schmijon

Gringo, Read your last post and am in the process of removing unwanted/unnecessary programs and securing the laptop. I'll report back in the next day or two to let you know how everything is running, Thanks so much for all your help.

C:\Qoobox\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe.vir Win32/SpeedUpMyPC application C:\Qoobox\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\spnotifier.exe.vir Win32/SpeedUpMyPC application C:\Qoobox\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\sp_move_serial.exe.vir Win32/SpeedUpMyPC application C:\Qoobox\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe.vir Win32/SpeedUpMyPC application C:\Users\eccastillo3\Downloads\FoxitReader602.0413_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask.C application

in trying to delete Srongvault Online Backup, an error message saying no valid source code could be found, Installer could not continue. Used CCleaner and revo Uninstaller. everything else seems ok so far. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.22.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 eccastillo3 :: ECCASTILLO3-PC [administrator] Protection: Enabled 5/21/2013 10:29:48 PM mbam-log-2013-05-21 (22-29-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 220537 Time elapsed: 2 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:35:06 PM, on 5/21/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16483) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Users\ECCAST~1\AppData\Local\Temp\~nsu.tmp\Au_.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\eccastillo3\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (file missing) O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - Startup: StrongVaultApp.lnk = eccastillo3\AppData\Local\Strongvault\StrongVaultApp.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {826DE67A-B4C5-4FF8-825F-F63BA8EF47B0} (NetCamCtl.NetCamControl) - https://www.alarm.com/web/Video/NetCamCtl.CAB O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing) O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12083 bytes

apparently is a chrome extension. set google as default search deleted delta search restarted chrome all appears ok

correction: when highlighting text on a webpage, and right clicking on it, option to search delta search IS STILL PRESENT

started up laptop, uniblue speedupmypc2013 still present noticed when i highlight text and right click on it, there is an option to search via delta-search ran combofix with script log follows rebooted laptop no sign of uniblue speedupmypc2013 no delta search option when right clicking on highlighted text laptop appears to be ok. ComboFix 13-05-21.01 - eccastillo3 05/21/2013 21:01:44.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2240 [GMT -4:00] Running from: c:\users\eccastillo3\Desktop\ComboFix.exe Command switches used :: c:\users\eccastillo3\Desktop\CFScript.txt AV: Kaspersky Anti-Virus *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\LyricsTube c:\program files (x86)\Strongvault Online Backup c:\program files (x86)\Strongvault Online Backup\BackupAgent.exe c:\program files (x86)\Strongvault Online Backup\BBV.Framework.dll c:\program files (x86)\Strongvault Online Backup\Environment.Identification.dll c:\program files (x86)\Strongvault Online Backup\Infrastructure.Helpers.dll c:\program files (x86)\Strongvault Online Backup\Infrastructure.Metadata.dll c:\program files (x86)\Strongvault Online Backup\Infrastructure.Models.dll c:\program files (x86)\Strongvault Online Backup\System.ComponentModel.Composition.dll c:\program files (x86)\Uniblue c:\program files (x86)\Uniblue\SpeedUpMyPC\cwebpage.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\icons.mht c:\program files (x86)\Uniblue\SpeedUpMyPC\InstallerExtensions.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\intermediate_views.dat c:\program files (x86)\Uniblue\SpeedUpMyPC\latest_scan_results.xsl c:\program files (x86)\Uniblue\SpeedUpMyPC\Launcher.exe c:\program files (x86)\Uniblue\SpeedUpMyPC\library.dat c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\br\br.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\br\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\de\de.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\dk\dk.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\dk\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\en\en.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\es\es.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fi\fi.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fr\fr.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\it\it.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\jp\jp.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\jp\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\nl\nl.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\no\no.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\ru\ru.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\se\LC_MESSAGES\messages.mo c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\se\se.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT.manifest c:\program files (x86)\Uniblue\SpeedUpMyPC\msvcp90.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\msvcr90.dll c:\program files (x86)\Uniblue\SpeedUpMyPC\repair_transform.xsl c:\program files (x86)\Uniblue\SpeedUpMyPC\sp_move_serial.exe c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe c:\program files (x86)\Uniblue\SpeedUpMyPC\spnotifier.exe c:\program files (x86)\Uniblue\SpeedUpMyPC\sump.exe c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\comtypes.txt c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\cwebpage.dll.html c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\decorator.py.txt c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\ordereddict.py.txt c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\py2exe.txt c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\python-changes.txt c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\python.txt c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\simplejson.txt c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\wmi.txt c:\program files (x86)\Uniblue\SpeedUpMyPC\unins000.dat c:\program files (x86)\Uniblue\SpeedUpMyPC\unins000.exe c:\program files (x86)\Uniblue\SpeedUpMyPC\unins000.msg c:\program files (x86)\Uniblue\SpeedUpMyPC\views.dat c:\users\eccastillo3\AppData\Local\Strongvault Online Backup c:\users\eccastillo3\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.ApplicationUpdate.dll c:\users\eccastillo3\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.Backup.dll c:\users\eccastillo3\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.ClientMessaging.dll c:\users\eccastillo3\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.Delay.dll c:\users\eccastillo3\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.NotificationUpdate.dll c:\users\eccastillo3\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.SchedulerPlugInUpdate.dll c:\users\eccastillo3\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.SystemNotification.dll c:\users\eccastillo3\AppData\Roaming\Uniblue c:\users\eccastillo3\AppData\Roaming\Uniblue\SpeedUpMyPC\backup\20130513.192353.zip c:\users\eccastillo3\AppData\Roaming\Uniblue\SpeedUpMyPC\error.log c:\users\eccastillo3\AppData\Roaming\Uniblue\SpeedUpMyPC\history\20130513-192226_repair.xml c:\users\eccastillo3\AppData\Roaming\Uniblue\SpeedUpMyPC\history\latest_scan_results.xml c:\users\eccastillo3\AppData\Roaming\Uniblue\SpeedUpMyPC\last_scan_results.dat c:\users\eccastillo3\AppData\Roaming\Uniblue\SpeedUpMyPC\monitor.log c:\users\eccastillo3\AppData\Roaming\Uniblue\SpeedUpMyPC\settings.dat c:\users\eccastillo3\AppData\Roaming\Uniblue\SpeedUpMyPC\state.sqlite . . ((((((((((((((((((((((((( Files Created from 2013-04-22 to 2013-05-22 ))))))))))))))))))))))))))))))) . . 2013-05-22 01:08 . 2013-05-22 01:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-05-22 01:08 . 2013-05-22 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-22 01:00 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{234058E4-3DC0-40E1-AA39-E57B41222CA6}\mpengine.dll 2013-05-21 02:10 . 2013-05-21 02:10 -------- d-----w- c:\users\eccastillo3\AppData\Local\ Online Backup 2013-05-20 22:19 . 2013-05-20 22:19 -------- d-----w- c:\windows\ERUNT 2013-05-20 22:19 . 2013-05-20 22:19 -------- d-----w- C:\JRT 2013-05-20 22:14 . 2013-05-20 22:15 149 ----a-w- c:\windows\DeleteOnReboot.bat 2013-05-20 03:50 . 2013-05-20 03:50 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\Malwarebytes 2013-05-20 03:50 . 2013-05-20 03:50 -------- d-----w- c:\programdata\Malwarebytes 2013-05-20 03:50 . 2013-05-20 03:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-05-20 03:50 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-15 13:05 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-15 13:05 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-15 13:05 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-14 19:34 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-14 19:34 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-14 19:34 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-14 19:33 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-14 19:33 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-14 19:33 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-14 19:33 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-14 19:33 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-14 19:33 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-14 19:33 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-14 19:33 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-14 19:33 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-13 22:01 . 2013-05-13 22:01 -------- d-----w- c:\users\eccastillo3\AppData\Local\SoftGrid Client 2013-05-13 21:01 . 2013-05-13 21:01 -------- d-----w- c:\windows\SysWow64\searchplugins 2013-05-13 21:01 . 2013-05-13 21:01 -------- d-----w- c:\windows\SysWow64\Extensions 2013-05-13 21:00 . 2012-12-19 19:53 19632 ----a-w- c:\windows\system32\roboot64.exe 2013-05-13 21:00 . 2013-05-13 21:00 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\PlusWinks 2013-05-05 10:33 . 2013-05-05 10:33 -------- d-----w- c:\programdata\Yahoo! 2013-05-05 10:33 . 2013-05-13 23:12 -------- d-----w- c:\programdata\Yahoo! Companion 2013-05-05 10:33 . 2013-05-05 10:33 -------- d-----w- c:\program files (x86)\Yahoo! 2013-05-05 10:33 . 2013-05-05 10:33 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\Yahoo! 2013-05-04 01:58 . 2013-05-04 01:58 -------- d-----w- c:\program files (x86)\MSXML 4.0 2013-05-02 20:37 . 2013-05-02 20:37 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\player 2013-05-02 20:37 . 2013-05-02 20:37 -------- d-----w- c:\program files (x86)\Tuguu SL 2013-05-02 20:32 . 2013-05-02 20:32 -------- d-----w- c:\program files (x86)\LessTabs 2013-05-02 19:02 . 2013-05-02 19:02 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-04-28 13:19 . 2013-05-15 13:06 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-04-24 12:28 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-20 04:02 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-15 17:22 . 2012-07-03 11:30 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 17:22 . 2011-11-03 06:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-14 19:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-14 19:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-14 19:34 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-14 19:34 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-14 19:34 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-14 19:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-19 06:04 . 2013-04-10 12:18 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 12:18 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 12:18 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 12:18 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 12:18 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 12:18 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-05-01 1500952] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{364ea597-e728-4ce4-bb4a-ed846ef47970}"= "c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll" [bU] . [HKEY_CLASSES_ROOT\clsid\{364ea597-e728-4ce4-bb4a-ed846ef47970}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2012-12-10 206120] . c:\users\eccastillo3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ StrongVaultApp.lnk - c:\users\eccastillo3\AppData\Local\Strongvault\StrongVaultApp.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-08-03 352248] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-02 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2013-03-29 132056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-12-10 206120] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-12-10 185640] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824] S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912] S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys [2012-04-28 488568] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-25 451192] S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120] S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072] S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 12:07 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 17:22] . 2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34] . 2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = 192.168.1.1 DPF: {826DE67A-B4C5-4FF8-825F-F63BA8EF47B0} - hxxps://www.alarm.com/web/Video/NetCamCtl.CAB . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-BackupAgent - c:\program files (x86)\Strongvault Online Backup\BackupAgent.exe AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe AddRemove-InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe AddRemove-InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe AddRemove-singalong@xenophesoft.com - c:\program files (x86)\SingAlong\uninstall.exe AddRemove-verizontb - c:\program files (x86)\verizontb\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-21 21:11:33 ComboFix-quarantined-files.txt 2013-05-22 01:11 ComboFix2.txt 2013-05-21 03:07 ComboFix3.txt 2013-05-21 02:01 . Pre-Run: 570,832,379,904 bytes free Post-Run: 571,227,222,016 bytes free . - - End Of File - - 4FE0F20B31F4FD691FE843B820792C6A

