Jump to content

RESERVO1R

Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Gringo, Sorry for the delay I was somewhere without access to the internet. I have to thank you for all of your help in this matter. As the last part is optional and I have a deadline I will stop here. But again I thank you for all your help. RESERVO1R
  2. Gringo, Everything appears to be functioning normally. The adware has not appeared nor have I been redirected since resetting firefox. Do you know have an idea as to what the problem was? RESERVO1R Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.20.02 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 RESERVO1R :: RESERVO1R-PC [administrator] 5/19/2013 10:32:28 PM mbam-log-2013-05-19 (22-32-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226447 Time elapsed: 4 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:39:50 PM, on 5/19/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\RESERVO1R\Downloads\HijackThis(1).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [showBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user') O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14335 bytes
  3. Hello Gringo, That appears to have done the job. But what exactly was causing the issue? It just seemed that it was a virus with the way it was behaving (redirecting/coupons). RESERVO1R
  4. Firefox, it is the only browser that I use. I have previously uninstalled it and it still comes back. I have no add-ons or extensions that are running to my knowledge. I have checked the lists and found nothing extraordinary from what I am used to seeing. RESERVO1R
  5. Hello Gringo, The advertising is still in the left hand corner of the screen, and when I first ran the OTL with your script my screen went black on the reboot. I had to reboot the computer again and it brought the screen back. Also I do not know if this is linked in any way, but when I use google and type in the search box I am prevented from placing my cursor anywhere but the beginning of the query. ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C8008D0-ED66-41A4-A7D7-434C66893A58}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C8008D0-ED66-41A4-A7D7-434C66893A58}\ not found. File C:\Users\RESERVO1R\AppData\Roaming\Mozilla\Firefox\Profiles\idiyzhug.default\searchplugins\whitesmoke-new-customized-web-search.xml not found. Unable to delete ADS C:\Users\RESERVO1R\AppData\Local\I3L8bJgK9Y0UWki:psxsydd3GrJCuLVtXeo3DWaYJMsv . Unable to delete ADS C:\Users\RESERVO1R\AppData\Local\7hOdL9n6tzoR:1UsWMhT6G2oWdvKdOJK3 . ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\RESERVO1R\Downloads\cmd.bat deleted successfully. C:\Users\RESERVO1R\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: RESERVO1R ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: RESERVO1R ->Flash cache emptied: 506 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05192013_193322
  6. Hello Gringo, Here is the OTL.txt OTL logfile created on: 5/19/2013 3:02:36 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RESERVO1R\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 53.49% Memory free 7.60 Gb Paging File | 5.38 Gb Available in Paging File | 70.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453.15 Gb Total Space | 47.70 Gb Free Space | 10.53% Space Free | Partition Type: NTFS Computer Name: RESERVO1R-PC | User Name: RESERVO1R | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\RESERVO1R\Downloads\OTL(1).exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel® Corporation) SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (ampa) -- C:\Windows\SysNative\ampa.sys () DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (bpmp) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation) DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation) DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation) DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (ampa) -- C:\Windows\SysWOW64\ampa.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{5A6F1B2C-850A-4B71-8F6D-91903EAE280B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND IE:64bit: - HKLM\..\SearchScopes\{8C8008D0-ED66-41A4-A7D7-434C66893A58}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1Qzuzzzz0A0EtC0DyDyE0DyB0BtA0E0Czy0AtN0D0TzutBtDtCtBtDyCtCtC&cr=1759256564 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {8C8008D0-ED66-41A4-A7D7-434C66893A58} IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{4D88B7F7-048E-CFE9-F445-2228D0C5D943}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data] IE - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\..\SearchScopes\{63C8857E-8D1F-4C4B-AC25-6EA00769C14B}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=937811_yhs3tst&p={searchTerms} IE - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\..\SearchScopes\{8C8008D0-ED66-41A4-A7D7-434C66893A58}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS466 IE - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\..\SearchScopes\{D85AB402-0009-410F-BDBF-DABA9AB79B35}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND IE - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;192.168.*.* ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "wsj.com" FF - prefs.js..extensions.enabledAddons: hOUiT7au%40i0ixSKgctyasBk.com:11 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/04/15 14:42:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/11/02 16:05:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/14 12:16:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/14 11:56:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/09 09:49:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/09 09:49:52 | 000,000,000 | ---D | M] [2012/01/15 23:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RESERVO1R\AppData\Roaming\Mozilla\Extensions [2013/05/19 08:53:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RESERVO1R\AppData\Roaming\Mozilla\Firefox\Profiles\idiyzhug.default\extensions [2013/05/07 08:49:26 | 000,003,259 | ---- | M] () (No name found) -- C:\Users\RESERVO1R\AppData\Roaming\Mozilla\Firefox\Profiles\idiyzhug.default\extensions\hOUiT7au@i0ixSKgctyasBk.com.xpi [2013/05/16 07:35:38 | 000,001,102 | ---- | M] () -- C:\Users\RESERVO1R\AppData\Roaming\Mozilla\Firefox\Profiles\idiyzhug.default\searchplugins\whitesmoke-new-customized-web-search.xml [2013/05/09 09:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/05/09 09:49:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/05/09 09:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/05/09 09:49:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/05/16 09:19:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/05/09 09:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions [2013/05/14 11:56:53 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012/01/12 01:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll ========== Chrome ========== CHR - Extension: No name found = C:\Users\RESERVO1R\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\ CHR - Extension: No name found = C:\Users\RESERVO1R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ O1 HOSTS File: ([2013/05/19 12:59:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - {3339B20C-E4DB-4AD2-BDDA-C13067EB23A7} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\..\Toolbar\WebBrowser: (no name) - {3339B20C-E4DB-4AD2-BDDA-C13067EB23A7} - No CLSID value found. O3 - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKU\S-1-5-21-1683528596-3722844510-230674175-1000..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKU\S-1-5-21-1683528596-3722844510-230674175-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-1683528596-3722844510-230674175-1000..\Run: [showBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1683528596-3722844510-230674175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0ED6BAF2-D066-4A66-90A0-AC4599DB04A4}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/05/14 07:59:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/19 13:51:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/05/19 11:57:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013/05/19 11:57:04 | 000,000,000 | ---D | C] -- C:\JRT [2013/05/19 11:49:55 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\RESERVO1R\Desktop\JRT.exe [2013/05/16 11:54:23 | 000,000,000 | ---D | C] -- C:\Users\RESERVO1R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013/05/16 09:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/05/16 07:12:20 | 000,000,000 | ---D | C] -- C:\Users\RESERVO1R\Desktop\RK_Quarantine [2013/05/15 23:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp [2013/05/15 22:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group [2013/05/14 11:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/05/14 11:57:01 | 001,025,808 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2013/05/14 11:57:01 | 000,378,432 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2013/05/14 11:57:01 | 000,080,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2013/05/14 11:57:01 | 000,072,016 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2013/05/14 11:57:01 | 000,064,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2013/05/14 11:57:01 | 000,033,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2013/05/14 11:57:00 | 000,287,840 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2013/05/14 11:56:22 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2013/05/14 11:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/05/14 11:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/05/14 11:54:54 | 000,000,000 | ---D | C] -- C:\windows\temp [2013/05/14 11:31:30 | 005,066,131 | R--- | C] (Swearware) -- C:\Users\RESERVO1R\Desktop\comfix.exe [2013/05/14 11:31:30 | 004,346,816 | ---- | C] (Piriform Ltd) -- C:\Users\RESERVO1R\Desktop\ccsetup401.exe [2013/05/14 11:31:30 | 001,761,408 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\RESERVO1R\Desktop\rkill.com [2013/05/14 11:31:29 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\RESERVO1R\Desktop\mblah.scr [2013/05/14 10:48:17 | 000,000,000 | ---D | C] -- C:\Users\RESERVO1R\Desktop\Antivirus [2013/05/14 07:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/05/14 07:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013/05/13 09:00:26 | 000,000,000 | ---D | C] -- C:\Users\RESERVO1R\Desktop\Ergogenic Aids [2013/05/11 09:46:37 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe [2013/05/10 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\RESERVO1R\Desktop\Articles [2013/05/10 09:42:34 | 000,145,704 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\LnkProtect.dll [2013/05/09 09:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/05/08 18:05:51 | 000,000,000 | ---D | C] -- C:\Users\RESERVO1R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2013/05/08 18:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013/05/08 18:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013/05/07 12:28:09 | 000,000,000 | ---D | C] -- C:\Users\RESERVO1R\AppData\Local\DDMSettings [2013/05/06 09:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/05/06 09:04:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013/05/06 09:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/04/27 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\RESERVO1R\Desktop\Yaspelkis Articles [2013/04/24 19:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/04/24 19:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/04/24 19:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/04/24 19:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/04/24 19:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/04/24 19:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013/04/24 19:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012/10/26 23:17:30 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll [2012/01/16 19:55:29 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\RESERVO1R\AppData\Roaming\pcouffin.sys [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/19 