Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown - cpu @ 100% - not responsive when wireless enabled


  • This topic is locked This topic is locked
10 replies to this topic

#1 Rammis

Rammis

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Pennsylvania
  • Local time:10:49 AM

Posted 01 May 2015 - 08:51 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by bmdejoe (administrator) on BMDEJOE-PC on 01-05-2015 09:23:16
Running from E:\Bleeping computer Fixes
Loaded Profiles: bmdejoe (Available profiles: bmdejoe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295224 2010-07-01] (TOSHIBA Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2625537720-2756377382-489216150-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2625537720-2756377382-489216150-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2625537720-2756377382-489216150-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
SearchScopes: HKLM -> {8B5A423F-BA40-4135-8D3A-E668AAAB5EC8} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {EB72AC5A-75C3-469E-9F9F-A49706F0FDB1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2625537720-2756377382-489216150-1002 -> DefaultScope {EB72AC5A-75C3-469E-9F9F-A49706F0FDB1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-2625537720-2756377382-489216150-1002 -> {8B5A423F-BA40-4135-8D3A-E668AAAB5EC8} URL =
SearchScopes: HKU\S-1-5-21-2625537720-2756377382-489216150-1002 -> {925F3C71-0D13-46DC-B63A-8EB35D47668C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2625537720-2756377382-489216150-1002 -> {EB72AC5A-75C3-469E-9F9F-A49706F0FDB1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2625537720-2756377382-489216150-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eihhgekonheiliaidomffpplfhecmkag] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [115056 2010-10-20] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 habqrcav; \??\C:\windows\system32\drivers\habqrcav.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 09:22 - 2015-05-01 09:23 - 00000000 ____D () C:\FRST
2015-05-01 08:50 - 2015-05-01 08:50 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\DriverCure
2015-05-01 08:16 - 2015-05-01 08:47 - 00000112 _____ () C:\windows\setupact.log
2015-05-01 08:16 - 2015-05-01 08:16 - 00000758 _____ () C:\windows\PFRO.log
2015-05-01 08:16 - 2015-05-01 08:16 - 00000000 _____ () C:\windows\setuperr.log
2015-05-01 07:22 - 2015-05-01 07:22 - 00000000 ____D () C:\Users\bmdejoe\AppData\Local\Adobe
2015-04-30 11:31 - 2015-04-30 11:31 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-04-30 11:31 - 2015-04-30 11:31 - 00001945 _____ () C:\windows\epplauncher.mif
2015-04-30 11:31 - 2015-04-30 11:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-04-30 11:30 - 2015-04-30 11:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-04-30 10:48 - 2010-11-11 15:59 - 00252712 _____ (ELAN Microelectronics Corp.) C:\windows\ETDUninst.dll
2015-04-30 09:06 - 2015-04-30 09:30 - 00000000 ___SD () C:\ComboFix
2015-04-30 08:54 - 2015-04-30 09:06 - 00000000 ___SD () C:\32788R22FWJFW
2015-04-29 18:40 - 2015-05-01 09:10 - 00198196 _____ () C:\windows\WindowsUpdate.log
2015-04-29 18:12 - 2015-04-29 18:12 - 00000448 _____ () C:\windows\Tasks\SpeedyPC Registration3.job
2015-04-29 18:12 - 2015-04-29 18:12 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\SpeedyPC Software
2015-04-29 18:11 - 2015-04-29 18:11 - 00001172 _____ () C:\Users\bmdejoe\Desktop\SpeedyPC Pro.lnk
2015-04-29 18:11 - 2015-04-29 18:11 - 00000575 _____ () C:\windows\Tasks\SpeedyPC Pro_sch_BE8418DC-EEBC-11E4-950D-CC07FB4A6E49.job
2015-04-29 18:11 - 2015-04-29 18:11 - 00000468 _____ () C:\windows\Tasks\SpeedyPC Update Version3_triggeronce.job
2015-04-29 18:11 - 2015-04-29 18:11 - 00000468 _____ () C:\windows\Tasks\SpeedyPC Update Version3.job
2015-04-29 18:11 - 2015-04-29 18:11 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
2015-04-29 18:11 - 2015-04-29 18:11 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2015-04-29 18:11 - 2015-04-29 18:11 - 00000000 ____D () C:\Program Files (x86)\SpeedyPC Software
2015-04-29 10:00 - 2015-04-30 09:12 - 00000000 ____D () C:\Qoobox
2015-04-29 10:00 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-29 10:00 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-29 10:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-29 10:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-29 10:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-29 10:00 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-29 10:00 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-29 10:00 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-29 06:38 - 2015-05-01 08:13 - 00007620 _____ () C:\Users\bmdejoe\AppData\Local\Resmon.ResmonCfg
2015-04-29 06:36 - 2015-04-30 08:36 - 00000000 ____D () C:\AdwCleaner
2015-04-28 15:09 - 2015-04-28 15:09 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-28 15:09 - 2015-04-28 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-28 15:09 - 2015-04-28 15:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-28 14:56 - 2015-04-29 10:16 - 00000000 ____D () C:\windows\erdnt
2015-04-28 11:04 - 2015-04-28 11:04 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-27 14:27 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-27 14:27 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-27 14:26 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-27 14:26 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-27 14:26 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-27 14:26 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-27 14:26 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-27 14:26 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-27 14:26 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-27 14:26 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-27 14:26 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-27 14:26 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-27 14:26 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-27 14:26 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-27 14:26 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-27 14:26 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-27 14:26 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-27 14:26 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-27 14:26 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-27 14:26 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-27 14:26 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-27 14:26 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-27 14:26 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-04-27 14:26 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-27 14:26 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-04-27 14:26 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-27 14:26 