Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generally slow and not working well


  • This topic is locked This topic is locked
30 replies to this topic

#1 teddieg

teddieg

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 27 January 2015 - 07:29 PM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:14:25 PM, on 27/01/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16599)

FIREFOX: 21.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
C:\Users\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BlackBerryLink.exe] "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - Global Startup: RemotePointRF.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {08496B45-6BB1-4F92-A8E6-B9E7978634CB} (Trustsite Control) - https://remote-gcc.rbc.com/nortel_cacheable/TrustSite.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://remote-occ.rbc.com/nortel_cacheable/iewiper.cab
O16 - DPF: {ACDB1787-986D-434D-9857-2172CDB2108D} (popupunblk Class) - https://remote.rbc.com/nortel_cacheable/punblock.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: BlackBerry Device Manager - BlackBerry Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RIM MDNS - Apple Inc. - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
O23 - Service: BlackBerry Link Communication Manager (RIM Tunnel Service) - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15465 bytes

Attached Files



BC AdBot (Login to Remove)

 


m

#2 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:55 AM

Posted 27 January 2015 - 08:06 PM

Hi teddieg,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#3 teddieg

teddieg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 27 January 2015 - 09:13 PM

Thanks for your help OCD, I appreciate the help.  I unfortunately started deleting applications prior to seeing your response, I hope it does not impact your analysis.

 

Attached are the files you requested.

 

Cheers;

 

TeddieG

Attached Files



#4 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:55 AM

Posted 28 January 2015 - 02:49 AM

Hi teddieg ,

Please paste the logs directly into the reply window, unless specifically asked to attach them.

What Anti-Virus software do you have installed and running on this computer?

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • DAEMON Tools Toolbar
=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3611137935-769122144-3488662077-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3611137935-769122144-3488662077-500 -> DefaultScope {87394793-8317-426A-A380-443282519A7D} URL = 
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
C:\Users\Administrator\AppData\Local\temp\contentDATs.exe
C:\Users\Administrator\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\temp\AdobeUpdater12345.exe
C:\Users\Owner\AppData\Local\temp\contentDATs.exe
C:\Users\Owner\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\temp\mssinstaller.exe
C:\Users\Owner\AppData\Local\temp\SecurityScan_Release.exe
C:\Users\Owner\AppData\Local\temp\setup.exe
2011-11-07 19:35 - 2011-11-07 19:35 - 0000344 _____ () C:\ProgramData\aQpHhbGxfI2y6r
2011-11-07 19:35 - 2011-11-07 19:35 - 0000304 _____ () C:\ProgramData\~aQpHhbGxfI2y6r
2011-11-07 19:35 - 2011-11-07 19:35 - 0000224 _____ () C:\ProgramData\~aQpHhbGxfI2y6rr
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.0.8.0552 - DT Soft Ltd) <==== ATTENTION
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
EmptyTemp:
CMD: ipconfig /flushdns
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif Enable Hidden Files & Folders :

To enable the viewing of hidden and protected system files in Windows please follow these steps:
  • Close all programs so that you are at your desktop.
  • Click on the Start button. (This is the small round button with the Windows flag in the lower left corner.)
  • Click on the Control Panel menu option.
  • When the control panel opens you can either be in Classic View or Control Panel Home view:

    If you are in the Classic View do the following:
    • Double-click on the Folder Options icon.
    • Click on the View tab.
    • Go to step 5
    If you are in the Control Panel Home view do the following:
    • Click on the Appearance and Personalization link.
    • Click on Show Hidden Files or Folders.
    • Go to step 5.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the check mark from the check box labeled Hide extensions for known file types.
  • Remove the check mark from the check box labeled Hide protected operating system files.
  • Press the Apply button and then the OK button.
=========================

bullseye_zpse9eaf36e.gif VirusTotal

Please go to: VirusTotal

virustotal2-SWI.png
  • Click the Browse button and search for the following file: C:\Windows\System32\Drivers\abkmdtsz.sys
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • Reply to any questions asked.
  • Fixlog.txt
  • VirusTotal Results
  • AdwCleaner[S0].txt
  • JRT.txt
  • new FRST.txt
  • Any change in performance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#5 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:55 AM

Posted 30 January 2015 - 10:56 AM

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#6 teddieg

teddieg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 30 January 2015 - 11:00 AM

Hi OLD,

I am away from my computer and will be able to respond tomorrow as per your post. Thanks again for the help.