14:24:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/05/19 13:56:00 | 000,020,320 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/19 13:56:00 | 000,020,320 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/19 13:54:51 | 000,777,976 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/05/19 13:54:51 | 000,659,818 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/05/19 13:54:51 | 000,120,714 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/05/19 13:48:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/05/19 13:48:02 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys [2013/05/19 12:59:09 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013/05/19 11:51:03 | 000,003,289 | ---- | M] () -- C:\windows\DeleteOnReboot.bat [2013/05/19 11:49:59 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\RESERVO1R\Desktop\JRT.exe [2013/05/19 11:49:31 | 000,632,031 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\AdwCleaner(2).exe [2013/05/16 16:52:34 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/05/16 11:54:23 | 000,001,275 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\Revo Uninstaller.lnk [2013/05/16 09:19:48 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/05/16 08:50:33 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/05/16 08:35:40 | 000,276,105 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\Untitled.jpg [2013/05/15 22:53:59 | 000,001,784 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\SpyHunter4.exe - Shortcut.lnk [2013/05/14 18:24:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013/05/14 18:24:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013/05/14 12:16:31 | 000,001,586 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\DivX Movies.lnk [2013/05/14 12:16:19 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2013/05/14 12:16:04 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2013/05/14 11:57:02 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/05/14 11:57:01 | 000,000,350 | -H-- | M] () -- C:\windows\tasks\avast! Emergency Update.job [2013/05/14 11:57:01 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013/05/14 11:03:50 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\RESERVO1R\Desktop\mblah.scr [2013/05/14 10:53:02 | 117,478,104 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\avast_free_antivirus_setup.exe [2013/05/14 10:51:55 | 004,346,816 | ---- | M] (Piriform Ltd) -- C:\Users\RESERVO1R\Desktop\ccsetup401.exe [2013/05/14 10:49:57 | 001,761,408 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\RESERVO1R\Desktop\rkill.com [2013/05/14 10:49:16 | 000,001,205 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\FixNCR.reg [2013/05/14 10:48:07 | 005,066,131 | R--- | M] (Swearware) -- C:\Users\RESERVO1R\Desktop\comfix.exe [2013/05/14 09:12:46 | 038,981,856 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\Duke Corner.2013.cdr [2013/05/14 07:59:05 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013/05/13 10:50:10 | 000,052,316 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\Blood ammonia and ventilation at maximal exercise.pdf [2013/05/13 10:47:13 | 000,146,269 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\Glutamine and carbohydrate supplements reduce ammonemia increase during endurance field exercise.pdf [2013/05/13 10:41:21 | 000,258,924 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\The effect of L-ornithine hydrochloride ingestion on performance during incremental exhaustive ergometer bicycle exercise and ammonia metabolism during and after exercise.pdf [2013/05/13 10:36:58 | 001,657,626 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\Role of glycogen in control of glycolysis and IMP formation in human muscle during exercise.pdf [2013/05/12 23:42:39 | 001,349,028 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\Effect of pH on cardiorespiratory.pdf [2013/05/11 09:46:38 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe [2013/05/10 09:42:34 | 000,145,704 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\LnkProtect.dll [2013/05/09 01:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2013/05/09 01:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2013/05/09 01:59:07 | 000,189,936 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2013/05/09 01:59:07 | 000,065,336 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2013/05/09 01:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2013/05/09 01:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2013/05/08 18:09:01 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/05/08 18:05:45 | 000,001,088 | ---- | M] () -- C:\Users\RESERVO1R\Desktop\Kaspersky Security Scan.lnk [2013/05/07 23:10:12 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr100.dll [2013/05/07 23:10:12 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp100.dll [2013/04/27 18:53:28 | 000,005,120 | ---- | M] () -- C:\Users\RESERVO1R\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/04/24 19:42:51 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/04/24 19:39:08 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/19 11:49:26 | 000,632,031 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\AdwCleaner(2).exe [2013/05/16 09:19:48 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/05/16 09:19:48 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/05/16 08:35:40 | 000,276,105 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\Untitled.jpg [2013/05/15 22:53:59 | 000,001,784 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\SpyHunter4.exe - Shortcut.lnk [2013/05/14 11:57:02 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/05/14 11:57:01 | 000,189,936 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys [2013/05/14 11:57:01 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys [2013/05/14 11:57:01 | 000,000,350 | -H-- | C] () -- C:\windows\tasks\avast! Emergency Update.job [2013/05/14 11:57:01 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt [2013/05/14 11:31:30 | 117,478,104 