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-27 14:26 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-27 14:26 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-27 14:26 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-27 14:26 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-27 14:26 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-04-27 14:26 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-27 14:26 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-27 14:26 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-27 14:26 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-27 14:26 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-27 14:26 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-27 14:26 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-27 14:26 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-27 14:26 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-27 14:26 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-27 14:26 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-27 14:26 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-27 14:26 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-27 14:26 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-27 14:26 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-27 14:26 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-27 14:26 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-27 14:26 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-27 14:26 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-27 14:25 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-27 14:25 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-27 14:25 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-27 14:25 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-27 14:25 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-27 14:25 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-27 14:25 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-27 14:25 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-27 14:25 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-27 14:00 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-27 14:00 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-27 14:00 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-27 14:00 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-27 14:00 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-27 14:00 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-27 14:00 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-27 14:00 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-27 14:00 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-04-27 13:59 - 2015-04-27 13:59 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\Business Logic
2015-04-27 13:59 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-27 13:59 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-27 13:59 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-27 13:59 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-27 13:59 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-23 08:08 - 2015-04-23 08:08 - 00003296 ____N () C:\bootsqm.dat
2015-04-22 20:49 - 2015-05-01 08:02 - 00000000 ____D () C:\windows\Minidump
2015-04-22 06:46 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-22 06:46 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-22 06:46 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-15 08:29 - 2015-04-15 08:29 - 00000017 _____ () C:\windows\SysWOW64\shortcut_ex.dat
2015-04-08 18:06 - 2015-04-08 18:08 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-08 18:06 - 2015-04-08 18:06 - 00000000 ___SD () C:\windows\SysWOW64\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 09:16 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-01 08:58 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 08:58 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 08:56 - 2015-01-10 13:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-01 08:48 - 2015-03-31 10:28 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-05-01 08:48 - 2010-11-22 19:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 08:48 - 2010-11-22 19:38 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 08:47 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-01 08:10 - 2010-11-22 19:35 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-01 08:10 - 2010-11-22 19:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-30 18:15 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2015-04-30 11:51 - 2011-03-29 04:28 - 00000000 ____D () C:\Program Files (x86)\Norton PC Checkup
2015-04-30 11:07 - 2011-06-24 17:01 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\SoftGrid Client
2015-04-30 11:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-29 18:31 - 2014-06-23 10:19 - 00000000 ____D () C:\Netgear
2015-04-29 18:31 - 2014-04-14 13:54 - 00000000 ____D () C:\Users\bmdejoe\Tracing
2015-04-29 18:31 - 2011-06-06 18:20 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\ICAClient
2015-04-29 18:31 - 2011-03-29 04:13 - 00000000 ____D () C:\ProgramData\Norton
2015-04-29 18:31 - 2010-11-22 01:38 - 00000000 ____D () C:\windows\Panther
2015-04-29 17:10 - 2009-07-14 01:08 - 00032576 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-04-29 10:15 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2015-04-29 10:14 - 2011-06-03 17:33 - 00000000 ____D () C:\Users\bmdejoe
2015-04-29 09:22 - 2011-06-04 15:20 - 00000000 ____D () C:\Users\bmdejoe\AppData\Local\CrashDumps
2015-04-29 08:48 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-29 08:45 - 2010-11-22 19:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-29 08:44 - 2010-11-22 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-04-29 08:22 - 2013-08-22 15:11 - 00000000 ____D () C:\windows\system32\MRT
2015-04-28 19:35 - 2010-11-22 19:31 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2015-04-28 19:35 - 2010-11-22 19:14 - 00000000 ____D () C:\Program Files\TOSHIBA
2015-04-28 19:32 - 2014-04-28 16:14 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-04-28 19:32 - 2014-04-28 16:13 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-04-28 11:04 - 2014-05-06 21:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-28 10:40 - 2012-06-25 09:13 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-27 13:47 - 2011-06-24 16:59 - 00776078 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-21 09:33 - 2013-12-09 08:12 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\HpUpdate
2015-04-14 20:02 - 2015-01-10 13:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 20:01 - 2015-01-10 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 20:01 - 2015-01-10 13:00 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 20:48 - 2013-12-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

