Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zoomify (?) infection


  • This topic is locked This topic is locked
22 replies to this topic

#1 Countertop

Countertop

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:02:58 PM

Posted 01 January 2015 - 11:51 PM

Hi all-

 

I'm working on my mother-in-law's Toshiba Satellite A305-S6905 that is STILL running Windows Vista and have already removed about 180 different viruses, malware, and adware programs, but I cannot seem to get rid of this Zoomify installation.  I have been able to clear everything else out using the following process:

 

1. Safe Mode w/ networking and no restarts until after running MBAM

2. Removed Proxy Server in IE options
3. Ran registryfix.reg
4. Ran RKill (renamed as "iExplore.exe")
5. Ran Malwarebytes Anti-Malware
6. Ran Hitman Pro Kickstarter
7. Ran RogueKiller

8. Ran AdwCleaner

 

Everything seems to be fine and subsequent scans say everything is clean, but as soon as I connect to the internet and use a browser (IE, Firefox, or Chrome) the redirect, pop-ups, and hijacked pages return.

 

I've found some recent advice to people with the exact same problem, so I'm going to start following that and will wait to post the logs until somebody responds.  Thanks in advance for the help!


Edited by Countertop, 01 January 2015 - 11:58 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:58 PM

Posted 02 January 2015 - 12:04 AM

Hello Countertop,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Countertop

Countertop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:02:58 PM

Posted 02 January 2015 - 12:38 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2015
Ran by Owner (administrator) on OWNER-PC on 01-01-2015 23:32:17
Running from C:\Users\Owner\Desktop\FRST
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Toshiba) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
(CyberLink) C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\wmi32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-07-31] (Chicony)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-15] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM\...\Run: [PCMAgent] => C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [143360 2007-12-13] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe [188416 2008-07-10] (CyberLink)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-14] (Kaspersky Lab ZAO)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-737594619-1414829202-3786626943-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\S-1-5-21-737594619-1414829202-3786626943-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-737594619-1414829202-3786626943-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-737594619-1414829202-3786626943-1000\...\MountPoints2: {76ba3b4a-f4f4-11e3-ac53-001e33b4dc04} - "E:\WD SmartWare.exe" autoplay=true