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\avast_free_antivirus_setup.exe [2013/05/14 11:31:30 | 000,001,205 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\FixNCR.reg [2013/05/14 09:05:31 | 038,981,856 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\Duke Corner.2013.cdr [2013/05/14 07:59:05 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013/05/13 10:50:10 | 000,052,316 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\Blood ammonia and ventilation at maximal exercise.pdf [2013/05/13 10:47:13 | 000,146,269 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\Glutamine and carbohydrate supplements reduce ammonemia increase during endurance field exercise.pdf [2013/05/13 10:41:21 | 000,258,924 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\The effect of L-ornithine hydrochloride ingestion on performance during incremental exhaustive ergometer bicycle exercise and ammonia metabolism during and after exercise.pdf [2013/05/13 10:36:55 | 001,657,626 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\Role of glycogen in control of glycolysis and IMP formation in human muscle during exercise.pdf [2013/05/12 23:42:38 | 001,349,028 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\Effect of pH on cardiorespiratory.pdf [2013/05/08 18:05:51 | 000,001,088 | ---- | C] () -- C:\Users\RESERVO1R\Desktop\Kaspersky Security Scan.lnk [2013/05/06 09:04:34 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/24 19:42:51 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/04/24 19:39:08 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/04/18 17:18:34 | 000,005,120 | ---- | C] () -- C:\Users\RESERVO1R\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/04/18 10:19:27 | 001,645,496 | ---- | C] () -- C:\windows\ampa.exe [2013/04/18 10:19:27 | 000,012,728 | ---- | C] () -- C:\windows\SysWow64\ampa.sys [2013/04/07 16:26:57 | 000,000,132 | ---- | C] () -- C:\Users\RESERVO1R\AppData\Roaming\Adobe BMP Format CS5 Prefs [2013/04/01 13:08:05 | 000,772,256 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013/03/20 16:35:55 | 000,000,000 | ---- | C] () -- C:\Users\RESERVO1R\defogger_reenable [2013/03/20 12:09:42 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/03/20 12:09:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/03/20 12:09:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/03/20 12:09:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/03/20 12:09:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/05/10 11:44:48 | 000,079,360 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll [2012/01/16 19:55:29 | 000,007,859 | ---- | C] () -- C:\Users\RESERVO1R\AppData\Roaming\pcouffin.cat [2012/01/16 19:55:29 | 000,001,167 | ---- | C] () -- C:\Users\RESERVO1R\AppData\Roaming\pcouffin.inf [2012/01/16 19:37:49 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll ========== ZeroAccess Check ========== [1995/07/25 09:53:04 | 000,087,814 | -H-- | M] () -- C:\Users\RESERVO1R\Desktop\UST Fund Advisory & Services, Inc\DESKTOP JOES COMP\Computer\HP ©\$Recycle.Bin\S-1-5-21-1370073279-817511956-3428723061-1000\$RSVV42U\CLIPART\AFRICA\L.CMX [1995/07/25 09:56:52 | 000,050,328 | -H-- | M] () -- C:\Users\RESERVO1R\Desktop\UST Fund Advisory & Services, Inc\DESKTOP JOES COMP\Computer\HP ©\$Recycle.Bin\S-1-5-21-1370073279-817511956-3428723061-1000\$RSVV42U\CLIPART\AFRICA\N.CMX [1995/07/25 10:06:44 | 000,061,592 | -H-- | M] () -- C:\Users\RESERVO1R\Desktop\UST Fund Advisory & Services, Inc\DESKTOP JOES COMP\Computer\HP ©\$Recycle.Bin\S-1-5-21-1370073279-817511956-3428723061-1000\$RSVV42U\CLIPART\AFRICA\U.CMX [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Windows\SysNative\shell32.dll -- [2010/02/18 01:07:44 | 014,163,456 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010/02/18 01:07:44 | 014,163,456 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/02/18 00:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 1150 bytes -> C:\Users\RESERVO1R\AppData\Local\I3L8bJgK9Y0UWki:psxsydd3GrJCuLVtXeo3DWaYJMsv @Alternate Data Stream - 1100 bytes -> C:\Users\RESERVO1R\AppData\Local\7hOdL9n6tzoR:1UsWMhT6G2oWdvKdOJK3 < End of report >
  7. RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : RESERVO1R [Admin rights] Mode : Remove -- Date : 05/19/2013 14:14:03 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS725050A9A360 +++++ --- User --- [MBR] d30456011495ffa904d3bff4bdfae6a1 [bSP] 68105adf6ae927edcfb661b101566737 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464023 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 953393152 | Size: 11416 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[11]_D_05192013_02d1414.txt >> RKreport[10]_S_05192013_02d1412.txt ; RKreport[11]_D_05192013_02d1414.txt ; RKreport[1]_S_05162013_02d0714.txt ; RKreport[2]_D_05162013_02d0715.txt ; RKreport[3]_SC_05162013_02d0722.txt ; RKreport[4]_S_05162013_02d0955.txt ; RKreport[5]_H_05162013_02d0955.txt ; RKreport[6]_PR_05162013_02d0956.txt ; RKreport[7]_SC_05162013_02d1003.txt ; RKreport[8]_S_05162013_02d1210.txt ; RKreport[9]_S_05192013_02d1410.txt
  8. Hey Gringo, The pop-up thing is still there. 13:53:31.0194 1316 ============================================================ 13:53:31.0194 1316 Scan finished 13:53:31.0194 1316 ============================================================ 13:53:31.0214 3292 Detected object count: 4 13:53:31.0214 3292 Actual detected object count: 4 14:04:59.0906 3292 DMAgent ( UnsignedFile.Multi.Generic ) - skipped by user 14:04:59.0906 3292 DMAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:04:59.0916 3292 PST Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:04:59.0916 3292 PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:04:59.0916 3292 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 14:04:59.0916 3292 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:04:59.0916 3292 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - skipped by user 14:04:59.0916 3292 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip I will post roguekiller report momentarily.