==================== Files in the root of some directories =======

2015-04-29 06:38 - 2015-05-01 08:13 - 0007620 _____ () C:\Users\bmdejoe\AppData\Local\Resmon.ResmonCfg
2013-12-09 08:09 - 2013-12-09 08:09 - 0000057 _____ () C:\ProgramData\Ament.ini

Alureon:
C:\Users\bmdejoe\AppData\Local\Temp\sytwiso\shdtqen\wow.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-29 11:24

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:49 PM

Posted 05 May 2015 - 04:12 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:49 PM

Posted 13 May 2015 - 11:49 AM

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.

Thank you for your understanding.

Regards,
Georgi


cXfZ4wS.png


#4 Rammis

Rammis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Pennsylvania
  • Local time:10:49 AM

Posted 14 May 2015 - 07:10 AM

Georgi

 

I did reply to the mail you sent, I did not post..  Here it is

 

Here is the addition:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015
Ran by bmdejoe (administrator) on BMDEJOE-PC on 06-05-2015 08:50:30
Running from C:\Users\bmdejoe\Desktop
Loaded Profiles: bmdejoe (Available profiles: bmdejoe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295224 2010-07-01] (TOSHIBA Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2625537720-2756377382-489216150-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2625537720-2756377382-489216150-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2625537720-2756377382-489216150-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
SearchScopes: HKLM -> {8B5A423F-BA40-4135-8D3A-E668AAAB5EC8} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {EB72AC5A-75C3-469E-9F9F-A49706F0FDB1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2625537720-2756377382-489216150-1002 -> DefaultScope {EB72AC5A-75C3-469E-9F9F-A49706F0FDB1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-2625537720-2756377382-489216150-1002 -> {8B5A423F-BA40-4135-8D3A-E668AAAB5EC8} URL =
SearchScopes: HKU\S-1-5-21-2625537720-2756377382-489216150-1002 -> {925F3C71-0D13-46DC-B63A-8EB35D47668C} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2625537720-2756377382-489216150-1002 -> {EB72AC5A-75C3-469E-9F9F-A49706F0FDB1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2625537720-2756377382-489216150-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eihhgekonheiliaidomffpplfhecmkag] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [115056 2010-10-20] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 habqrcav; \??\C:\windows\system32\drivers\habqrcav.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 08:50 - 2015-05-06 08:51 - 00011159 _____ () C:\Users\bmdejoe\Desktop\FRST.txt
2015-05-06 08:49 - 2015-05-06 08:48 - 02101760 _____ (Farbar) C:\Users\bmdejoe\Desktop\FRST64.exe
2015-05-01 09:22 - 2015-05-06 08:50 - 00000000 ____D () C:\FRST
2015-05-01 08:50 - 2015-05-01 08:50 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\DriverCure
2015-05-01 08:16 - 2015-05-06 08:48 - 00000908 _____ () C:\windows\setupact.log
2015-05-01 08:16 - 2015-05-01 08:16 - 00000758 _____ () C:\windows\PFRO.log
2015-05-01 08:16 - 2015-05-01 08:16 - 00000000 _____ () C:\windows\setuperr.log
2015-05-01 07:22 - 2015-05-01 07:22 - 00000000 ____D () C:\Users\bmdejoe\AppData\Local\Adobe
2015-04-30 11:31 - 2015-04-30 11:31 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-04-30 11:31 - 2015-04-30 11:31 - 00001945 _____ () C:\windows\epplauncher.mif
2015-04-30 11:31 - 2015-04-30 11:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-04-30 11:30 - 2015-04-30 11:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-04-30 10:48 - 2010-11-11 15:59 - 00252712 _____ (ELAN Microelectronics Corp.) C:\windows\ETDUninst.dll
2015-04-30 09:06 - 2015-04-30 09:30 - 00000000 ___SD () C:\ComboFix
2015-04-30 08:54 - 2015-04-30 09:06 - 00000000 ___SD () C:\32788R22FWJFW
2015-04-29 18:40 - 2015-05-06 08:43 - 00198923 _____ () C:\windows\WindowsUpdate.log
2015-04-29 18:12 - 2015-04-29 18:12 - 00000448 _____ () C:\windows\Tasks\SpeedyPC Registration3.job
2015-04-29 18:12 - 2015-04-29 18:12 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\SpeedyPC Software
2015-04-29 18:11 - 2015-04-29 18:11 - 00001172 _____ () C:\Users\bmdejoe\Desktop\SpeedyPC Pro.lnk
2015-04-29 18:11 - 2015-04-29 18:11 - 00000575 _____ () C:\windows\Tasks\SpeedyPC Pro_sch_BE8418DC-EEBC-11E4-950D-CC07FB4A6E49.job
2015-04-29 18:11 - 2015-04-29 18:11 - 00000468 _____ () C:\windows\Tasks\SpeedyPC Update Version3_triggeronce.job
2015-04-29 18:11 - 2015-04-29 18:11 - 00000468 _____ () C:\windows\Tasks\SpeedyPC Update Version3.job
2015-04-29 18:11 - 2015-04-29 18:11 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
2015-04-29 18:11 - 2015-04-29 18:11 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2015-04-29 18:11 - 2015-04-29 18:11 - 00000000 ____D () C:\Program Files (x86)\SpeedyPC Software