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-737594619-1414829202-3786626943-1000] => http=127.0.0.1:49308;https=127.0.0.1:49308
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {0A356121-1222-4659-BDE7-DA3B40ACA87F} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-737594619-1414829202-3786626943-1000 -> DefaultScope {0A356121-1222-4659-BDE7-DA3B40ACA87F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-737594619-1414829202-3786626943-1000 -> {0A356121-1222-4659-BDE7-DA3B40ACA87F} URL = https://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-737594619-1414829202-3786626943-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://fastaccess.fdic.gov/dana-cached/sc/JuniperSetupClient.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-23]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-06-04]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-06-04]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-06-04]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-11]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-11]
CHR Extension: (Pin It Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-17]
CHR Extension: (Content Blocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-11]
CHR Extension: (Virtual Keyboard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-11]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-11]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2013-05-02]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2013-05-02]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2013-05-02]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-14] (Kaspersky Lab ZAO)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-07-10] (TOSHIBA CORPORATION) [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [815104 2008-04-30] (Intel® Corporation) [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [164600 2008-05-28] (WildTangent, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-01-01] (SurfRight B.V.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-04-30] (Intel® Corporation) [File not signed]
R3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S2 HitmanPro37CrusaderBoot; "E:\Virus removal\6A HitmanPro3-x86.exe" /crusader:boot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-21] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-14] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-14] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-05-02] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-01] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-05-10] (Apple, Inc.) [File not signed]
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-21] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 23:20 - 2015-01-01 23:32 - 00000000 ____D () C:\Users\Owner\Desktop\FRST
2015-01-01 23:05 - 2015-01-01 23:05 - 00001068 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2015-01-01 23:05 - 2015-01-01 23:05 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-01 16:49 - 2015-01-01 23:32 - 00000000 ____D () C:\FRST
2015-01-01 15:37 - 2015-01-01 15:37 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-01 15:37 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-01 15:36 - 2015-01-01 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-01 15:36 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-01 15:36 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-01 15:36 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-01 15:35 - 2015-01-01 15:36 - 00004682 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2015-01-01 14:33 - 2015-01-01 14:35 - 00000000 ____D () C:\AdwCleaner
2015-01-01 14:25 - 2015-01-01 14:25 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-01 14:25 - 2015-01-01 14:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-01 14:21 - 2015-01-01 14:21 - 00000000 ____D () C:\Users\Owner\Desktop\RK_Quarantine
2015-01-01 13:36 - 2015-01-01 14:14 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-01 13:36 - 2015-01-01 13:36 - 00025290 _____ () C:\Windows\system32\.crusader
2015-01-01 13:28 - 2015-01-01 14:06 - 00001743 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-01 13:28 - 2015-01-01 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-01 13:24 - 2015-01-01 13:28 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-01 13:23 - 2015-01-01 13:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-01 12:48 - 2015-01-01 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-01 12:48 - 2015-01-01 12:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-01 12:48 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-01 12:48 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-01 12:47 - 2015-01-01 16:38 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-01-01 12:47 - 2015-01-01 12:48 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-01 12:47 - 2015-01-01 12:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2015-01-01 12:47 - 2015-01-01 12:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 12:47 - 2015-01-01 12:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-01 12:47 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-01 12:45 - 2015-01-01 16:07 - 00003170 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-12-31 16:45 - 2014-12-31 16:46 - 00262144 _____ () C:\Windows\system32\config\elam
2014-12-31 16:45 - 2014-12-31 16:46 - 00000000 ____D () C:\Program Files\Extension Manager
2014-12-31 16:44 - 2014-12-31 16:44 - 00000064 _____ () C:\Users\Owner\AppData\Local\0df296065d8b7004eef1fd7c1e1c4f9c
2014-12-31 16:35 - 2014-12-31 16:35 - 00000000 ____D () C:\ProgramData\mLHLa3lyUv
2014-12-16 13:31 - 2014-11-06 19:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-16 13:31 - 2014-11-03 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-16 13:11 - 2014-12-02 20:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-15 03:06 - 2014-11-24 14:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-15 03:06 - 2014-11-24 14:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-15 03:06 - 2014-11-24 14:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-15 03:06 - 2014-11-24 14:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-15 03:06 - 2014-11-24 14:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-15 03:06 - 2014-11-24 14:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-15 03:06 - 2014-11-24 14:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-15 03:06 - 2014-11-24 14:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-15 03:06 - 2014-11-24 14:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-15 03:06 - 2014-11-24 14:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-15 03:06 - 2014-11-24 14:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-15 03:06 - 2014-11-24 14:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-15 03:06 - 2014-11-24 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-15 03:06 - 2014-11-24 14:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-15 03:06 - 2014-11-24 14:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-15 03:06 - 2014-11-24 14:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-15 03:06 - 2014-11-24 14:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-15 03:06 - 2014-11-24 14:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-15 03:06 - 2014-11-24 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-15 03:06 - 2014-11-24 14:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-15 03:06 - 2014-11-24 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-15 03:06 - 2014-11-24 14:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 23:33 - 2009-01-18 01:48 - 01160147 _____ () C:\Windows\WindowsUpdate.log
2015-01-01 23:31 - 2009-06-16 20:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-01 23:29 - 2010-02-12 20:02 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 23:28 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-01 23:28 - 2006-11-02 06:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 23:28 - 2006-11-02 06:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 16:56 - 2006-11-02 04:33 - 00762374 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 16:44 - 2006-11-02 07:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-01 16:26 - 2009-06-21 20:32 - 00001356 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2015-01-01 16:02 - 2009-07-14 15:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Yahoo
2015-01-01 16:02 - 2009-07-14 15:44 - 00000000 ____D () C:\Program Files\Yahoo!
2015-01-01 15:58 - 2009-06-20 10:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-01-01 15:56 - 2008-08-14 13:29 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-01 15:37 - 2014-05-27 14:49 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-01 15:36 - 2008-08-14 13:23 - 00000000 ____D () C:\Program Files\Java
2015-01-01 15:24 - 2010-02-12 20:02 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 15:14 - 2008-01-20 20:47 - 00166068 _____ () C:\Windows\PFRO.log
2015-01-01 15:06 - 2014-03-26 13:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 14:59 - 2009-07-14 15:44 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-01-01 14:58 - 2009-07-14 15:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Yahoo!
2015-01-01 14:52 - 2006-11-02 06:52 - 00042408 _____ () C:\Windows\setupact.log
2015-01-01 12:29 - 2006-11-02 04:23 - 00000321 _____ () C:\Windows\win.ini
2014-12-27 09:43 - 2009-07-09 18:19 - 00000419 _____ () C:\Windows\BRWMARK.INI
2014-12-27 09:43 - 2009-07-09 18:19 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-12-19 13:18 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\rescache
2014-12-16 13:32 - 2009-01-18 00:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-16 13:27 - 2013-08-19 07:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-16 13:17 - 2006-11-02 04:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-15 03:27 - 2014-06-02 09:45 - 00001982 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-15 03:06 - 2014-03-26 13:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-15 03:06 - 2011-09-16 17:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Owner\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-01 23:34