  9. Hey Gringo, The same adware in the left corner is present. ComboFix 13-05-18.04 - RESERVO1R 05/19/2013 12:44:17.5.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3891.2271 [GMT -7:00] Running from: c:\users\RESERVO1R\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . E:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2013-04-19 to 2013-05-19 ))))))))))))))))))))))))))))))) . . 2013-05-19 19:59 . 2013-05-19 19:59 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-05-19 19:59 . 2013-05-19 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-19 18:57 . 2013-05-19 18:57 -------- d-----w- c:\windows\ERUNT 2013-05-19 18:57 . 2013-05-19 18:57 -------- d-----w- C:\JRT 2013-05-19 18:55 . 2013-05-19 18:55 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{897770A0-C366-4FDC-836B-DCFE4AF0F829}\offreg.dll 2013-05-16 16:19 . 2013-05-16 16:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-05-16 06:13 . 2013-05-16 06:13 -------- d-----w- c:\programdata\StarApp 2013-05-16 05:05 . 2013-05-16 05:05 -------- d-----w- c:\program files (x86)\Enigma Software Group 2013-05-16 05:04 . 2013-05-16 14:38 -------- d-----w- c:\windows\46B04D534E344388B6EE80FAB66AEF9B.TMP 2013-05-15 01:27 . 2013-05-15 01:30 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2013-05-14 18:57 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-05-14 18:57 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-14 18:57 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-14 18:57 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-05-14 18:57 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-05-14 18:57 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-05-14 18:57 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-14 18:57 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-14 18:57 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-14 18:56 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr 2013-05-14 18:56 . 2013-05-14 18:56 -------- d-----w- c:\program files\AVAST Software 2013-05-14 18:55 . 2013-05-14 18:56 -------- d-----w- c:\programdata\AVAST Software 2013-05-14 14:58 . 2013-05-14 14:58 -------- d-----w- c:\program files\Enigma Software Group 2013-05-14 14:58 . 2013-05-15 01:26 -------- d-----w- c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-05-14 14:58 . 2013-05-15 01:52 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-05-11 16:46 . 2013-05-11 16:46 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-05-10 16:42 . 2013-05-10 16:42 145704 ----a-w- c:\windows\system32\LnkProtect.dll 2013-05-09 01:05 . 2013-05-09 01:05 -------- d-----w- c:\programdata\Kaspersky Lab 2013-05-09 01:05 . 2013-05-09 01:05 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2013-05-07 19:28 . 2013-05-07 19:28 -------- d-----w- c:\users\RESERVO1R\AppData\Local\DDMSettings 2013-05-06 16:04 . 2013-05-16 23:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-05-06 16:04 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-25 02:42 . 2013-04-25 02:42 -------- d-----w- c:\program files\iPod 2013-04-25 02:42 . 2013-04-25 02:42 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-04-25 02:42 . 2013-04-25 02:42 -------- d-----w- c:\program files\iTunes 2013-04-25 02:42 . 2013-04-25 02:42 -------- d-----w- c:\program files (x86)\iTunes 2013-04-25 02:39 . 2013-04-25 02:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2013-04-25 02:39 . 2013-04-25 02:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2013-04-25 02:39 . 2013-04-25 02:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2013-04-25 02:39 . 2013-04-25 02:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2013-04-25 02:39 . 2013-04-25 02:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2013-04-25 02:39 . 2013-04-25 02:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2013-04-25 02:39 . 2013-04-25 02:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2013-04-25 02:39 . 2013-04-25 02:39 -------- d-----w- c:\program files (x86)\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-19 18:51 . 2013-03-21 01:50 3289 ----a-w- c:\windows\DeleteOnReboot.bat 2013-05-15 01:24 . 2012-04-04 23:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 01:24 . 2012-01-18 03:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-08 06:10 . 2011-02-20 06:03 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-05-08 06:10 . 2011-02-19 07:40 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl 2013-03-16 19:52 . 2013-04-18 17:17 189000 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2013-03-16 19:49 . 2013-04-18 17:17 48200 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2013-03-16 19:43 . 2013-04-18 17:17 18504 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2013-03-16 19:40 . 2013-04-18 17:17 58952 ----a-w- c:\windows\system32\drivers\eubakup.sys 2013-02-26 15:44 . 2012-06-18 13:49 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-26 15:44 . 2012-01-18 16:40 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-27 06:17 . 2012-10-27 06:17 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\RESERVO1R\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\RESERVO1R\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\RESERVO1R\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2013-04-11 89600] "KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-26 202296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160] "Conime"="c:\windows\system32\conime.exe" [bU] "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432] R3 ampa;ampa;c:\windows\system32\ampa.sys [2011-12-26 15288] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-26 174680] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-05-09 482384] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-04-03 109352] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200] S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-26 202296] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-03 65657] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-12-23 71168] S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-12-23 174592] S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-12-23 81920] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-17 82816] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832] . . Contents of the 'Scheduled Tasks' folder . 2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:24] . 2013-05-14 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-14 08:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3339B20C-E4DB-4AD2-BDDA-C13067EB23A7}"= "c:\users\RESERVO1R\AppData\Local\TNT2\Profiles\10262\passport64.dll" [bU] . [HKEY_CLASSES_ROOT\CLSID\{3339B20C-E4DB-4AD2-BDDA-C13067EB23A7}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\RESERVO1R\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\RESERVO1R\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\RESERVO1R\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\RESERVO1R\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-01-27 1445888] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.* IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\RESERVO1R\AppData\Roaming\Mozilla\Firefox\Profiles\idiyzhug.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - wsj.com FF - ExtSQL: 2013-04-18 16:41; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - ExtSQL: 2013-04-24 19:45; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2013-05-07 08:49; hOUiT7au@i0ixSKgctyasBk.com; c:\users\RESERVO1R\AppData\Roaming\Mozilla\Firefox\Profiles\idiyzhug.default\extensions\hOUiT7au@i0ixSKgctyasBk.com.xpi FF - ExtSQL: 2013-05-14 11:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-82926445.sys AddRemove-sl-tri - c:\program files (x86)\OApps\sl-tri_uninstall.exe AddRemove-{7A9B7F30-8586-4B85-F7CA-B86DFE120A87} - c:\progra~3\INSTAL~1\{E7D27~1\Setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-19 13:02:01 ComboFix-quarantined-files.txt 2013-05-19 20:02 ComboFix2.txt 2013-05-14 18:54 ComboFix3.txt 2013-03-21 03:56 ComboFix4.txt 2013-03-21 03:00 ComboFix5.txt 2013-05-19 19:43 . Pre-Run: 50,482,511,872 bytes free Post-Run: 51,226,791,936 bytes free . - - End Of File - - 2E27AEAD57C8159E47FD00709165C0E6
  10. Hey gringo, I still have the lower left adware, and a random center rectangle adware just rose up and then retreated quickly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Ultimate x64 Ran by RESERVO1R on Sun 05/19/2013 at 11:57:40.02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4D88B7F7-048E-CFE9-F445-2228D0C5D943} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4FC5D60F-D936-4618-BEA1-C1E04D19C006} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{932AB83B-DEC7-412B-9B16-C2B2A488C28E} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8C8008D0-ED66-41A4-A7D7-434C66893A58} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\speedypc software" Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader" Successfully deleted: [Folder] "C:\Users\RESERVO1R\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\RESERVO1R\AppData\Roaming\speedypc software" Successfully deleted: [Folder] "C:\Users\RESERVO1R\AppData\Roaming\strongvault" Successfully deleted: [Folder] "C:\Users\RESERVO1R\appdata\local\best buy pc app" Successfully deleted: [Folder] "C:\Users\RESERVO1R\appdata\local\stronghold_llc" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\RESERVO1R\appdata\local\{c05d73c7-5ac7-058c-d18b-40c9ca36efff} ~~~ FireFox Successfully deleted the following from C:\Users\RESERVO1R\AppData\Roaming\mozilla\firefox\profiles\idiyzhug.default\prefs.js user_pref("extensions.crossrider.bic", "13b4a74dc6bf3879c69081ee20ad10af"); Emptied folder: C:\Users\RESERVO1R\AppData\Roaming\mozilla\firefox\profiles\idiyzhug.default\minidumps [374 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 05/19/2013 at 12:04:18.67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.301 - Logfile created 05/19/2013 at 11:50:37 # Updated 16/05/2013 by Xplode # Operating system : Windows 7 Ultimate (64 bits) # User : RESERVO1R - RESERVO1R-PC # Boot Mode : Normal # Running from : C:\Users\RESERVO1R\Desktop\AdwCleaner(2).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\DomaIQ Uninstaller ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\RESERVO1R\AppData\Roaming\Mozilla\Firefox\Profiles\idiyzhug.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\RESERVO1R\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [12855 octets] - [08/05/2013 17:57:44] AdwCleaner[R2].txt - [17356 octets] - [16/05/2013 08:13:57] AdwCleaner[R3].txt - [1670 octets] - [16/05/2013 08:20:14] AdwCleaner[R4].txt - [1808 octets] - [16/05/2013 11:40:04] AdwCleaner[s1].txt - [16352 octets] - [20/03/2013 18:50:02] AdwCleaner[s2].txt - [13281 octets] - [08/05/2013 17:58:42] AdwCleaner[s3].txt - [314 octets] - [16/05/2013 08:14:30] AdwCleaner[s4].txt - [4913 octets] - [16/05/2013 08:15:44] AdwCleaner[s5].txt - [1770 octets] - [16/05/2013 08:26:59] AdwCleaner[s6].txt - [1425 octets] - [19/05/2013 11:50:37] ########## EOF - C:\AdwCleaner[s6].txt - [1485 octets] ##########
  11. Hi Gringo, Thanks for the help. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 1/15/2012 10:41:40 PM System Uptime: 5/19/2013 8:40:45 AM (0 hours ago) . Motherboard: TOSHIBA | | NWQAA Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU | 2399/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 453 GiB total, 43.053 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Community Help Adobe Creative Suite 5 Master Collection Adobe Flash Media Live Encoder 3.2 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Encoder CS5 Dolby X64 Adobe Media Encoder CS5 PCI X64 Adobe Media Player Adobe Reader XI (11.0.02) Adobe Shockwave Player 11.6 aioscnnr AOMEI Partition Assistant Home Edition 5.1.2 Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus BatteryBar (remove only) Best Buy pc app Bonjour C4USelfUpdater CCleaner center ConvertXtoDVD 4.0.9.322 DivX Setup Dropbox EndNote X1 essentials F4V Player ffdshow v1.1.4369 [2012-03-03] HitmanPro 3.7 iCloud Intel PROSet Wireless Intel WiMAX Tutorial Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® PROSet/Wireless WiMAX Software Intel® Wireless Display ISI ResearchSoft - Export Helper iTunes JMP 7 Junk Mail filter update K-Lite Codec Pack 6.3.0 (Standard) Kaspersky Security Scan Kodak AIO Printer KODAK AiO Software Malwarebytes Anti-Malware version 1.75.0.1300 miCoach Manager Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft XNA Framework Redistributable 2.0 Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MpcStar 5.4 MSVCRT MSXML 4.0 SP3 Parser ocr PDF Settings CS5 PDFCreator PreReq PxMergeModule QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Revo Uninstaller 1.94 Rosetta Stone Version 3 SelectionLinks Skype Click to Call Skype™ 5.8 SPSS Statistics 17.0 swMSM Synaptics Pointing Device Driver TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA HDD Protection TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration Utility Common Driver VC80CRTRedist - 8.0.50727.6195 VLC media player 2.0.0 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WinRAR 4.01 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 5/16/2013 9:23:06 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. 