2015-04-29 10:00 - 2015-04-30 09:12 - 00000000 ____D () C:\Qoobox
2015-04-29 10:00 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe
2015-04-29 10:00 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe
2015-04-29 10:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-04-29 10:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-04-29 10:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-04-29 10:00 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe
2015-04-29 10:00 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe
2015-04-29 10:00 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe
2015-04-29 06:38 - 2015-05-01 08:13 - 00007620 _____ () C:\Users\bmdejoe\AppData\Local\Resmon.ResmonCfg
2015-04-29 06:36 - 2015-04-30 08:36 - 00000000 ____D () C:\AdwCleaner
2015-04-28 15:09 - 2015-04-28 15:09 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-28 15:09 - 2015-04-28 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-28 15:09 - 2015-04-28 15:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-28 14:56 - 2015-04-29 10:16 - 00000000 ____D () C:\windows\erdnt
2015-04-28 11:04 - 2015-04-28 11:04 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-27 14:27 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-27 14:27 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-27 14:26 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-27 14:26 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-27 14:26 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-27 14:26 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-27 14:26 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-27 14:26 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-27 14:26 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-27 14:26 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-27 14:26 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-27 14:26 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-27 14:26 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-27 14:26 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-27 14:26 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-27 14:26 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-27 14:26 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-27 14:26 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-27 14:26 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-27 14:26 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-27 14:26 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-27 14:26 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-27 14:26 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-04-27 14:26 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-27 14:26 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-04-27 14:26 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-27 14:26 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-27 14:26 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-27 14:26 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-27 14:26 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-27 14:26 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-27 14:26 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-04-27 14:26 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-27 14:26 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-27 14:26 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-27 14:26 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-27 14:26 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-27 14:26 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-27 14:26 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-27 14:26 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-27 14:26 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-27 14:26 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-27 14:26 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-27 14:26 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-27 14:26 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-27 14:26 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-27 14:26 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-27 14:26 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-27 14:26 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-27 14:26 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-27 14:26 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-27 14:25 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-27 14:25 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-27 14:25 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-27 14:25 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-27 14:25 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-27 14:25 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-27 14:25 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-27 