forgot to add that uniblue speedupmypc 2013 still active

ComboFix 13-05-20.01 - eccastillo3 05/20/2013 22:41:05.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2309 [GMT -4:00] Running from: c:\users\eccastillo3\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-04-21 to 2013-05-21 ))))))))))))))))))))))))))))))) . . 2013-05-21 02:50 . 2013-05-21 02:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-05-21 02:50 . 2013-05-21 02:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-21 02:10 . 2013-05-21 02:10 -------- d-----w- c:\users\eccastillo3\AppData\Local\ Online Backup 2013-05-20 22:19 . 2013-05-20 22:19 -------- d-----w- c:\windows\ERUNT 2013-05-20 22:19 . 2013-05-20 22:19 -------- d-----w- C:\JRT 2013-05-20 22:14 . 2013-05-20 22:15 149 ----a-w- c:\windows\DeleteOnReboot.bat 2013-05-20 03:50 . 2013-05-20 03:50 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\Malwarebytes 2013-05-20 03:50 . 2013-05-20 03:50 -------- d-----w- c:\programdata\Malwarebytes 2013-05-20 03:50 . 2013-05-20 03:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-05-20 03:50 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-17 12:16 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1106DF2D-2FCF-4060-A4A8-09297CD06702}\mpengine.dll 2013-05-15 13:05 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-15 13:05 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-15 13:05 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-14 19:34 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-14 19:34 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-14 19:34 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-14 19:33 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-14 19:33 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-14 19:33 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-14 19:33 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-14 19:33 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-14 19:33 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-14 19:33 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-14 19:33 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-14 19:33 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-13 22:01 . 2013-05-13 22:01 -------- d-----w- c:\users\eccastillo3\AppData\Local\SoftGrid Client 2013-05-13 21:01 . 2013-05-13 21:01 -------- d-----w- c:\windows\SysWow64\searchplugins 2013-05-13 21:01 . 2013-05-13 21:01 -------- d-----w- c:\windows\SysWow64\Extensions 2013-05-13 21:00 . 2012-12-19 19:53 19632 ----a-w- c:\windows\system32\roboot64.exe 2013-05-13 21:00 . 2013-05-13 21:00 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\PlusWinks 2013-05-05 14:57 . 2013-05-05 14:57 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\Uniblue 2013-05-05 14:57 . 2013-05-05 14:57 -------- d-----w- c:\program files (x86)\Uniblue 2013-05-05 14:57 . 2013-05-10 16:49 -------- d-----w- c:\program files (x86)\LyricsTube 2013-05-05 10:33 . 2013-05-05 10:33 -------- d-----w- c:\programdata\Yahoo! 2013-05-05 10:33 . 2013-05-13 23:12 -------- d-----w- c:\programdata\Yahoo! Companion 2013-05-05 10:33 . 2013-05-05 10:33 -------- d-----w- c:\program files (x86)\Yahoo! 2013-05-05 10:33 . 2013-05-05 10:33 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\Yahoo! 2013-05-04 01:58 . 2013-05-04 01:58 -------- d-----w- c:\program files (x86)\MSXML 4.0 2013-05-02 20:37 . 2013-05-02 20:37 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\player 2013-05-02 20:37 . 2013-05-02 20:37 -------- d-----w- c:\program files (x86)\Tuguu SL 2013-05-02 20:32 . 2013-05-20 22:22 -------- d-----w- c:\users\eccastillo3\AppData\Local\Strongvault Online Backup 2013-05-02 20:32 . 2013-05-20 22:22 -------- d-----w- c:\program files (x86)\Strongvault Online Backup 2013-05-02 20:32 . 2013-05-02 20:32 -------- d-----w- c:\program files (x86)\LessTabs 2013-05-02 19:02 . 2013-05-02 19:02 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-04-28 13:19 . 2013-05-15 13:06 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-04-24 12:28 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-20 04:02 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-15 17:22 . 2012-07-03 11:30 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 17:22 . 2011-11-03 06:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-14 19:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-14 19:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-14 19:34 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-14 19:34 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-14 19:34 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-14 19:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-19 06:04 . 2013-04-10 12:18 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 12:18 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 12:18 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 12:18 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 12:18 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 12:18 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-05-01 1500952] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{364ea597-e728-4ce4-bb4a-ed846ef47970}"= "c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll" [bU] . [HKEY_CLASSES_ROOT\clsid\{364ea597-e728-4ce4-bb4a-ed846ef47970}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024] "BackupAgent"="c:\program files (x86)\Strongvault Online Backup\BackupAgent.exe" [2013-03-19 197448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2012-12-10 206120] . c:\users\eccastillo3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ StrongVaultApp.lnk - c:\users\eccastillo3\AppData\Local\Strongvault\StrongVaultApp.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-02 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-08-03 352248] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2013-03-29 132056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-12-10 206120] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-12-10 185640] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824] S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912] S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys [2012-04-28 488568] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-25 451192] S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120] S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072] S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 12:07 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 17:22] . 2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34] . 2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34] . 2013-05-21 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files (x86)\Uniblue\SpeedUpMyPC\sump.exe [2013-05-05 15:51] . 2013-05-21 c:\windows\Tasks\spmonitor.job - c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-05-05 15:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = 192.168.1.1 DPF: {826DE67A-B4C5-4FF8-825F-F63BA8EF47B0} - hxxps://www.alarm.com/web/Video/NetCamCtl.CAB . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe AddRemove-InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe AddRemove-InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe AddRemove-singalong@xenophesoft.com - c:\program files (x86)\SingAlong\uninstall.exe AddRemove-verizontb - c:\program files (x86)\verizontb\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-20 23:07:25 ComboFix-quarantined-files.txt 2013-05-21 03:07 ComboFix2.txt 2013-05-21 02:01 . Pre-Run: 570,999,988,224 bytes free Post-Run: 570,906,804,224 bytes free . - - End Of File - - A32B89437B253682A6C8B7FACB4CD843

