014-10-09 08:56 - 00000000 ____D () C:\ProgramData\Panda Security
2014-10-09 08:52 - 2014-10-09 08:52 - 01329312 _____ () C:\Users\Jess\Downloads\PANDAFREEAV.exe
2014-09-24 00:25 - 2014-09-09 02:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 00:25 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 09:42 - 2012-12-14 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 08:37 - 2009-01-30 20:56 - 01480652 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 08:34 - 2008-12-04 07:08 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-10-20 08:30 - 2012-05-06 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-20 08:30 - 2010-01-04 14:14 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\WTablet
2014-10-20 08:30 - 2008-01-20 23:26 - 00563230 _____ () C:\Windows\PFRO.log
2014-10-20 08:30 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 08:30 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 08:30 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 00:16 - 2006-11-02 11:42 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-19 16:28 - 2011-04-19 11:18 - 00000000 ____D () C:\Users\Jess\AppData\Roaming\HpUpdate
2014-10-18 13:39 - 2009-02-28 14:21 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-17 07:38 - 2009-02-28 14:26 - 00001942 ___SH () C:\Windows\SysWOW64\KGyGaAvL.sys
2014-10-17 03:28 - 2006-11-02 11:21 - 01371856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:02 - 2013-07-27 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:00 - 2006-11-02 08:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-13 11:25 - 2012-12-31 20:41 - 00008540 _____ () C:\Users\Jess\AppData\Local\d3d9caps64.dat
2014-10-13 09:45 - 2009-07-15 19:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-09 08:57 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2014-10-09 08:55 - 2010-01-04 14:14 - 00465760 _____ () C:\Users\Jess\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-09 08:48 - 2014-08-15 08:10 - 00000680 _____ () C:\Users\Jess\AppData\Local\d3d9caps.dat
2014-09-28 00:20 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 08:37 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-09-23 16:42 - 2012-12-14 12:32 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 16:42 - 2012-04-27 09:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 16:42 - 2011-08-19 12:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Jess\SyncToy_97cbbfd0-3ad6-49ae-be4b-f5f15cfb8023.dat
C:\Users\Jessica--Files in folder though dont show possible old guest account\SyncToy_10af2ad6-a04e-422a-8af9-9ca1158721aa.dat


Some content of TEMP:
====================
C:\Users\Arborvitae\AppData\Local\temp\kmvlmbul.dll
C:\Users\Jess\AppData\Local\temp\aibhmwd5.dll
C:\Users\Jess\AppData\Local\temp\incredibar_installer.exe
C:\Users\Jess\AppData\Local\temp\iv_uninstall.exe
C:\Users\Jess\AppData\Local\temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Jess\AppData\Local\temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Jess\AppData\Local\temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Jess\AppData\Local\temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Jess\AppData\Local\temp\jre-7u6-windows-i586-iftw.exe
C:\Users\Jess\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jess\AppData\Local\temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Jess\AppData\Local\temp\Quarantine.exe
C:\Users\Jess\AppData\Local\temp\sqlite3.dll
C:\Users\Jess\AppData\Local\temp\UsbDriver.exe
C:\Users\Jess\AppData\Local\temp\_is4FDF.exe
C:\Users\Jess\AppData\Local\temp\_is57AE.exe
C:\Users\Jess\AppData\Local\temp\_is5961.exe
C:\Users\Jess\AppData\Local\temp\_is73E9.exe
C:\Users\Jess\AppData\Local\temp\_is7C8A.exe
C:\Users\Jess\AppData\Local\temp\_is7D84.exe
C:\Users\Jess\AppData\Local\temp\_isB3E2.exe
C:\Users\Jess\AppData\Local\temp\_isBF24.exe
C:\Users\Jess\AppData\Local\temp\_isDF47.exe
C:\Users\Jess\AppData\Local\temp\_isFFF0.exe
C:\Users\Jess\AppData\Local\temp\{FD3D3C0A-13AD-4228-A0A5-ECB30B85A227}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 08:42

==================== End Of Log ============================



#9 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 October 2014 - 08:47 AM

I have re-posted the FRST.txt file.

 

Please note, I do have the addition.txt file but am unable to attach it.  The attachment process is failing.  I noted this in my original post.  What can I do to get you the addition.txt file?