14:25 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-27 14:25 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-27 14:00 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-27 14:00 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-27 14:00 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-27 14:00 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-27 14:00 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-27 14:00 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-27 14:00 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-27 14:00 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-27 14:00 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-04-27 13:59 - 2015-04-27 13:59 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\Business Logic
2015-04-27 13:59 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-27 13:59 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-27 13:59 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-27 13:59 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-27 13:59 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-23 08:08 - 2015-04-23 08:08 - 00003296 ____N () C:\bootsqm.dat
2015-04-22 20:49 - 2015-05-01 08:02 - 00000000 ____D () C:\windows\Minidump
2015-04-22 06:46 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-22 06:46 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-22 06:46 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-15 08:29 - 2015-04-15 08:29 - 00000017 _____ () C:\windows\SysWOW64\shortcut_ex.dat
2015-04-08 18:06 - 2015-04-08 18:08 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-08 18:06 - 2015-04-08 18:06 - 00000000 ___SD () C:\windows\SysWOW64\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 08:50 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-06 08:48 - 2010-11-22 19:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 08:43 - 2015-01-10 13:00 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 08:43 - 2010-11-22 19:38 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 08:58 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 08:58 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 08:48 - 2015-03-31 10:28 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-05-01 08:47 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-01 08:10 - 2010-11-22 19:35 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-01 08:10 - 2010-11-22 19:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-30 18:15 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2015-04-30 11:51 - 2011-03-29 04:28 - 00000000 ____D () C:\Program Files (x86)\Norton PC Checkup
2015-04-30 11:07 - 2011-06-24 17:01 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\SoftGrid Client
2015-04-30 11:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-29 18:31 - 2014-06-23 10:19 - 00000000 ____D () C:\Netgear
2015-04-29 18:31 - 2014-04-14 13:54 - 00000000 ____D () C:\Users\bmdejoe\Tracing
2015-04-29 18:31 - 2011-06-06 18:20 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\ICAClient
2015-04-29 18:31 - 2011-03-29 04:13 - 00000000 ____D () C:\ProgramData\Norton
2015-04-29 18:31 - 2010-11-22 01:38 - 00000000 ____D () C:\windows\Panther
2015-04-29 17:10 - 2009-07-14 01:08 - 00032576 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-04-29 10:15 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2015-04-29 10:14 - 2011-06-03 17:33 - 00000000 ____D () C:\Users\bmdejoe
2015-04-29 09:22 - 2011-06-04 15:20 - 00000000 ____D () C:\Users\bmdejoe\AppData\Local\CrashDumps
2015-04-29 08:48 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-29 08:45 - 2010-11-22 19:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-29 08:44 - 2010-11-22 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-04-29 08:22 - 2013-08-22 15:11 - 00000000 ____D () C:\windows\system32\MRT
2015-04-28 19:35 - 2010-11-22 19:31 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2015-04-28 19:35 - 2010-11-22 19:14 - 00000000 ____D () C:\Program Files\TOSHIBA
2015-04-28 19:32 - 2014-04-28 16:14 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-04-28 19:32 - 2014-04-28 16:13 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-04-28 11:04 - 2014-05-06 21:41 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-28 10:40 - 2012-06-25 09:13 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-27 13:47 - 2011-06-24 16:59 - 00776078 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-21 09:33 - 2013-12-09 08:12 - 00000000 ____D () C:\Users\bmdejoe\AppData\Roaming\HpUpdate
2015-04-14 20:02 - 2015-01-10 13:00 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 20:01 - 2015-01-10 13:00 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 20:01 - 2015-01-10 13:00 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 20:48 - 2013-12-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