#7 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:55 AM

Posted 30 January 2015 - 11:09 AM

Hi teddieg,

Thank you for letting me know. :thumbup2:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#8 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:55 AM

Posted 03 February 2015 - 11:28 PM

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#9 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:55 AM

Posted 05 February 2015 - 11:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#10 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:55 AM

Posted 07 February 2015 - 01:54 AM

This topic has been re-opened at the OP's request.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#11 teddieg

teddieg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 07 February 2015 - 06:11 PM

Thanks OCD, I will post an update tomorrow.

#12 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:55 AM

Posted 10 February 2015 - 03:46 AM

Once again I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems.

Unfortunately, if you are unable to supply the logs I have requested you will leave me little choice but to close this thread.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#13 teddieg

teddieg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 10 February 2015 - 07:37 PM

Thanks OCD, I appreciate the patience and help.

I am in the process of going through your instructions.

#14 teddieg

teddieg
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 10 February 2015 - 10:01 PM

What Anti-Virus software do you have installed and running on this computer?

None

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Administrator at 2015-02-10 19:13:48 Run:1
Running from c:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Owner & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3611137935-769122144-3488662077-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3611137935-769122144-3488662077-500 -> DefaultScope {87394793-8317-426A-A380-443282519A7D} URL =
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
C:\Users\Administrator\AppData\Local\temp\contentDATs.exe
C:\Users\Administrator\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\temp\AdobeUpdater12345.exe
C:\Users\Owner\AppData\Local\temp\contentDATs.exe
C:\Users\Owner\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\temp\mssinstaller.exe
C:\Users\Owner\AppData\Local\temp\SecurityScan_Release.exe
C:\Users\Owner\AppData\Local\temp\setup.exe
2011-11-07 19:35 - 2011-11-07 19:35 - 0000344 _____ () C:\ProgramData\aQpHhbGxfI2y6r
2011-11-07 19:35 - 2011-11-07 19:35 - 0000304 _____ () C:\ProgramData\~aQpHhbGxfI2y6r
2011-11-07 19:35 - 2011-11-07 19:35 - 0000224 _____ () C:\ProgramData\~aQpHhbGxfI2y6rr
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.0.8.0552 - DT Soft Ltd) <==== ATTENTION
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
EmptyTemp:
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3611137935-769122144-3488662077-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-3611137935-769122144-3488662077-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Administrator\AppData\Local\temp\contentDATs.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Owner\AppData\Local\temp\AdobeUpdater12345.exe => Moved successfully.
C:\Users\Owner\AppData\Local\temp\contentDATs.exe => Moved successfully.
C:\Users\Owner\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Owner\AppData\Local\temp\mssinstaller.exe => Moved successfully.
C:\Users\Owner\AppData\Local\temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Owner\AppData\Local\temp\setup.exe => Moved successfully.
C:\ProgramData\aQpHhbGxfI2y6r => Moved successfully.
C:\ProgramData\~aQpHhbGxfI2y6r => Moved successfully.
C:\ProgramData\~aQpHhbGxfI2y6rr => Moved successfully.
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.0.8.0552 - DT Soft Ltd) <==== ATTENTION => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll => Key not found.
HKCR\CLSID\O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll => Key not found.
\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) => Error: No automatic fix found for this entry.
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) => Error: No automatic fix found for this entry.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 1.8 GB temporary data.

The system needed a reboot.

==== End of Fixlog 19:17:07 ====

VirusTotal

C:\Windows\System32\Drivers\abkmdtsz.sys did not exist, tried various methods of locating the file.