uniblue speedupmypc 2013 still present ran combofix laptop restarted uniblue speedupmypc2013 ran while combofix was running/finishing up laptop restarted again tried to run google chrome and IE - both were marked for deletion, would not run ran system restore to point created by combofix log follows ComboFix 13-05-20.01 - eccastillo3 05/20/2013 21:46:43.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2369 [GMT -4:00] Running from: c:\users\eccastillo3\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\eccastillo3\Desktop\Search.lnk . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2013-04-21 to 2013-05-21 ))))))))))))))))))))))))))))))) . . 2013-05-20 22:19 . 2013-05-20 22:19 -------- d-----w- c:\windows\ERUNT 2013-05-20 22:19 . 2013-05-20 22:19 -------- d-----w- C:\JRT 2013-05-20 22:14 . 2013-05-20 22:15 149 ----a-w- c:\windows\DeleteOnReboot.bat 2013-05-20 03:50 . 2013-05-20 03:50 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\Malwarebytes 2013-05-20 03:50 . 2013-05-20 03:50 -------- d-----w- c:\programdata\Malwarebytes 2013-05-20 03:50 . 2013-05-20 03:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-05-20 03:50 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-17 12:16 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1106DF2D-2FCF-4060-A4A8-09297CD06702}\mpengine.dll 2013-05-15 13:05 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-15 13:05 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-15 13:05 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-14 19:34 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-14 19:34 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-14 19:34 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-14 19:33 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-14 19:33 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-14 19:33 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-14 19:33 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-14 19:33 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-14 19:33 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-14 19:33 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-14 19:33 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-14 19:33 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-13 22:01 . 2013-05-13 22:01 -------- d-----w- c:\users\eccastillo3\AppData\Local\SoftGrid Client 2013-05-13 21:01 . 2013-05-13 21:01 -------- d-----w- c:\windows\SysWow64\searchplugins 2013-05-13 21:01 . 2013-05-13 21:01 -------- d-----w- c:\windows\SysWow64\Extensions 2013-05-13 21:00 . 2012-12-19 19:53 19632 ----a-w- c:\windows\system32\roboot64.exe 2013-05-13 21:00 . 2013-05-13 21:00 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\PlusWinks 2013-05-05 14:57 . 2013-05-05 14:57 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\Uniblue 2013-05-05 14:57 . 2013-05-05 14:57 -------- d-----w- c:\program files (x86)\Uniblue 2013-05-05 14:57 . 2013-05-10 16:49 -------- d-----w- c:\program files (x86)\LyricsTube 2013-05-05 10:33 . 2013-05-05 10:33 -------- d-----w- c:\programdata\Yahoo! 2013-05-05 10:33 . 2013-05-13 23:12 -------- d-----w- c:\programdata\Yahoo! Companion 2013-05-05 10:33 . 2013-05-05 10:33 -------- d-----w- c:\program files (x86)\Yahoo! 2013-05-05 10:33 . 2013-05-05 10:33 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\Yahoo! 2013-05-04 01:58 . 2013-05-04 01:58 -------- d-----w- c:\program files (x86)\MSXML 4.0 2013-05-02 20:37 . 2013-05-02 20:37 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\player 2013-05-02 20:37 . 2013-05-02 20:37 -------- d-----w- c:\program files (x86)\Tuguu SL 2013-05-02 20:32 . 2013-05-20 22:22 -------- d-----w- c:\users\eccastillo3\AppData\Local\Strongvault Online Backup 2013-05-02 20:32 . 2013-05-20 22:22 -------- d-----w- c:\program files (x86)\Strongvault Online Backup 2013-05-02 20:32 . 2013-05-02 20:32 -------- d-----w- c:\program files (x86)\LessTabs 2013-05-02 19:02 . 2013-05-02 19:02 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-04-28 13:19 . 2013-05-15 13:06 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-04-24 12:28 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-20 04:02 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-15 17:22 . 2012-07-03 11:30 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 17:22 . 2011-11-03 06:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-14 19:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-14 19:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-14 19:34 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-14 19:34 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-14 19:34 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-14 19:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-19 06:04 . 2013-04-10 12:18 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 12:18 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 12:18 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 12:18 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 12:18 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 12:18 112640 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-05-01 1500952] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024] "BackupAgent"="c:\program files (x86)\Strongvault Online Backup\BackupAgent.exe" [2013-03-19 197448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2012-12-10 206120] . c:\users\eccastillo3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ StrongVaultApp.lnk - c:\users\eccastillo3\AppData\Local\Strongvault\StrongVaultApp.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-02 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-08-03 352248] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2013-03-29 132056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-12-10 206120] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-12-10 185640] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824] S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912] S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys [2012-04-28 488568] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-25 451192] S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120] S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072] S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 12:07 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 17:22] . 2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34] . 2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34] . 2013-05-21 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files (x86)\Uniblue\SpeedUpMyPC\sump.exe [2013-05-05 15:51] . 2013-05-21 c:\windows\Tasks\spmonitor.job - c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-05-05 15:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = 192.168.1.1 DPF: {826DE67A-B4C5-4FF8-825F-F63BA8EF47B0} - hxxps://www.alarm.com/web/Video/NetCamCtl.CAB . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-{364ea597-e728-4ce4-bb4a-ed846ef47970} - c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe Toolbar-Locked - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe AddRemove-InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe AddRemove-InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe AddRemove-singalong@xenophesoft.com - c:\program files (x86)\SingAlong\uninstall.exe AddRemove-verizontb - c:\program files (x86)\verizontb\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-05-20 22:01:26 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-21 02:01 . Pre-Run: 570,576,248,832 bytes free Post-Run: 570,620,612,608 bytes free . - - End Of File - - 5602A69429067B8C5B0D8BE512FF33E3