5/16/2013 11:54:03 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 5/16/2013 11:51:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 5/16/2013 11:51:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 5/16/2013 11:39:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 5/16/2013 11:39:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 5/16/2013 11:37:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/16/2013 11:37:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/16/2013 11:37:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 5/16/2013 11:37:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 5/16/2013 11:37:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/16/2013 11:37:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/16/2013 11:37:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The PST Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/16/2013 11:37:02 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 5/15/2013 10:56:57 PM, Error: Service Control Manager [7000] - The EsgScanner service failed to start due to the following error: This driver has been blocked from loading 5/15/2013 10:56:57 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\EsgScanner.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 5/14/2013 9:56:20 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet. 5/14/2013 12:01:29 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 5/14/2013 12:01:17 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 5/14/2013 11:57:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 5/14/2013 11:57:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 5/14/2013 11:53:15 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 5/14/2013 11:52:52 AM, Error: Application Popup [1060] - \??\C:\comfix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 5/14/2013 11:40:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 5/14/2013 11:30:36 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21 5/14/2013 11:30:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache EUDSKACS EUFDDISK spldr Wanarpv6 5/14/2013 10:37:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache EUDSKACS EUFDDISK NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl . ==== End Of File =========================== The DDS.TXT file DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 Run by RESERVO1R at 8:53:54 on 2013-05-19 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3891.1879 [GMT -7:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\Program Files\HitmanPro\hmpsched.exe C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\ThpSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\SearchIndexer.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\windows\system32\igfxext.exe C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe C:\windows\system32\igfxsrvc.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\windows\SysWOW64\NOTEPAD.EXE C:\windows\SysWOW64\NOTEPAD.EXE C:\windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND uProxyOverride = <local>;*.local;192.168.*.* BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [showBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe mRun: [Conime] C:\windows\System32\conime.exe mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{0ED6BAF2-D066-4A66-90A0-AC4599DB04A4} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{0ED6BAF2-D066-4A66-90A0-AC4599DB04A4}\1434343547574656E647 : DHCPNameServer = 206.77.151.36 206.77.151.37 198.213.3.10 TCP: Interfaces\{0ED6BAF2-D066-4A66-90A0-AC4599DB04A4}\1434347457563747 : DHCPNameServer = 206.77.151.36 206.77.151.37 TCP: Interfaces\{0ED6BAF2-D066-4A66-90A0-AC4599DB04A4}\34861627C6965602D20274 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{0ED6BAF2-D066-4A66-90A0-AC4599DB04A4}\479676761627 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{0ED6BAF2-D066-4A66-90A0-AC4599DB04A4}\E4544574541425D223E243D274 : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-mStart Page = hxxp://www.google.com x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: b Search.us.com Toolbar: {3339B20C-E4DB-4AD2-BDDA-C13067EB23A7} - x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\RESERVO1R\AppData\Roaming\Mozilla\Firefox\Profiles\idiyzhug.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - wsj.com FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-04-18 16:41; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - ExtSQL: 2013-04-24 19:45; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2013-05-07 08:49; hOUiT7au@i0ixSKgctyasBk.com; C:\Users\RESERVO1R\AppData\Roaming\Mozilla\Firefox\Profiles\idiyzhug.default\extensions\hOUiT7au@i0ixSKgctyasBk.com.xpi FF - ExtSQL: 2013-05-14 11:56; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2013-05-18 18:05; {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}; C:\Users\RESERVO1R\AppData\Roaming\Mozilla\Firefox\Profiles\idiyzhug.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-5-14 65336] R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-5-14 189936] R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-4-15 55280] R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-1-15 482384] R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-5-14 1025808] R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-5-14 378432] R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-5-14 33400] R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-5-14 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-14 46808] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992] R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-1-16 109352] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200] R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200] R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-6 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-6 701512] R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-12-25 65657] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-15 2320920] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360] R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2009-12-22 71168] R3 bpmp;bpmp;C:\windows\System32\drivers\bpmp.sys [2009-12-22 174592] R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2009-12-22 81920] R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2012-1-15 56344] R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-5-6 25928] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-1-15 35008] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-1-15 331880] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952] R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728] S3 acsock;acsock;C:\windows\System32\drivers\acsock64.sys [2012-10-29 107432] S3 ampa;ampa;C:\windows\System32\ampa.sys [2013-4-18 15288] S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-5-26 174680] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-1-15 51512] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-05-19 00:30:55 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{897770A0-C366-4FDC-836B-DCFE4AF0F829}\offreg.dll 