AdCleaner - [Note this version was run at the end of the process as the original did not save on the desktop]

# AdwCleaner v4.110 - Logfile created 10/02/2015 at 21:50:19
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Administrator - OWNER-PC
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\Administrator\AppData\LocalLow\HPAppData
[!] Folder Deleted : C:\Users\Administrator\AppData\Roaming\HPAppData

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Mozilla Firefox v35.0 (x86 en-US)

*************************

AdwCleaner[R0].txt - [3752 bytes] - [10/02/2015 20:57:44]
AdwCleaner[R1].txt - [1021 bytes] - [10/02/2015 21:48:01]
AdwCleaner[S0].txt - [3701 bytes] - [10/02/2015 21:00:47]
AdwCleaner[S1].txt - [962 bytes] - [10/02/2015 21:50:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1020  bytes] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows ™ Vista Home Premium x64
Ran by Administrator on 10/02/2015 at 21:31:51.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/02/2015 at 21:35:46.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Administrator (administrator) on OWNER-PC on 10-02-2015 21:37:46
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Owner & Administrator)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TOSHIBA Corporation.) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Agere Systems) C:\Program Files\ltmoh\ltmoh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6156288 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [519544 2007-12-11] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [900608 2008-04-26] (TOSHIBA Corporation.)
HKLM-x32\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-03-18] (BlackBerry Limited)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4494848 2014-06-23] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3611137935-769122144-3488662077-500\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-3611137935-769122144-3488662077-500\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3611137935-769122144-3488662077-500\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
ShortcutTarget: HP Digital Imaging Monitor.lnk.disabled -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RemotePointRF.lnk.disabled
ShortcutTarget: RemotePointRF.lnk.disabled -> C:\Program Files (x86)\InterlinkElectronics, Inc\RemotePoint RF\rpointRF.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3611137935-769122144-3488662077-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3611137935-769122144-3488662077-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKLM -> {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
SearchScopes: HKLM-x32 -> {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3611137935-769122144-3488662077-500 -> DefaultScope {87394793-8317-426A-A380-443282519A7D} URL =
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {08496B45-6BB1-4F92-A8E6-B9E7978634CB} https://remote-gcc.rbc.com/nortel_cacheable/TrustSite.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} https://remote-occ.rbc.com/nortel_cacheable/iewiper.cab
DPF: HKLM-x32 {ACDB1787-986D-434D-9857-2172CDB2108D} https://remote.rbc.com/nortel_cacheable/punblock.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m28yhqj2.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-10-18]