==================== End Of Log ============================



#4 Countertop

Countertop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:02:58 PM

Posted 02 January 2015 - 12:41 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2015
Ran by Owner at 2015-01-01 23:33:53
Running from C:\Users\Owner\Desktop\FRST
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Amazon Links (HKLM\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.07(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.209.0807L - Chicony Electronics Co.,Ltd.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Citrix XenApp Plugin for Hosted Apps (HKLM\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
CyberLink PowerCinema for TOSHIBA (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.2001 - CyberLink Corp.)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
Fitbit Connect (HKLM\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel® Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
Juniper Networks Setup Client (HKU\S-1-5-21-737594619-1414829202-3786626943-1000\...\Juniper_Setup_Client) (Version: 2.2.4.9429 - Juniper Networks)
Juniper Terminal Services Client (HKU\S-1-5-21-737594619-1414829202-3786626943-1000\...\Juniper_Term_Services) (Version: 7.0.0.17289 - Juniper Networks)
Kaspersky Anti-Virus 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetZero Internet Access Installer (HKLM\...\{99D518AB-77F2-405B-B52A-18FC22394CF8}) (Version: 1.0.874 - TOSHIBA Corporation)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.02 - )
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3810 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.21 - TOSHIBA Corporation)
TOSHIBA Desktop Links (HKLM\...\{E1E56B8A-1AAF-422A-91DB-625059FB9863}) (Version: 1.7 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.2.32 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA PowerCinema Helper (HKLM\...\{FB356619-7ECE-42BC-A28A-541973E29F28}) (Version: 1.00 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.3 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VoiceOver Kit (HKLM\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================

01-11-2014 09:52:39 Windows Update
02-11-2014 14:39:12 Scheduled Checkpoint
09-11-2014 13:08:58 Windows Update
15-11-2014 08:42:44 Windows Update
17-11-2014 13:30:27 Windows Update
19-11-2014 00:00:03 Scheduled Checkpoint
20-11-2014 00:00:02 Scheduled Checkpoint
20-11-2014 03:00:13 Windows Update
21-11-2014 16:45:09 Scheduled Checkpoint
22-11-2014 09:34:43 Scheduled Checkpoint
23-11-2014 10:51:42 Scheduled Checkpoint
28-11-2014 12:04:31 Windows Update
07-12-2014 15:52:33 Windows Update
15-12-2014 03:05:23 Windows Update
16-12-2014 13:09:12 Windows Update
21-12-2014 11:32:48 Scheduled Checkpoint
26-12-2014 13:15:00 Windows Update
27-12-2014 10:40:35 Scheduled Checkpoint
28-12-2014 13:49:00 Scheduled Checkpoint
29-12-2014 12:05:07 Scheduled Checkpoint
31-12-2014 15:39:29 Windows Update
01-01-2015 14:14:29 Checkpoint by HitmanPro
01-01-2015 15:23:52 Removed Geek Squad 24 Hour Computer Support
01-01-2015 15:35:20 Installed Java 7 Update 71