still have pc performer malware, "scanning" system and offering paid service to clean up. IE now opens without the delta-search.com webpage which I could previously not get rid of. certain keywords on webpages are double underlined and hovering over them produces an ad, unsure if that's due to website itself or an issue that still needs cleaning up. thank you. # AdwCleaner v2.301 - Logfile created 05/20/2013 at 18:14:36 # Updated 16/05/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : eccastillo3 - ECCASTILLO3-PC # Boot Mode : Normal # Running from : C:\Users\eccastillo3\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : BrowserProtect Stopped & Deleted : DefaultTabSearch Stopped & Deleted : DefaultTabUpdate ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\MapsGalaxy_39 Deleted on reboot : C:\ProgramData\BrowserProtect File Deleted : C:\END File Deleted : C:\Users\eccastillo3\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data File Deleted : C:\Users\eccastillo3\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences File Deleted : C:\windows\Tasks\PC Performer_DEFAULT.job File Deleted : C:\windows\Tasks\SpeedUpMyPC.job Folder Deleted : C:\Program Files (x86)\DefaultTab Folder Deleted : C:\Program Files (x86)\Delta Folder Deleted : C:\Program Files (x86)\Inbox Toolbar Folder Deleted : C:\Program Files (x86)\Optimizer Pro Folder Deleted : C:\Program Files (x86)\SingAlong Folder Deleted : C:\Program Files (x86)\Smiley Bar for Facebook Folder Deleted : C:\Program Files (x86)\Speed Analysis 2 Folder Deleted : C:\Program Files (x86)\verizontb Folder Deleted : C:\Program Files\DomaIQ Uninstaller Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro Folder Deleted : C:\Users\eccastillo3\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf Folder Deleted : C:\Users\eccastillo3\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Folder Deleted : C:\Users\eccastillo3\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Folder Deleted : C:\Users\eccastillo3\AppData\Local\MapsGalaxy_39 Folder Deleted : C:\Users\eccastillo3\AppData\Local\SwvUpdater Folder Deleted : C:\Users\eccastillo3\AppData\LocalLow\Delta Folder Deleted : C:\Users\eccastillo3\AppData\LocalLow\Inbox Toolbar Folder Deleted : C:\Users\eccastillo3\AppData\LocalLow\MapsGalaxy_39 Folder Deleted : C:\Users\eccastillo3\AppData\LocalLow\verizontb Folder Deleted : C:\Users\eccastillo3\AppData\Roaming\BabSolution Folder Deleted : C:\Users\eccastillo3\AppData\Roaming\Babylon Folder Deleted : C:\Users\eccastillo3\AppData\Roaming\DefaultTab Folder Deleted : C:\Users\eccastillo3\AppData\Roaming\Delta Folder Deleted : C:\Users\eccastillo3\AppData\Roaming\file scout Folder Deleted : C:\Users\eccastillo3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect Folder Deleted : C:\Users\eccastillo3\AppData\Roaming\Optimizer Pro Folder Deleted : C:\Users\eccastillo3\AppData\Roaming\PerformerSoft Folder Deleted : C:\Users\eccastillo3\AppData\Roaming\SpeedAnalysis2 Folder Deleted : C:\windows\Installer\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF} ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\DefaultTab Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\Inbox Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DBB6CE-3148-4FEC-B481-103CB3290427} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96673559-E653-4CDC-8923-F89347A952C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DBB6CE-3148-4FEC-B481-103CB3290427} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96673559-E653-4CDC-8923-F89347A952C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811} Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\PerformerSoft Key Deleted : HKCU\Software\d558c8bb23ceb46 Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1 Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1 Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404 Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\DefaultTab Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\Software\Inbox Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin Key Deleted : HKLM\Software\PerformerSoft Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{18DBB6CE-3148-4FEC-B481-103CB3290427} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6492E171-2427-4932-B414-33574A089F5E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96673559-E653-4CDC-8923-F89347A952C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Key Deleted : HKLM\SOFTWARE\Wow6432Node\d558c8bb23ceb46 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DBB6CE-3148-4FEC-B481-103CB3290427} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96673559-E653-4CDC-8923-F89347A952C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8D96645-337C-419B-8792-B6C126145811} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Smiley Bar for Facebook Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Speed Analysis 2 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKU\S-1-5-21-1862075508-1124187587-1170079631-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [singalong@xenophesoft.com] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [inboxToolbar] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MapsGalaxy Search Scope Monitor] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [39ffxtbr@MapsGalaxy_39.com] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F8D96645-337C-419B-8792-B6C126145811}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\eccastillo3\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [20768 octets] - [20/05/2013 18:14:36] ########## EOF - C:\AdwCleaner[s1].txt - [20829 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by eccastillo3 on Mon 05/20/2013 at 18:19:57.23 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] mapsgalaxy_39service Successfully deleted: [service] mapsgalaxy_39service ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mapsgalaxy_39 browser plugin loader Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smessaging Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\performersoft Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5CD68B07-E4FE-4D60-89DA-1B9A37250C45} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2} ~~~ Files Successfully deleted: [File] C:\windows\syswow64\sho279B.tmp Successfully deleted: [File] C:\windows\syswow64\sho3234.tmp Successfully deleted: [File] C:\windows\syswow64\sho8485.tmp Successfully deleted: [File] C:\windows\syswow64\sho8DA4.tmp Successfully deleted: [File] C:\windows\syswow64\shoB2F3.tmp Successfully deleted: [File] C:\windows\syswow64\shoFAE7.tmp ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\browserprotect" Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup" Successfully deleted: [Folder] "C:\Users\eccastillo3\AppData\Roaming\pccustubinstaller" Successfully deleted: [Folder] "C:\Users\eccastillo3\AppData\Roaming\performersoft" Successfully deleted: [Folder] "C:\Users\eccastillo3\AppData\Roaming\strongvault" Successfully deleted: [Folder] "C:\Users\eccastillo3\appdata\local\iac" Successfully deleted: [Folder] "C:\Users\eccastillo3\appdata\local\strongvault" Failed to delete: [Folder] "C:\Users\eccastillo3\appdata\local\strongvault online backup" Successfully deleted: [Folder] "C:\Users\eccastillo3\appdata\locallow\iac" Successfully deleted: [Folder] "C:\Program Files (x86)\mapsgalaxy_39" Failed to delete: [Folder] "C:\Program Files (x86)\pc checkup" Successfully deleted: [Folder] "C:\Program Files (x86)\pc performer" Failed to delete: [Folder] "C:\Program Files (x86)\strongvault online backup" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc performer" Successfully deleted: [Folder] "C:\Users\eccastillo3\AppData\Roaming\microsoft\windows\start menu\programs\strongvault online backup" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 05/20/2013 at 18:25:57.69 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16483 Run by eccastillo3 at 0:05:51 on 2013-05-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1325 [GMT -4:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Kaspersky Anti-Virus *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\windows\SysWOW64\schtasks.exe C:\Users\eccastillo3\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe C:\windows\system32\taskhost.exe C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\PC Performer\PCPerformer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\rundll32.exe C:\windows\sysWOW64\wbem\wmiprvse.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe C:\windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Inbox Toolbar\Inbox.exe C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe C:\Users\eccastillo3\AppData\Local\Strongvault Online Backup\SMessaging.exe C:\Users\eccastillo3\AppData\Local\Strongvault\StrongVaultApp.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\sppsvc.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\taskhost.exe C:\windows\system32\SearchFilterHost.exe \\?\C:\windows\system32\wbem\WMIADAP.EXE C:\windows\servicing\TrustedInstaller.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y uProxyOverride = <local> uURLSearchHooks: <No Name>: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll BHO: Speed Analysis 2: {18DBB6CE-3148-4FEC-B481-103CB3290427} - C:\Program Files (x86)\Speed Analysis 2\ScriptHost.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll BHO: Smiley Bar for Facebook: {4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll BHO: Sing Along: {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files (x86)\SingAlong\singalng.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll BHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\eccastillo3\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe uRun: [backupAgent] C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM mRun: [inboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP mRun: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h mRun: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe mRun: [sMessaging] "C:\Users\eccastillo3\AppData\Local\Strongvault Online Backup\SMessaging.exe" StartupFolder: C:\Users\ECCAST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\eccastillo3\AppData\Local\Strongvault\StrongVaultApp.