Chrome:
=======
StartMenuInternet: chrome.exe - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-03-18] (BlackBerry Limited) [File not signed]
R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2008-04-03] (TOSHIBA Corporation.) [File not signed]
R2 ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-06-23] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1325568 2014-06-23] (Research In Motion Limited) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed]
R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
S3 OV550I; C:\Windows\System32\Drivers\OVTX16.sys [139520 2010-06-04] (Omnivision Technologies, Inc.)
S3 OV550I; C:\Windows\SysWOW64\Drivers\OVTX16.sys [139520 2010-06-04] (Omnivision Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-06-18] () [File not signed]
U3 aqqysa46; C:\Windows\System32\Drivers\aqqysa46.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 21:37 - 2015-02-10 21:37 - 00000000 ____D () C:\Users\Administrator\Desktop\FRST-OlderVersion
2015-02-10 21:35 - 2015-02-10 21:35 - 00000642 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-02-10 21:31 - 2015-02-10 21:31 - 01388274 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2015-02-10 20:57 - 2015-02-10 21:01 - 00000000 ____D () C:\AdwCleaner
2015-02-10 20:57 - 2015-02-10 20:57 - 02112512 _____ () C:\Users\Administrator\Desktop\AdwCleaner.exe
2015-02-02 17:32 - 2015-02-02 17:32 - 00006175 _____ () C:\Users\Owner\Downloads\ATT00001.htm
2015-01-27 20:57 - 2015-01-27 20:58 - 00274624 _____ () C:\Windows\Minidump\Mini012715-01.dmp
2015-01-27 20:57 - 2015-01-27 20:57 - 613439803 _____ () C:\Windows\MEMORY.DMP
2015-01-27 20:57 - 2015-01-27 20:57 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 20:50 - 2015-01-27 20:55 - 00035357 _____ () C:\Users\Administrator\Desktop\Addition.txt
2015-01-27 20:46 - 2015-02-10 21:37 - 00021084 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-01-27 20:45 - 2015-02-10 21:37 - 02132992 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-01-27 20:45 - 2015-02-10 21:37 - 00000000 ____D () C:\FRST
2015-01-27 20:43 - 2015-01-27 20:43 - 00000575 _____ () C:\Users\Administrator\Desktop\MBR.zip
2015-01-27 20:42 - 2015-01-27 20:42 - 00001700 _____ () C:\Users\Administrator\Desktop\aswMBR.txt
2015-01-27 20:42 - 2015-01-27 20:42 - 00000512 _____ () C:\Users\Administrator\Desktop\MBR.dat
2015-01-27 20:39 - 2015-01-27 20:39 - 05198336 _____ (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2015-01-27 20:38 - 2015-01-27 20:38 - 00001147 _____ () C:\Users\Administrator\Desktop\checkup.txt
2015-01-27 20:37 - 2015-01-27 20:37 - 00852573 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2015-01-27 20:15 - 2015-01-27 20:15 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2015-01-27 20:08 - 2015-01-27 20:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\MFAData
2015-01-27 19:59 - 2015-01-27 19:59 - 00000000 ____D () C:\Users\Administrator\Documents\Freemake
2015-01-27 19:14 - 2015-01-27 19:29 - 00015467 _____ () C:\Users\Administrator\Desktop\hijackthis.log
2015-01-27 19:14 - 2015-01-27 19:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Desktop\HijackThis.exe
2015-01-27 14:07 - 2015-01-27 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 10:56 - 2015-01-23 10:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2014
2015-01-23 10:56 - 2015-01-23 10:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2014
2015-01-21 09:38 - 2015-01-21 09:38 - 01326651 _____ () C:\Users\Owner\Downloads\Attachments_2015121.zip
2015-01-18 22:55 - 2015-01-18 22:57 - 320451123 _____ () C:\Users\Owner\Downloads\CSA Entry Level Video Exam English 2014-2015.exe
2015-01-18 22:41 - 2015-01-18 22:41 - 00324136 _____ (Dropbox, Inc.) C:\Users\Owner\Downloads\DropboxInstaller (2).exe
2015-01-18 22:39 - 2015-01-18 22:39 - 00324136 _____ (Dropbox, Inc.) C:\Users\Owner\Downloads\DropboxInstaller (1).exe
2015-01-18 22:38 - 2015-01-18 22:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-01-18 22:38 - 2015-01-18 22:38 - 00324136 _____ (Dropbox, Inc.) C:\Users\Owner\Downloads\DropboxInstaller.exe
2015-01-17 03:10 - 2014-12-18 19:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 03:10 - 2014-12-05 22:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-17 03:10 - 2014-12-05 22:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-17 03:10 - 2014-12-05 21:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 03:10 - 2014-12-05 21:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 03:10 - 2014-12-05 21:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 21:38 - 2013-06-13 19:13 - 00003718 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{45D18FA3-936A-4542-B7C2-B7B8A28FDD03}
2015-02-10 21:35 - 2014-04-07 18:09 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3611137935-769122144-3488662077-1000.job
2015-02-10 21:34 - 2009-03-11 05:07 - 01603823 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 21:28 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 21:28 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 21:27 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 21:15 - 2006-11-02 10:42 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-10 21:14 - 2009-03-11 02:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-10 21:12 - 2009-07-01 11:00 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611137935-769122144-3488662077-1000UA.job
2015-02-10 21:10 - 2011-06-19 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-02-10 21:10 - 2011-06-19 14:08 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-02-10 21:05 - 2008-01-20 22:26 - 00462838 _____ () C:\Windows\PFRO.log
2015-02-10 20:33 - 2013-02-05 19:45 - 00027171 _____ () C:\ads_err.adt
2015-02-10 20:33 - 2013-02-05 19:45 - 00003072 _____ () C:\ads_err.adi
2015-02-10 20:21 - 2012-04-08 10:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 20:17 - 2013-05-29 08:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-10 19:11 - 2009-07-01 11:00 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611137935-769122144-3488662077-1000Core.job
2015-02-05 21:55 - 2012-04-08 10:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 21:55 - 2012-04-08 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 21:55 - 2012-04-08 10:59 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 19:07 - 2011-12-02 19:15 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7BDAA603-A336-4870-9215-E575A16F8BBC}
2015-02-03 19:07 - 2009-07-01 11:00 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3611137935-769122144-3488662077-1000UA
2015-02-03 19:07 - 2009-07-01 11:00 - 00003396 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3611137935-769122144-3488662077-1000Core
2015-01-27 20:30 - 2014-09-02 18:00 - 00000000 ____D () C:\ProgramData\AVG2014
2015-01-27 20:30 - 2014-09-02 17:55 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-27 20:16 - 2014-09-02 18:00 - 00000000 ___HD () C:\$AVG
2015-01-27 20:04 - 2009-03-11 02:36 - 00000000 ____D () C:\ProgramData\Ulead Systems
2015-01-27 20:01 - 2008-05-15 13:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-27 20:00 - 2012-06-28 00:23 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-27 19:59 - 2012-06-28 00:23 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-01-27 19:58 - 2012-10-01 18:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2015-01-27 19:58 - 2010-01-22 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-01-27 19:58 - 2010-01-22 23:37 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-01-27 19:55 - 2013-02-08 10:17 - 00000000 ____D () C:\Firefox
2015-01-24 18:46 - 2014-04-07 18:09 - 00003502 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3611137935-769122144-3488662077-1000
2015-01-21 09:43 - 2006-11-02 07:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 03:10 - 2013-08-14 02:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 03:01 - 2006-11-02 07:35 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-11 18:14 - 2010-12-07 14:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2010-09-05 14:04 - 2010-09-05 14:04 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2010-10-18 09:33 - 2010-10-18 09:45 - 0000774 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\temp\sqlite3.dll
C:\Users\Owner\AppData\Local\temp\{C4407545-D532-44BB-B779-59975D5C5D8D}-40.0.2214.111_40.0.2214.94_chrome_updater.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-10 21:34