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {042514B6-CAD4-4F07-ABE7-3AAD39FC78FF} - System32\Tasks\Check Updates => C:\Users\Owner\AppData\Local\GeniusBox\updater.exe
Task: {04480BF4-D3AD-4813-B6DC-8D7E00F1BE9C} - \Tempo Runner coz32host No Task File <==== ATTENTION
Task: {0C7D9E20-3DDB-488C-8C39-A5B159BFA828} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {0E0DB323-D0C4-4E23-BA1C-9AAAD602B893} - System32\Tasks\{7E19534F-06CE-4276-8EA7-16A6E4C60511} => Iexplore.exe http://ui.skype.com/ui/0/4.1.0.179/en/abandoninstall?page=tsChrome&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed
Task: {288CB049-5DC2-43AF-9DE6-1D08812473E4} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Owner\AppData\Local\GeniusBox\client.exe"
Task: {312F8E21-FF62-45CD-A38A-2FE04F55F4B5} - System32\Tasks\{00962C14-0B3F-4CF1-B1F9-581F30E47CF8} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-notinstalled
Task: {586E838C-D8C1-4CF0-B5CA-F6B4EA4ACF06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
Task: {5EF0178F-F52C-4EF1-A6BA-984746A083F2} - System32\Tasks\{E47CC69C-5BBC-455F-B9F1-4BE777A9DDCF} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {8978AF39-C51E-4369-9EA2-C591D1CA5EEA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EA4EA672-227D-4805-88DA-0269010A6D54} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {ECBB0C72-2460-4FBD-8B0E-585EE9A0179F} - System32\Tasks\Validate Installation => C:\Users\Owner\AppData\Local\GeniusBox\updater.exe
Task: {FA4E56BD-1F6B-459A-AA8B-51B962E90AA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-04-30 21:13 - 2008-04-30 21:13 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-02 01:24 - 2013-05-02 01:24 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2008-04-24 20:25 - 2008-04-24 20:25 - 00126976 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 20:25 - 2008-04-24 20:25 - 06701056 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 20:25 - 2008-04-24 20:25 - 00995328 _____ () C:\Windows\system32\FaceRec.dll
2008-03-06 12:14 - 2008-03-06 12:14 - 05121912 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2007-12-14 23:40 - 2007-12-14 23:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-08-14 13:10 - 2006-10-10 12:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 14:03 - 2007-12-25 14:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 19:55 - 2006-12-01 19:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2008-07-10 19:35 - 2008-07-10 19:35 - 00765952 _____ () C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
2008-07-10 19:35 - 2008-07-10 19:35 - 00007680 _____ () C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: cozaghost => 2
MSCONFIG\Services: cozwdhost => 2
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: osCheck => "C:\Program Files\Norton 360\osCheck.exe"
MSCONFIG\startupreg: Search Protection => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TP CfgWiz => "C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config -REBOOT
MSCONFIG\startupreg: YSearchProtection => "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-737594619-1414829202-3786626943-500 - Administrator - Disabled)
Guest (S-1-5-21-737594619-1414829202-3786626943-501 - Limited - Disabled)
Owner (S-1-5-21-737594619-1414829202-3786626943-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2015 11:29:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 10:46:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/01/2015 04:46:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 04:46:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/01/2015 04:44:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ctfmon.exe, version 6.0.6000.16386, time stamp 0x4549ae86, faulting module USER32.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000142, fault offset 0x00009f5d,
process id 0xd84, application start time 0xctfmon.exe0.

Error: (01/01/2015 04:24:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 04:06:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/01/2015 04:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2015 04:04:30 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/01/2015 03:45:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/01/2015 11:29:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: HitmanPro 3.7 Crusader (Boot)%%3

Error: (01/01/2015 11:22:44 PM) (Source: Dhcpv6) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address &3εΣP on the Network Card with network address 0022FA496B18.

Error: (01/01/2015 11:22:17 PM) (Source: Dhcpv6) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address &3εΣP on the Network Card with network address 0022FA496B18.

Error: (01/01/2015 06:10:28 PM) (Source: Dhcpv6) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address &3εΣP on the Network Card with network address 0022FA496B18.

Error: (01/01/2015 04:47:31 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2015 04:46:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: KLIF
kneps
spldr
Wanarpv6

Error: (01/01/2015 04:46:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068

Error: (01/01/2015 04:46:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: HitmanPro 3.7 Crusader (Boot)%%3

Error: (01/01/2015 04:46:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/01/2015 04:46:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\System32\IWMSSvc.dll21

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-01 23:33:48.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 23:33:47.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 23:33:47.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 23:33:47.308
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 23:33:46.809
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 23:33:46.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 23:33:46.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 23:33:45.935
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 23:33:17.004
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-01 23:33:16.739
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 2939.25 MB
Available physical RAM: 1579.17 MB
Total Pagefile: 6086.61 MB
Available Pagefile: 4696.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.33 MB

==================== Drives ================================

Drive c: (SQ004829V03) (Fixed) (Total:289.53 GB) (Free:209.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: DD2AD119)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=289.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.1 GB) - (Type=17)

==================== End Of Log ============================



#5 Countertop

Countertop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:02:58 PM

Posted 02 January 2015 - 01:02 AM

Well, this is interesting... now that I've rebooted once again into normal mode, I am cruising the internet without any apparent abnormalities.  I'll still wait to hear back and will follow your advice.  Just like taking your car to the mechanic - the problem always disappears...