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll DPF: {826DE67A-B4C5-4FF8-825F-F63BA8EF47B0} - hxxps://www.alarm.com/web/Video/NetCamCtl.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{980ED360-C148-4614-B92D-6BD0388A26A6} : DHCPNameServer = 192.168.1.1 Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: klogon - C:\windows\System32\klogon.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2009-9-8 87600] R1 kl2;kl2;C:\windows\System32\drivers\kl2.sys [2011-3-4 11864] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2011-3-10 29488] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-25 202296] R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-5-13 2787280] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\eccastillo3\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-5-2 107520] R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248] R2 MapsGalaxy_39Service;MapsGalaxyService;C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [2013-3-30 42504] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-19 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-19 701512] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-6 138272] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-8 132056] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-20 126392] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-12-10 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-12-10 185640] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-20 2656280] R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-8 1160824] R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-6 167072] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-29 138912] R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSviA64.sys [2012-5-12 488568] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2009-11-3 22544] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-5-19 25928] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-12-20 38096] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-12-20 1109096] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-6 451192] R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-6 1129120] R3 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-6 190072] R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-6 405624] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-12-20 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-11 572928] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-20 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-12-20 307304] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-2 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-05-20 03:50:46 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\Malwarebytes 2013-05-20 03:50:34 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-20 03:50:33 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-05-20 03:50:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-17 12:16:17 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1106DF2D-2FCF-4060-A4A8-09297CD06702}\mpengine.dll 2013-05-15 13:05:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-05-15 13:05:54 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2013-05-14 19:34:12 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys 2013-05-14 19:34:12 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys 2013-05-14 19:34:12 144384 ----a-w- C:\windows\System32\cdd.dll 2013-05-14 19:33:49 1930752 ----a-w- C:\windows\System32\authui.dll 2013-05-14 19:33:45 70144 ----a-w- C:\windows\System32\appinfo.dll 2013-05-14 19:33:45 1796096 ----a-w- C:\windows\SysWow64\authui.dll 2013-05-14 19:33:45 111448 ----a-w- C:\windows\System32\consent.exe 2013-05-14 19:33:37 48640 ----a-w- C:\windows\System32\wwanprotdim.dll 2013-05-14 19:33:37 3153920 ----a-w- C:\windows\System32\win32k.sys 2013-05-14 19:33:37 230400 ----a-w- C:\windows\System32\wwansvc.dll 2013-05-13 22:01:32 -------- d-----w- C:\Users\eccastillo3\AppData\Local\SoftGrid Client 2013-05-13 21:01:40 -------- d-----w- C:\windows\SysWow64\searchplugins 2013-05-13 21:01:40 -------- d-----w- C:\windows\SysWow64\Extensions 2013-05-13 21:01:27 -------- d-----w- C:\ProgramData\BrowserProtect 2013-05-13 21:01:07 -------- d-----w- C:\Program Files (x86)\Delta 2013-05-10 16:49:38 -------- d-----w- C:\Program Files (x86)\SingAlong 2013-05-05 14:57:28 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\Uniblue 2013-05-05 14:57:28 -------- d-----w- C:\Program Files (x86)\Uniblue 2013-05-05 14:57:21 -------- d-----w- C:\Program Files (x86)\LyricsTube 2013-05-05 10:35:00 -------- d-----w- C:\Users\eccastillo3\AppData\Local\IAC 2013-05-05 10:33:56 -------- d-----w- C:\Program Files (x86)\Yahoo! 2013-05-04 01:58:07 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2013-05-02 20:39:02 -------- d-----w- C:\Program Files\DomaIQ Uninstaller 2013-05-02 20:37:41 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\player 2013-05-02 20:37:41 -------- d-----w- C:\Program Files (x86)\Tuguu SL 2013-05-02 20:33:48 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\Strongvault 2013-05-02 18:33:25 0 ----a-w- C:\windows\SysWow64\sho8DA4.tmp 2013-04-24 12:28:37 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys 2013-04-21 01:35:23 -------- d-----w- C:\Users\eccastillo3\AppData\Local\Wild Tangent 2013-04-21 01:33:50 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\WildTangent 2013-04-20 14:12:14 0 ----a-w- C:\windows\SysWow64\shoB2F3.tmp . ==================== Find3M ==================== . 2013-05-15 17:22:26 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 17:22:26 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-05-02 06:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-04-11 08:45:25 0 ----a-w- C:\windows\SysWow64\sho279B.tmp 2013-04-05 01:08:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2013-04-05 01:00:30 1392128 ----a-w- C:\windows\System32\wininet.dll 2013-04-05 00:59:24 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2013-04-05 00:56:16 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2013-04-05 00:55:47 599040 ----a-w- C:\windows\System32\vbscript.dll 2013-04-04 22:11:34 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-04-04 22:02:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2013-04-04 22:02:17 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2013-04-04 21:58:51 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2013-04-04 21:57:45 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe . ============= FINISH: 0:08:21.66 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/15/2012 4:06:23 PM System Uptime: 5/20/2013 12:00:24 AM (0 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU1 | 2300/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 580 GiB total, 529.1 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Lexmark X422 Device ID: ROOT\IMAGE\0000 Manufacturer: Lexmark Name: Lexmark X422 PNP Device ID: ROOT\IMAGE\0000 Service: usbscan . ==== System Restore Points =================== . RP89: 4/23/2013 8:31:45 AM - Windows Update RP91: 4/25/2013 7:59:56 AM - Windows Modules Installer RP92: 4/26/2013 9:07:17 AM - Windows Update RP93: 4/28/2013 9:19:13 AM - Windows Update RP94: 5/2/2013 4:34:13 PM - Windows Update RP96: 5/3/2013 9:51:27 PM - Windows Update RP97: 5/5/2013 10:57:33 AM - Uniblue SpeedUpMyPC installation RP98: 5/7/2013 8:27:59 AM - Windows Update RP99: 5/10/2013 9:52:48 AM - Windows Update RP100: 5/13/2013 7:09:01 PM - Restore Operation RP101: 5/14/2013 3:32:04 PM - Windows Update RP102: 5/15/2013 9:02:28 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) MUI Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Bejeweled 3 BrowserProtect Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Conexant HD Audio D3DX10 DefaultTab Delta Chrome Toolbar Delta toolbar DomaIQ FATE - The Traitor Soul Google Chrome Google Update Helper IHA_MessageCenter Inbox Toolbar Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 25 Junk Mail filter update Kaspersky Anti-Virus 2012 Label@Once 1.0 LessTabs Letters from Nowhere 2 Malwarebytes Anti-Malware version 1.75.0.1300 MapsGalaxy Toolbar Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Netwaiting Norton Internet Security Norton PC Checkup Optimizer Pro v3.0 PC Performer Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Polar Bowler Realtek USB 2.0 Reader Driver Realtek WLAN Driver RollerCoaster Tycoon 3: Platinum Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Sing Along Skype Click to Call Skype Launcher Skype™ 6.3 Smiley Bar for Facebook Speed Analysis 2 SpeedUpMyPC Strongvault Online Backup Synaptics Pointing Device Driver Tales of Lagoona Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBARegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App VAFPlayer Verizon Download Manager Verizon Toolbar Virtual Villagers 4 - The Tree of Life Vz In Home Agent WildTangent Games WildTangent Games App (Toshiba Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Software Update Yahoo! Toolbar Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 5/20/2013 12:01:46 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). 5/15/2013 9:06:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2804576). 5/15/2013 9:01:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect. 5/15/2013 9:01:59 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/13/2013 7:16:56 PM, Error: Service Control Manager [7023] - The Intel® Management and Security Application User Notification Service service terminated with the following error: %%-2147467243 5/13/2013 7:16:52 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147416365 . ==== End Of File ===========================