 

 

Performance has improved, I think, but for some reason the wireless card is no longer connecting to the internet.  I had to connet the laptop to the the modem directly in order to do this.  Do you have any thoughts as to why this may have occured?

 

Thanks again for the help, please let me know what are the next steps.

 

-Ted

==================== End Of Log ============================



#15 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:55 AM

Posted 11 February 2015 - 01:05 AM

Hi teddieg,

AntiVirus Program
As a rule of thumb one should run one antivirus program in memory.

I would recommend that you install one of these free Antivirus programs immediately. Just choose one:
Microsoft Security Essentials
Avast

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 
Start
CloseProcesses:
SearchScopes: HKLM -> {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
SearchScopes: HKLM-x32 -> {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3611137935-769122144-3488662077-500 -> DefaultScope {87394793-8317-426A-A380-443282519A7D} URL =
U3 aqqysa46; C:\Windows\System32\Drivers\aqqysa46.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\temp\sqlite3.dll
C:\Users\Owner\AppData\Local\temp\{C4407545-D532-44BB-B779-59975D5C5D8D}-40.0.2214.111_40.0.2214.94_chrome_updater.exe
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================


Do you have any thoughts as to why this may have occured?

Yes. We flushed the DNS, you will need to set-up the wireles connection again.

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • MBAM.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users