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:58 PM

Posted 02 January 2015 - 01:53 AM

Hello,

Do you know anything about this Provy Setting? If not please include this in the fixlist.txt im about to give you.

ProxyServer: [S-1-5-21-737594619-1414829202-3786626943-1000] => http=127.0.0.1:49308;https=127.0.0.1:49308

 

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   5.62KB   3 downloads

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Countertop

Countertop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:02:58 PM

Posted 02 January 2015 - 01:46 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-01-2015
Ran by Owner at 2015-01-02 12:45:05 Run:1
Running from C:\Users\Owner\Desktop\FRST
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {04480BF4-D3AD-4813-B6DC-8D7E00F1BE9C} - \Tempo Runner coz32host No Task File <==== ATTENTION
MSCONFIG\Services: cozaghost => 2
MSCONFIG\Services: cozwdhost => 2
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Owner\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
2014-12-31 16:44 - 2014-12-31 16:44 - 00000064 _____ () C:\Users\Owner\AppData\Local\0df296065d8b7004eef1fd7c1e1c4f9c
2014-12-31 16:35 - 2014-12-31 16:35 - 00000000 ____D () C:\ProgramData\mLHLa3lyUv
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-737594619-1414829202-3786626943-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

 

ProxyServer: [S-1-5-21-737594619-1414829202-3786626943-1000] => http=127.0.0.1:49308;https=127.0.0.1:49308
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04480BF4-D3AD-4813-B6DC-8D7E00F1BE9C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04480BF4-D3AD-4813-B6DC-8D7E00F1BE9C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner coz32host" => Key deleted successfully.
MSCONFIG\Services: cozaghost => 2 => Error: No automatic fix found for this entry.
MSCONFIG\Services: cozwdhost => 2 => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
"HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
"HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}" => Key deleted successfully.
"HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}" => Key deleted successfully.
"HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
"HKU\S-1-5-21-737594619-1414829202-3786626943-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}" => Key deleted successfully.
C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\GoogleToolbarInstaller.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Owner\AppData\Local\0df296065d8b7004eef1fd7c1e1c4f9c => Moved successfully.
C:\ProgramData\mLHLa3lyUv => Moved successfully.
IO_Memory => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-737594619-1414829202-3786626943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

==== End of Fixlog 12:45:07 ====



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:58 PM

Posted 02 January 2015 - 04:15 PM

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Countertop

Countertop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:02:58 PM

Posted 02 January 2015 - 06:54 PM

Was great until about 20 minutes ago, now I can't get anything to load in IE but Chrome seems to be working fine (it's what I'm using as I type this).



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:58 PM

Posted 02 January 2015 - 11:25 PM

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

 

See if this helps?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Countertop

Countertop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:02:58 PM

Posted 04 January 2015 - 07:39 PM

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: OWNER-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\Owner
Current Profile SID: S-1-5-21-737594619-1414829202-3786626943-1000
Current Profile Classes: S-1-5-21-737594619-1414829202-3786626943-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Owner\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:39:43

Process Count: 83
Commit Total: 1.64 GB
Commit Limit: 5.94 GB
Commit Peak: 1.67 GB
Handle Count: 24813
Kernel Total: 341.75 MB
Kernel Paged: 231.25 MB
Kernel Non Paged: 110.49 MB
System Cache: 1.72 GB
Thread Count: 1049
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.87 GB
Memory Used: 1.56 GB(54.5103%)
Memory Avail.: 1.31 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.87 GB
Memory Used: 1.28 GB(44.5941%)
Memory Avail.: 1.59 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (1/4/2015 4:54:06 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 162
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (1/4/2015 4:54:16 PM)
   Running Repair Under Current User Account
   Done (1/4/2015 4:54:38 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (1/4/2015 4:54:38 PM)
   Running Repair Under System Account
   Done (1/4/2015 5:08:32 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (1/4/2015 5:08:32 PM)
   Running Repair Under System Account
   Done (1/4/2015 5:10:36 PM)

03 - Reset Service Permissions
   Start (1/4/2015 5:10:36 PM)
   Running Repair Under System Account
   Done (1/4/2015 5:10:56 PM)

04 - Register System Files
   Start (1/4/2015 5:10:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:11:48 PM)

05 - Repair WMI
   Start (1/4/2015 5:11:48 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Kaspersky Anti-Virus Exported.