Security Check Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 Java 6 Update 29 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 14.0.1 Firefox out of Date! Google Chrome 25.0.1364.172 Google Chrome 26.0.1410.43 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Adw Cleaner # AdwCleaner v2.115 - Logfile created 04/01/2013 at 21:47:46 # Updated 17/03/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Barbara - THEBEAST # Boot Mode : Normal # Running from : C:\Users\Barbara\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Application Updater ***** [Files / Folders] ***** File Deleted : C:\END Folder Deleted : C:\Program Files (x86)\Application Updater Folder Deleted : C:\Program Files (x86)\Common Files\spigot Folder Deleted : C:\Program Files (x86)\Vuze Remote toolbar Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\Users\Barbara\AppData\Local\OpenCandy Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\bge0yrg7.default\jetpack Folder Deleted : C:\Users\Barbara\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKCU\Software\Search Settings Key Deleted : HKLM\Software\Application Updater Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16447 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\bge0yrg7.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [2353 octets] - [01/04/2013 21:19:23] AdwCleaner[s1].txt - [2338 octets] - [01/04/2013 21:47:46] ########## EOF - C:\AdwCleaner[s1].txt - [2398 octets] ##########

# AdwCleaner v2.115 - Logfile created 04/01/2013 at 21:19:23 # Updated 17/03/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Barbara - THEBEAST # Boot Mode : Normal # Running from : C:\Users\Barbara\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** Found : Application Updater ***** [Files / Folders] ***** File Found : C:\END Folder Found : C:\Program Files (x86)\Application Updater Folder Found : C:\Program Files (x86)\Common Files\spigot Folder Found : C:\Program Files (x86)\Vuze Remote toolbar Folder Found : C:\ProgramData\Trymedia Folder Found : C:\Users\Barbara\AppData\Local\OpenCandy Folder Found : C:\Users\Barbara\AppData\LocalLow\Search Settings Folder Found : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\bge0yrg7.default\jetpack Folder Found : C:\Users\Barbara\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Search Settings Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Found : HKCU\Software\Search Settings Key Found : HKLM\Software\Application Updater Key Found : HKLM\Software\Search Settings Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA} Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16447 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\bge0yrg7.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [2224 octets] - [01/04/2013 21:19:23] ########## EOF - C:\AdwCleaner[R1].txt - [2284 octets] ##########

Sorry for the delay.... ComboFix 13-04-01.01 - Barbara 04/01/2013 19:45:18.2.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4275 [GMT -4:00] Running from: c:\users\Barbara\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 ))))))))))))))))))))))))))))))) . . 2013-04-01 23:50 . 2013-04-01 23:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-04-01 23:50 . 2013-04-01 23:50 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-04-01 23:50 . 2013-04-01 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-30 05:38 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B277BB7-7551-4BDB-8247-077FDFF1656E}\mpengine.dll 2013-03-27 06:59 . 2013-03-27 06:59 -------- d-----w- C:\FRST 2013-03-25 04:09 . 2013-03-25 04:10 -------- d-----w- c:\users\Guest\AppData\Local\sabnzbd 2013-03-25 04:08 . 2013-03-25 04:08 -------- d-----w- c:\users\Guest\AppData\Local\Google 2013-03-25 03:27 . 2013-03-25 03:27 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes 2013-03-24 05:24 . 2013-03-24 05:24 -------- d-----w- c:\users\Guest\AppData\Local\Adobe 2013-03-23 22:11 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-13 01:59 . 2013-03-13 01:59 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-03-12 23:27 . 2013-03-12 23:27 -------- d-----w- c:\program files (x86)\Vuze Remote Toolbar 2013-03-12 23:27 . 2013-03-12 23:27 -------- d-----w- c:\program files (x86)\Application Updater . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 01:59 . 2012-05-12 21:35 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 01:59 . 2011-06-04 18:45 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2010-05-21 15:59 . 2010-05-21 15:59 3095040 ----a-w- c:\program files\openofficeorg32.msi 2010-05-21 15:58 . 2010-05-21 15:58 460088 ----a-w- c:\program files\setup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{05478A66-EDB6-4A22-A870-A5987F80A7DA}"= "c:\program files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll" [2013-02-23 1352512] . [HKEY_CLASSES_ROOT\clsid\{05478a66-edb6-4a22-a870-a5987f80a7da}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}] 2013-02-23 23:17 1352512 ----a-w- c:\program files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{05478A66-EDB6-4A22-A870-A5987F80A7DA}"= "c:\program files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll" [2013-02-23 1352512] . [HKEY_CLASSES_ROOT\clsid\{05478a66-edb6-4a22-a870-a5987f80a7da}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2009-08-27 376832] "HydraVisionMDEngine"="c:\program files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [2009-08-27 569344] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-01 17146504] "CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496] "MagicRotation"="c:\program files (x86)\MagicRotation\MagicPvt.exe" [2007-08-24 1097728] "MultiScreen"="c:\program files (x86)\MultiScreen\MultiScreen.exe" [2008-06-30 114688] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-27 98304] "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728] . c:\users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ GammaTray.lnk - c:\program files (x86)\MagicTune Premium\GammaTray.exe [2010-3-1 36864] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-1 1207312] NCProTray.lnk - c:\program files (x86)\SEC\Natural Color Pro\NCProTray.exe [2010-3-1 49220] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536] R3 AODDriver;AODDriver;c:\program files (x86)\gigabyte\ET6\amd64\AODDriver.sys [x] R3 atidgllk;atidgllk;c:\program files (x86)\gigabyte\ET6\atidgllk.sys [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-12-01 35840] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-03-03 30528] R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2010-01-20 40320] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-02 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-08-10 56336] S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-17 171600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-27 202752] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2013-02-23 805752] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 73728] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 178688] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616] . . Contents of the 'Scheduled Tasks' folder . 2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 01:59] . 2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 01:10] . 2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 01:10] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://people.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\bge0yrg7.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2408793759-2719469561-2037610341-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:a2,35,69,39,2f,0c,c6,04,6a,35,cb,d8,7f,d5,2f,6c,62,3a,03,30,45,5f,34, 3c,5c,c9,83,82,04,92,6c,80,cf,9c,18,1b,1a,1c,8d,41,c6,81,1a,c6,da,c5,e8,62,\ "??"=hex:f3,af,03,1e,76,a3,f1,35,cf,02,d8,b6,e9,1a,9d,82 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\08\00\0c\16:.o" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-01 19:52:19 ComboFix-quarantined-files.txt 2013-04-01 23:52 . Pre-Run: 588,841,177,088 bytes free Post-Run: 588,513,439,744 bytes free . - - End Of File - - 05CC53295B28DBA5138C2A75A0237036

Logged into affected user account and it seems to be running okay. Dept of Justice screen no longer present. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013 Ran by SYSTEM at 2013-03-27 21:39:18 Run:1 Running from H:\ ============================================== HKEY_USERS\Barbara\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch Value deleted successfully. C:\ProgramData\1.bmp moved successfully. C:\ProgramData\DisplaySwitch.exe moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0aca24c7-f98c-a34f-06e9-2963ab6de18b} moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0aca24c7-f98c-a34f-06e9-2963ab6de18b}\@ not found. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0aca24c7-f98c-a34f-06e9-2963ab6de18b}\L not found. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0aca24c7-f98c-a34f-06e9-2963ab6de18b}\U not found. ==== End of Fixlog ====