==================== Files in the root of some directories =======

2015-04-29 06:38 - 2015-05-01 08:13 - 0007620 _____ () C:\Users\bmdejoe\AppData\Local\Resmon.ResmonCfg
2013-12-09 08:09 - 2013-12-09 08:09 - 0000057 _____ () C:\ProgramData\Ament.ini

Alureon:
C:\Users\bmdejoe\AppData\Local\Temp\sytwiso\shdtqen\wow.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-29 11:24

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   28.87KB   0 downloads


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:49 PM

Posted 14 May 2015 - 05:29 PM

Hi,

 

I didn't send you an e-mail?

 

Please go ahead and uninstall the following programs from the Control Panel:

 

SpeedyPC Pro

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let me know how are things after the fix above.

 

 

Regards,

Georgi


cXfZ4wS.png


#6 Rammis

Rammis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Pennsylvania
  • Local time:10:49 AM

Posted 15 May 2015 - 07:05 AM

Morning Georgi 

 

I downloaded the file, but only got 1 file.  I used the last frst64 I downloaded the 1st time.  Ran scan & fix /w your parameter file.

 

Performance seems to be much better...

 

Attached is the fixlog.  Please let me know your thoughts.

 

Regards

 

Dick

 

 

Attached Files



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:49 PM

Posted 15 May 2015 - 07:27 AM

Hi,

 

Let's check for malware leftovers:

 

 

STEP 1

 

 

Please download Malwarebytes Anti-Malware 2.1.6.1022 Final to your desktop.
 

  • Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 2

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

6-scanfin-choose.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

Note: Programdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

 

STEP 3

 

 

emsisoft_emergency_kit.pnglogo.png

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Full Scan. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please copy and paste the content of the report in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:49 PM

Posted 20 May 2015 - 12:55 AM

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.
Thank you for your understanding!


Regards,
Georgi


cXfZ4wS.png


#9 Rammis

Rammis
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Eastern Pennsylvania
  • Local time:10:49 AM

Posted 22 May 2015 - 07:03 AM

Georgi

 

The "Fix" & running the other utilities appear to have solved the issue of 100 % utilization.  It still hits 100, but comes back down & continues to process.  There are also a 'normal' number of processes running in background.

 

Thank you for the assistance.  I continue to support the group's efforts.

 

Regards

 

Richard



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:49 PM

Posted 22 May 2015 - 10:40 AM

Hi,

 

I am glad to hear there is an improvement. However it is still recommended to proceed with the steps above just in case.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:49 PM

Posted 25 May 2015 - 03:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users