   Exporting AntiSpyware Info...
   Kaspersky Anti-Virus Exported.
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (1/4/2015 5:14:42 PM)

06 - Repair Windows Firewall
   Start (1/4/2015 5:14:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:15:29 PM)

07 - Repair Internet Explorer
   Start (1/4/2015 5:15:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:16:10 PM)

08 - Repair MDAC/MS Jet
   Start (1/4/2015 5:16:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:16:32 PM)

09 - Repair Hosts File
   Start (1/4/2015 5:16:32 PM)
   Running Repair Under System Account
   Done (1/4/2015 5:16:33 PM)

10 - Remove Policies Set By Infections
   Start (1/4/2015 5:16:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:16:37 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (1/4/2015 5:16:37 PM)
   Running Repair Under System Account
   Done (1/4/2015 5:16:38 PM)

12 - Repair Icons
   Start (1/4/2015 5:16:38 PM)
   Running Repair Under Current User Account
   Done (1/4/2015 5:16:39 PM)

13 - Repair Winsock & DNS Cache
   Start (1/4/2015 5:16:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:17:02 PM)

15 - Repair Proxy Settings
   Start (1/4/2015 5:17:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:17:04 PM)

17 - Repair Windows Updates
   Start (1/4/2015 5:17:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (1/4/2015 5:17:39 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (1/4/2015 5:17:40 PM)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (1/4/2015 5:17:40 PM)

19 - Repair Volume Shadow Copy Service
   Start (1/4/2015 5:17:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:16 PM)

21 - Repair MSI (Windows Installer)
   Start (1/4/2015 5:18:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:36 PM)

23.01 - Repair bat Association
   Start (1/4/2015 5:18:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:38 PM)

23.02 - Repair cmd Association
   Start (1/4/2015 5:18:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:40 PM)

23.03 - Repair com Association
   Start (1/4/2015 5:18:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:42 PM)

23.04 - Repair Directory Association
   Start (1/4/2015 5:18:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:45 PM)

23.05 - Repair Drive Association
   Start (1/4/2015 5:18:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:47 PM)

23.06 - Repair exe Association
   Start (1/4/2015 5:18:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:49 PM)

23.07 - Repair Folder Association
   Start (1/4/2015 5:18:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:51 PM)

23.08 - Repair inf Association
   Start (1/4/2015 5:18:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:54 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (1/4/2015 5:18:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:57 PM)

23.10 - Repair msc Association
   Start (1/4/2015 5:18:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:18:59 PM)

23.11 - Repair reg Association
   Start (1/4/2015 5:18:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:19:01 PM)

23.12 - Repair scr Association
   Start (1/4/2015 5:19:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:19:04 PM)

24 - Repair Windows Safe Mode
   Start (1/4/2015 5:19:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:19:06 PM)

25 - Repair Print Spooler
   Start (1/4/2015 5:19:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:19:28 PM)

26 - Restore Important Windows Services
   Start (1/4/2015 5:19:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:19:47 PM)

27 - Set Windows Services To Default Startup
   Start (1/4/2015 5:19:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:20:07 PM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

31 - Repair Windows 'New' Submenu
   Start (1/4/2015 5:20:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/4/2015 5:20:10 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (1/4/2015 5:20:10 PM)
   Total Repair Time: 00:26:05

...YOU MUST RESTART YOUR SYSTEM...



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:58 PM

Posted 04 January 2015 - 08:22 PM

Did that help?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Countertop

Countertop
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin
  • Local time:02:58 PM

Posted 05 January 2015 - 10:15 PM

Yeah, everything seems to be running smoothly now.  Thanks a lot for all of the help!



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:58 PM

Posted 06 January 2015 - 12:22 AM

Lets check for any leftovers now.

 

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:58 PM

Posted 07 January 2015 - 02:01 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users