Thank you... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 13 days old) Ran by SYSTEM at 26-03-2013 22:59:34 Running from H:\ Windows 7 Professional (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x] HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [346320 2009-08-04] (DeviceVM, Inc.) HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] () HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-09-25] (NEC Electronics Corporation) HKLM-x32\...\Run: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe [1097728 2007-08-24] (Samsung Electronics, Inc.) HKLM-x32\...\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe [114688 2008-06-30] () HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.) HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1297728 2013-02-23] (Spigot, Inc.) HKU\Barbara\...\Run: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [376832 2009-08-26] () HKU\Barbara\...\Run: [HydraVisionMDEngine] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [569344 2009-08-26] (AMD) HKU\Barbara\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17146504 2012-01-31] (Skype Technologies S.A.) HKU\Barbara\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x] HKU\Barbara\...\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated) HKU\Barbara\...\Run: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" [38912 2013-03-23] (?????????? ??????????) HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\ProgramData\Start Menu\Programs\Startup\GammaTray.lnk ShortcutTarget: GammaTray.lnk -> C:\Program Files (x86)\MagicTune Premium\GammaTray.exe () Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\NCProTray.lnk ShortcutTarget: NCProTray.lnk -> C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung) Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Services (Whitelisted) =================== 2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated) 2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-05] () 2 MagicTuneEngine; C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe [45056 2007-08-23] () 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-11] () 2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) ==================== Drivers (Whitelisted) ===================== 3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2010-03-02] () 0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation) 3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation) 0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) 3 AODDriver; \??\C:\Program Files (x86)\gigabyte\ET6\amd64\AODDriver.sys [x] 3 atidgllk; \??\C:\Program Files (x86)\gigabyte\ET6\atidgllk.sys [x] 3 MagicTune; C:\Windows\System32\drivers\MTiCtwl.sys [x] 1 NCPro; C:\Windows\system32\drivers\MTictwl.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-03-26 22:59 - 2013-03-26 22:59 - 00000000 ____D C:\FRST 2013-03-26 18:51 - 2013-03-26 18:51 - 01466241 ____A (Farbar) C:\Users\Guest\Desktop\FRST64.exe 2013-03-26 17:54 - 2013-03-26 17:54 - 00014461 ____A C:\Attach.txt 2013-03-26 17:53 - 2013-03-26 17:53 - 00014723 ____A C:\DDS.txt 2013-03-26 17:51 - 2013-03-26 17:52 - 00688992 ____R (Swearware) C:\Users\Guest\Desktop\dds.scr 2013-03-24 20:09 - 2013-03-24 20:10 - 00000000 ____D C:\Users\Guest\AppData\Local\sabnzbd 2013-03-24 20:08 - 2013-03-24 20:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Google 2013-03-24 19:38 - 2013-03-26 17:52 - 00014723 ____A C:\Users\Barbara\Desktop\dds.txt 2013-03-24 19:38 - 2013-03-26 17:52 - 00014461 ____A C:\Users\Barbara\Desktop\attach.txt 2013-03-24 19:35 - 2013-03-24 19:35 - 00688992 ____R (Swearware) C:\Users\Guest\Downloads\dds.scr 2013-03-24 19:27 - 2013-03-24 19:27 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes 2013-03-23 21:24 - 2013-03-23 21:24 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe 2013-03-23 21:23 - 2013-03-23 21:23 - 02250054 ____A C:\ProgramData\1.bmp 2013-03-23 21:10 - 2013-03-23 21:10 - 00038912 ____A (?????????? ??????????) C:\ProgramData\DisplaySwitch.exe 2013-03-17 15:49 - 2013-03-17 16:25 - 00013824 ____A C:\Users\Barbara\Desktop\vhl-chl-falcons.xls 2013-03-17 15:49 - 2013-03-17 16:25 - 00000117 ___AH C:\Users\Barbara\Desktop\.~lock.vhl-chl-falcons.xls# 2013-03-12 17:59 - 2013-03-12 17:59 - 16486616 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-03-12 15:27 - 2013-03-12 15:27 - 00000000 ____D C:\Program Files (x86)\Vuze Remote Toolbar 2013-03-12 15:27 - 2013-03-12 15:27 - 00000000 ____D C:\Program Files (x86)\Application Updater ==================== One Month Modified Files and Folders ======= 2013-03-26 18:55 - 2012-08-07 16:50 - 01832904 ____A C:\Windows\WindowsUpdate.log 2013-03-26 18:51 - 2013-03-26 18:51 - 01466241 ____A (Farbar) C:\Users\Guest\Desktop\FRST64.exe 2013-03-26 18:50 - 2009-07-13 21:13 - 00005202 ____A C:\Windows\System32\PerfStringBackup.INI 2013-03-26 18:49 - 2012-07-30 16:45 - 00018688 ____A C:\Windows\setupact.log 2013-03-26 18:30 - 2012-08-19 17:10 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-03-26 17:59 - 2012-05-12 13:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-03-26 17:54 - 2013-03-26 17:54 - 00014461 ____A C:\Attach.txt 2013-03-26 17:53 - 2013-03-26 17:53 - 00014723 ____A C:\DDS.txt 2013-03-26 17:52 - 2013-03-26 17:51 - 00688992 ____R (Swearware) C:\Users\Guest\Desktop\dds.scr 2013-03-26 17:52 - 2013-03-24 19:38 - 00014723 ____A C:\Users\Barbara\Desktop\dds.txt 2013-03-26 17:52 - 2013-03-24 19:38 - 00014461 ____A C:\Users\Barbara\Desktop\attach.txt 2013-03-26 17:20 - 2012-08-19 17:10 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-03-26 17:19 - 2009-07-13 20:45 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-03-26 17:19 - 2009-07-13 20:45 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-03-26 17:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-03-24 20:10 - 2013-03-24 20:09 - 00000000 ____D C:\Users\Guest\AppData\Local\sabnzbd 2013-03-24 20:08 - 2013-03-24 20:08 - 00000000 ____D C:\Users\Guest\AppData\Local\Google 2013-03-24 19:35 - 2013-03-24 19:35 - 00688992 ____R (Swearware) C:\Users\Guest\Downloads\dds.scr 2013-03-24 19:27 - 2013-03-24 19:27 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes 2013-03-23 21:24 - 2013-03-23 21:24 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe 2013-03-23 21:24 - 2010-11-28 06:26 - 00064032 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2013-03-23 21:23 - 2013-03-23 21:23 - 02250054 ____A C:\ProgramData\1.bmp 2013-03-23 21:23 - 2010-11-11 09:24 - 00000000 ___RD C:\Users\Barbara\Documents\My Dropbox 2013-03-23 21:23 - 2010-11-11 09:23 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Dropbox 2013-03-23 21:10 - 2013-03-23 21:10 - 00038912 ____A (?????????? ??????????) C:\ProgramData\DisplaySwitch.exe 2013-03-19 20:01 - 2012-06-05 16:49 - 00000000 ____D C:\Users\Barbara\AppData\Local\sabnzbd 2013-03-17 16:25 - 2013-03-17 15:49 - 00013824 ____A C:\Users\Barbara\Desktop\vhl-chl-falcons.xls 2013-03-17 16:25 - 2013-03-17 15:49 - 00000117 ___AH C:\Users\Barbara\Desktop\.~lock.vhl-chl-falcons.xls# 2013-03-12 17:59 - 2013-03-12 17:59 - 16486616 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-03-12 17:59 - 2012-05-12 13:35 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-03-12 17:59 - 2011-06-04 10:45 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-03-12 15:27 - 2013-03-12 15:27 - 00000000 ____D C:\Program Files (x86)\Vuze Remote Toolbar 2013-03-12 15:27 - 2013-03-12 15:27 - 00000000 ____D C:\Program Files (x86)\Application Updater 2013-03-11 15:59 - 2013-01-22 18:06 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-03-11 15:57 - 2009-07-13 21:08 - 00032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT ZeroAccess: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0aca24c7-f98c-a34f-06e9-2963ab6de18b} C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0aca24c7-f98c-a34f-06e9-2963ab6de18b}\@ C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0aca24c7-f98c-a34f-06e9-2963ab6de18b}\L C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0aca24c7-f98c-a34f-06e9-2963ab6de18b}\U ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-08 08:26:53 Restore point made on: 2013-03-08 23:00:10 Restore point made on: 2013-03-09 22:30:11 Restore point made on: 2013-03-10 19:00:16 Restore point made on: 2013-03-10 22:00:11 Restore point made on: 2013-03-11 16:28:08 Restore point made on: 2013-03-12 15:52:18 Restore point made on: 2013-03-12 22:00:10 Restore point made on: 2013-03-15 16:18:56 Restore point made on: 2013-03-16 20:31:51 Restore point made on: 2013-03-16 22:00:10 Restore point made on: 2013-03-17 19:00:16 Restore point made on: 2013-03-18 15:51:21 Restore point made on: 2013-03-18 22:00:10 Restore point made on: 2013-03-19 15:55:31 Restore point made on: 2013-03-20 17:12:34 Restore point made on: 2013-03-20 22:00:10 Restore point made on: 2013-03-23 14:28:40 Restore point made on: 2013-03-24 19:36:40 Restore point made on: 2013-03-24 22:00:08 Restore point made on: 2013-03-25 20:03:53 Restore point made on: 2013-03-26 17:42:15 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 6142.49 MB Available physical RAM: 5394.25 MB Total Pagefile: 6140.64 MB Available Pagefile: 5380.49 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================= 2 Drive c: () (Fixed) (Total:698.54 GB) (Free:561.56 GB) NTFS 3 Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:300.24 GB) NTFS 6 Drive h: () (Removable) (Total:3.72 GB) (Free:1.07 GB) FAT32 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 0 B Disk 1 Online 931 GB 0 B Disk 2 Online 3815 MB 0 B Partitions of Disk 0: =============== Disk ID: 9818C8B6 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 698 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C NTFS Partition 698 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: EB91A6A4 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 1024 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 D New Volume NTFS Partition 931 GB Healthy ========================================================= Partitions of Disk 2: =============== Disk ID: 00000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3814 MB 8 KB ================================================================================== Disk: 2 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Removable 3814 MB Healthy ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: 9818C8B6 Partition 1: ========= Hex: 8020210007DF130C0008000000200300 Active: YES Type: 07 (NTFS) Size: 100 MB Partition 2: ========= Hex: 00DF140C07FEFFFF0028030000305157 Active: NO Type: 07 (NTFS) Size: 699 GB ============================== Partitions of Disk 1: =============== Disk ID: EB91A6A4 Partition 1: ========= Hex: 0020210007FEFFFF0008000000587074 Active: NO Type: 07 (NTFS) Size: 932 GB ============================== Partitions of Disk 2: =============== Disk ID: 00000000 Partition 1: ========= Hex: 000011000B71F1C810000000F0377700 Active: NO Type: 0B Size: 4 GB Last Boot: 2013-03-24 21:04 ==================== End Of Log =============================