2013-05-16 06:13:32 -------- d-----w- C:\ProgramData\StarApp 2013-05-16 05:05:38 -------- d-----w- C:\Program Files (x86)\Enigma Software Group 2013-05-16 05:04:39 -------- d-----w- C:\windows\46B04D534E344388B6EE80FAB66AEF9B.TMP 2013-05-15 01:27:40 -------- d-----w- C:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2013-05-14 19:02:12 -------- d-sh--w- C:\$RECYCLE.BIN 2013-05-14 18:57:01 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2013-05-14 18:57:01 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2013-05-14 18:57:01 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys 2013-05-14 18:57:01 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys 2013-05-14 18:57:01 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2013-05-14 18:56:22 41664 ----a-w- C:\windows\avastSS.scr 2013-05-14 18:56:04 -------- d-----w- C:\Program Files\AVAST Software 2013-05-14 18:55:58 -------- d-----w- C:\ProgramData\AVAST Software 2013-05-14 14:58:47 -------- d-----w- C:\Program Files\Enigma Software Group 2013-05-14 14:58:22 -------- d-----w- C:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP 2013-05-14 14:58:21 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-05-14 14:55:58 -------- d-----w- C:\Users\RESERVO1R\AppData\Roaming\SpeedyPC Software 2013-05-14 14:55:58 -------- d-----w- C:\Users\RESERVO1R\AppData\Roaming\DriverCure 2013-05-14 14:55:52 -------- d-----w- C:\ProgramData\SpeedyPC Software 2013-05-11 16:46:37 12872 ----a-w- C:\windows\System32\bootdelete.exe 2013-05-10 16:42:34 145704 ----a-w- C:\windows\System32\LnkProtect.dll 2013-05-09 01:05:36 -------- d-----w- C:\ProgramData\Kaspersky Lab 2013-05-09 01:05:36 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2013-05-07 19:28:09 -------- d-----w- C:\Users\RESERVO1R\AppData\Local\DDMSettings 2013-05-06 16:04:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-05-06 16:04:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-25 02:42:31 -------- d-----w- C:\Program Files\iPod 2013-04-25 02:42:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-04-25 02:42:30 -------- d-----w- C:\Program Files\iTunes 2013-04-25 02:42:30 -------- d-----w- C:\Program Files (x86)\iTunes 2013-04-25 02:39:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2013-04-25 02:39:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2013-04-25 02:39:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2013-04-25 02:39:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2013-04-25 02:39:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2013-04-25 02:39:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2013-04-25 02:39:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll . ==================== Find3M ==================== . 2013-05-16 15:27:12 3186 ----a-w- C:\windows\DeleteOnReboot.bat 2013-05-15 01:24:43 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 01:24:43 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-05-08 06:10:12 770384 ----a-w- C:\windows\SysWow64\msvcr100.dll 2013-05-08 06:10:12 421200 ----a-w- C:\windows\SysWow64\msvcp100.dll 2013-03-23 01:09:28 354656 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl 2013-03-16 19:52:22 189000 ----a-w- C:\windows\System32\drivers\EuFdDisk.sys 2013-03-16 19:49:12 48200 ----a-w- C:\windows\System32\drivers\EUBKMON.sys 2013-03-16 19:43:54 18504 ----a-w- C:\windows\System32\drivers\eudskacs.sys 2013-03-16 19:40:42 58952 ----a-w- C:\windows\System32\drivers\eubakup.sys 2013-02-26 15:44:24 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-02-26 15:44:24 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-10-27 06:17:30 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll . ============= FINISH: 8:54:09.86 ===============
  12. I have a virus that is redirecting my browser continuously and I have tried several malware removal programs. Malwarebytes when run reports no viruses found when problem still exists. The virus will state that I need to update my adobe flash, redirect to some coupon site, and there is a box that appears in the lower left side of my browser that states I need to update HD flash. When I run eset, my computer may find a problem but the computer just suddenly shuts off prior to completing the scan. Also the fan is constantly running so that my computer is hot. If a screen shot of what the web browser would be helpful please let me know. Any help would be appreciated. RESERVO1R
  13. There ya go Gringo, this scan took 4.5 hours to complete and froze at the end 99%-100% but I was able to extract out this piece of information. C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application C:\Qoobox\Quarantine\C\Windows\Installer\{c05d73c7-5ac7-058c-d18b-40c9ca36efff}\U\00000004.@.vir Win64/Sirefef.AI trojan C:\Qoobox\Quarantine\C\Windows\Installer\{c05d73c7-5ac7-058c-d18b-40c9ca36efff}\U\00000008.@.vir Win64/Agent.BA trojan C:\Qoobox\Quarantine\C\Windows\Installer\{c05d73c7-5ac7-058c-d18b-40c9ca36efff}\U\000000cb.@.vir Win64/Sirefef.AI trojan C:\Qoobox\Quarantine\C\Windows\Installer\{c05d73c7-5ac7-058c-d18b-40c9ca36efff}\U\80000000.@.vir Win64/Sirefef.AE trojan C:\Qoobox\Quarantine\C\Windows\Installer\{c05d73c7-5ac7-058c-d18b-40c9ca36efff}\U\80000032.@.vir Win32/Sirefef.EU trojan C:\Qoobox\Quarantine\C\Windows\Installer\{c05d73c7-5ac7-058c-d18b-40c9ca36efff}\U\80000064.@.vir Win64/Sirefef.AE trojan
  14. Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.21.11 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 RESERVO1R :: RESERVO1R-PC [administrator] Protection: Enabled 3/21/2013 10:18:57 AM mbam-log-2013-03-21 (10-18-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 220185 Time elapsed: 2 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\RESERVO1R\Downloads\FFDShow_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Users\RESERVO1R\Downloads\install_flashplayer.exe (Rootkit.0Access) -> Quarantined and deleted successfully. (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:24:05 AM, on 3/21/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\adidas\miCoach Manager\SyncManager.exe C:\Users\RESERVO1R\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\RESERVO1R\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Users\RESERVO1R\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [miCoach Manager] C:\Program Files (x86)\adidas\miCoach Manager\SyncManager.exe -autorun O4 - HKCU\..\Run: [showBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Users\RESERVO1R\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15395 bytes The computer is running smoothly and I do not feel that there is any problems with it currently. How are the logs looking now? Are there any further issues that exist in my computer?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.