#10 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 October 2014 - 08:51 AM

As an aside, I notice that a lot of things on this log have to do with dvd software, etc.---and my dvd player is refusing to play disks or do anything right now.  Starting about a month ago, it just entirely stopped reading disks at all, even though it was working perfectly before.  And now that I think of it, the same thing happened to my wacom tablet sometime before that. Even though it worked perfectly before.


Edited by NotGonnaTakeIt, 20 October 2014 - 08:53 AM.


#11 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 20 October 2014 - 09:07 AM

Ah-HA.  I got the file to attach.  I had to go to the basic uploader.  :)

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 20 October 2014 - 12:28 PM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.

  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
    
    SearchScopes: HKLM - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKCU - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll No File
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    S1 Beep; No ImagePath
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log Fixlog.txt please post it to your reply.
    ===

    --RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • =======

    Please let me know what issues are remaing on this computer.


#13 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 21 October 2014 - 08:38 AM

Here are the results from using the FRST.exe "fix" function.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014
Ran by Jess at 2014-10-21 01:54:25 Run:1
Running from C:\Users\Jess\Desktop
Loaded Profile: Jess (Available profiles: Arborvitae & Jess)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

SearchScopes: HKLM - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {CD753D8D-BF01-4EEA-B453-8CE1E47C1D32} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

End
*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD753D8D-BF01-4EEA-B453-8CE1E47C1D32}" => Key deleted successfully.
"HKCR\CLSID\{CD753D8D-BF01-4EEA-B453-8CE1E47C1D32}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CD753D8D-BF01-4EEA-B453-8CE1E47C1D32}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CD753D8D-BF01-4EEA-B453-8CE1E47C1D32}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD753D8D-BF01-4EEA-B453-8CE1E47C1D32}" => Key deleted successfully.
"HKCR\CLSID\{CD753D8D-BF01-4EEA-B453-8CE1E47C1D32}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
Beep => Service deleted successfully.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.

==== End of Fixlog ====



#14 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 21 October 2014 - 08:58 AM

Here is the report from RogueKiller:

 

RogueKiller V10.0.2.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Jess [Administrator]
Mode : Delete -- Date : 10/21/2014  09:54:37

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 25 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PSKMAD -> Deleted
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-776447029-958987439-96121110-1002\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-776447029-958987439-96121110-1002\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-776447029-958987439-96121110-1002\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-776447029-958987439-96121110-1002\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 67.142.168.10 67.142.168.11  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A921595D-D237-4840-92DA-2EE747B9FE21} | DhcpNameServer : 204.89.253.2 204.89.253.1  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2278CD0B-8C0E-4BC0-ACC4-107DE22A8C6C} | DhcpNameServer : 204.89.253.2 204.89.253.1  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{812F64B3-F106-4CDD-B8EF-54D0EB7FA5A6} | DhcpNameServer : 67.142.168.10 67.142.168.11  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A921595D-D237-4840-92DA-2EE747B9FE21} | DhcpNameServer : 204.89.253.2 204.89.253.1  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A921595D-D237-4840-92DA-2EE747B9FE21} | DhcpNameServer : 204.89.253.2 204.89.253.1  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-776447029-958987439-96121110-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-776447029-958987439-96121110-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-776447029-958987439-96121110-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-776447029-958987439-96121110-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 3uq2xrn9.default : user_pref("browser.startup.homepage", "http://www.facebook.com/search/?q=tina+marie+moore&init=quick#/home.php?ref=home|http://gliving.com/|http://www.yahoo.com/|http://www.okcupid.com/mailbox"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD642JJ SCSI Disk Device +++++
--- User ---
[MBR] 91cda06a0741f4650a5ea12161b646fc
[BSP] cbe1a3892920c024e3e7b9efc684338e : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 597017 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1222691085 | Size: 13460 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_10212014_020604.log - RKreport_DEL_10212014_095404.log



#15 NotGonnaTakeIt

NotGonnaTakeIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 21 October 2014 - 09:09 AM

Continuing problems:

 

The DVD drive is still not functioning.

The internal memory card reader is not functioning.

The WACOM tablet is not functioning.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users