Hit Post too early. DDS.txt - DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16447 Run by Barbara at 21:52:16 on 2013-03-26 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4347 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\XSrvSetup.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\MagicTune Premium\GammaTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\MagicRotation\MagicPvt.exe C:\Program Files (x86)\MultiScreen\MultiScreen.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://people.com/ uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\npchrome_frame.dll TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll uRun: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" uRun: [HydraVisionMDEngine] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe uRun: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe mRun: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NCPROT~1.LNK - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://email2.downstate.edu/dwa7W.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{6552ACEE-829B-4C69-BF08-28525F987FD6} : DHCPNameServer = 192.168.1.1 Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\npchrome_frame.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe -k -rq x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\bge0yrg7.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-3-20 203888] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-25 56336] R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-26 202752] R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-2-23 805752] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-3-1 219360] R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-3-1 65536] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2010-2-28 114688] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-1 239616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-1-1 35840] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-2-28 30528] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2010-1-20 40320] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 98688] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-2 1255736] . =============== Created Last 30 ================ . 2013-03-24 05:10:29 38912 ----a-w- C:\ProgramData\DisplaySwitch.exe 2013-03-23 22:11:25 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80AB2376-B026-46B0-996A-18CECA868E7C}\mpengine.dll 2013-03-15 23:58:56 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-13 01:59:07 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-03-12 23:27:33 -------- d-----w- C:\Program Files (x86)\Vuze Remote Toolbar 2013-03-12 23:27:33 -------- d-----w- C:\Program Files (x86)\Application Updater . ==================== Find3M ==================== . 2013-03-13 01:59:17 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 01:59:17 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2010-05-21 15:59:50 3095040 ----a-w- C:\Program Files\openofficeorg32.msi 2010-05-21 15:58:20 460088 ----a-w- C:\Program Files\setup.exe . ============= FINISH: 21:52:38.17 =============== Attach.txt - . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/28/2010 12:23:03 PM System Uptime: 3/26/2013 9:11:31 PM (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | Socket 1366 | 2661/133mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 699 GiB total, 561.388 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 932 GiB total, 300.24 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP2713: 3/8/2013 11:26:45 AM - Automatic creation RP2715: 3/9/2013 2:00:07 AM - Automatic creation RP2717: 3/10/2013 2:30:08 AM - Automatic creation RP2720: 3/11/2013 2:00:07 AM - Automatic creation RP2726: 3/12/2013 7:52:10 PM - Automatic creation RP2728: 3/13/2013 2:00:07 AM - Automatic creation RP2730: 3/15/2013 8:18:48 PM - Automatic creation RP2734: 3/17/2013 2:00:07 AM - Automatic creation RP2739: 3/18/2013 7:51:13 PM - Automatic creation RP2743: 3/19/2013 7:55:23 PM - Automatic creation RP2747: 3/21/2013 2:00:07 AM - Automatic creation RP2749: 3/23/2013 6:28:32 PM - Automatic creation RP2754: 3/25/2013 2:00:00 AM - Automatic creation RP2756: 3/26/2013 12:03:46 AM - Automatic creation RP2758: 3/26/2013 9:42:07 PM - Automatic creation . ==== Installed Programs ====================== . 7-Zip 9.20 Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 11 Adobe Premiere Elements 11 Adobe Reader 9.5.4 Apple Application Support Apple Mobile Device Support Apple Software Update Assassin's Creed ATI AVIVO64 Codecs ATI Catalyst Install Manager ATI Problem Report Wizard AutoRotation Premium Battlefield Play4Free Battlelog Web Plugins Bonjour Browser Configuration Utility Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CDDRV_Installer Core FTP LE 2.1 Dress Up Rush Dropbox EAX4 Unified Redist Elements 11 Organizer erLT ESN Sonar FileZilla Client 3.5.3 Gigabyte Raid Cinfigurer GIMP 2.8.0 Google Chrome Frame Google Update Helper HandBrake 0.9.5 HydraVision iCloud ImgBurn ImTOO DVD Creator iTunes Java Auto Updater Java™ 6 Update 29 Jet Set Go KhalInstallWrapper LeapFrog Connect LeapFrog Leapster Explorer Plugin LeapFrog My Pals Plugin Logitech SetPoint Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Corporation Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft LifeCam Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MobileMe Control Panel Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MultiScreen Natural Color Pro NEC Electronics USB 3.0 Host Controller Driver NVIDIA PhysX OpenAL OpenOffice.org 3.2 Origin PDFCreator Picaboo X PRE11 STI 64Installer PSE11 STI Installer PunkBuster Services QuickTime Rainbow Web 2 Rapture3D 2.3.26 Game Realtek Ethernet Controller Driver For Windows Vista and Later Realtek High Definition Audio Driver SABnzbd 0.6.15 Safari Sally's Studio™ Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype™ 5.8 Smart 6 B9.1105.1 Tom Clancy's Splinter Cell Double Agent Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) Vuze Vuze Remote Toolbar v7.0 Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Live ID Sign-in Assistant XBMC Yahoo! Detect Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 3/26/2013 9:52:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user TheBeast\Guest SID (S-1-5-21-2408793759-2719469561-2037610341-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 3/26/2013 9:22:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.336.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/26/2013 9:22:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.336.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/26/2013 9:12:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NCPro 3/26/2013 9:11:40 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\MTictwl.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 3/25/2013 11:43:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.336.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/25/2013 11:43:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.336.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/24/2013 11:36:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.336.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/24/2013 11:36:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.336.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/23/2013 6:08:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1939.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/23/2013 6:08:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1939.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/20/2013 8:52:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1939.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/20/2013 8:52:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1939.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/20/2013 8:42:51 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 3/19/2013 7:35:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1939.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 3/19/2013 7:35:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1939.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x80240022 Error description: The program can't check for definition updates. . ==== End Of File ===========================

Infected with the Dept of Justice Virus/Malware which doesn't allow me to do anything but stare at the screen they have installed onto my computer.

good to go.. thank you for all your help!!

done and done. but i'm not sure if i'm completely clean. mbam says i'm clean but when i try and run ms security essentials i get the error in attachment 1. looking up the error code gives me this - but mbam says i'm clean? mbam-log-2012-08-09 (20-56-15).txt

after my post last night i burned a dvd and shut down. [on a pc at work now]. other than my initial issues, i wasn't experiencing any pc slow downs, search engine redirects - and i'm still not experiencing anything like that. so as long as i'm not hearing any ads played out of the blue or weird music/sounds. i guess i'm good to go??

please see attached files thank you for all your efforts, they are certainly appreciated!! mbam-log-2012-08-08 (20-16-54).txt RKreport3.txt

please see attached thank you again. TDSSKiller.2.7.48.0_08.08.2012_18.48.41_log.txt mbam-log-2012-08-08 (18-51-05).txt