Jump to content

redskns21

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so much for all of your help. Very fast and very thorough.

  2. Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 38 HP JavaCard for HP ProtectTools Java 2 Runtime Environment, SE v1.4.2_18 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. # AdwCleaner v2.202 - Logfile created 04/22/2013 at 19:14:40 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : mjones - WINDOWS-7 # Boot Mode : Normal # Running from : C:\Users\mjones\Desktop\MJones Back Up\Downloads\adwcleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\Users\mjones\AppData\Local\APN Folder Deleted : C:\Users\mjones\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\mjones\AppData\LocalLow\Conduit Folder Deleted : C:\Users\mjones\AppData\LocalLow\iWin Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\iWin Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB613033-4A78-4D07-B435-0603C9C26F94} Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1678857 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\iWin Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CB613033-4A78-4D07-B435-0603C9C26F94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\mjones\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7771 octets] - [22/04/2013 19:08:13] AdwCleaner[R2].txt - [7831 octets] - [22/04/2013 19:14:20] AdwCleaner[s1].txt - [7730 octets] - [22/04/2013 19:14:40] ########## EOF - C:\AdwCleaner[s1].txt - [7790 octets] ##########
  4. # AdwCleaner v2.202 - Logfile created 04/22/2013 at 19:14:20 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : mjones - WINDOWS-7 # Boot Mode : Normal # Running from : C:\Users\mjones\Desktop\MJones Back Up\Downloads\adwcleaner (1).exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files\Ask.com Folder Found : C:\Program Files\Conduit Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Trymedia Folder Found : C:\Users\mjones\AppData\Local\APN Folder Found : C:\Users\mjones\AppData\LocalLow\AskToolbar Folder Found : C:\Users\mjones\AppData\LocalLow\Conduit Folder Found : C:\Users\mjones\AppData\LocalLow\iWin Folder Found : C:\Users\mjones\AppData\LocalLow\iWin Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\iWin Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKLM\Software\APN Key Found : HKLM\Software\AskToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB613033-4A78-4D07-B435-0603C9C26F94} Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1678857 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\iWin Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CB613033-4A78-4D07-B435-0603C9C26F94} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\mjones\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7771 octets] - [22/04/2013 19:08:13] AdwCleaner[R2].txt - [7702 octets] - [22/04/2013 19:14:20] ########## EOF - C:\AdwCleaner[R2].txt - [7762 octets] ##########
  5. # AdwCleaner v2.202 - Logfile created 04/22/2013 at 19:08:13 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : mjones - WINDOWS-7 # Boot Mode : Normal # Running from : C:\Users\mjones\Desktop\MJones Back Up\Downloads\adwcleaner (1).exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files\Ask.com Folder Found : C:\Program Files\Conduit Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Trymedia Folder Found : C:\Users\mjones\AppData\Local\APN Folder Found : C:\Users\mjones\AppData\LocalLow\AskToolbar Folder Found : C:\Users\mjones\AppData\LocalLow\Conduit Folder Found : C:\Users\mjones\AppData\LocalLow\iWin Folder Found : C:\Users\mjones\AppData\LocalLow\iWin Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\iWin Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKLM\Software\APN Key Found : HKLM\Software\AskToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB613033-4A78-4D07-B435-0603C9C26F94} Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1678857 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\iWin Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CB613033-4A78-4D07-B435-0603C9C26F94} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\mjones\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7642 octets] - [22/04/2013 19:08:13] ########## EOF - C:\AdwCleaner[R1].txt - [7702 octets] ##########
  6. Here is the TDSSKiller Log. TDSSKiller.2.8.16.0_22.04.2013_18.35.40_log.txt
  7. ComboFix 13-04-22.01 - mjones 04/22/2013 17:51:09.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2813.1767 [GMT -7:00] Running from: c:\users\mjones\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39WF5WC5\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\iWin Games\iWinGamesHookIE.dll c:\users\mjones\AppData\Roaming\.# c:\users\mjones\Copy of 2010 CARRY FORWARD LV Co-op budget vs actual .xls c:\users\mjones\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 ))))))))))))))))))))))))))))))) . . 2013-04-23 00:59 . 2013-04-23 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-23 00:59 . 2013-04-23 00:59 -------- d-----w- c:\users\itmanager\AppData\Local\temp 2013-04-23 00:59 . 2013-04-23 00:59 -------- d-----w- c:\users\Admninistrator\AppData\Local\temp 2013-04-23 00:53 . 2013-04-23 00:53 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83AB8063-0907-446C-B7FC-972E4844DFFB}\offreg.dll 2013-04-22 23:04 . 2013-04-22 23:04 -------- d-----w- c:\users\mjones\AppData\Roaming\Malwarebytes 2013-04-22 23:03 . 2013-04-22 23:03 -------- d-----w- c:\users\mjones\AppData\Local\Programs 2013-04-22 21:47 . 2013-04-22 21:47 -------- d-----w- C:\FRST 2013-04-22 19:13 . 2013-04-22 19:13 -------- d-----w- c:\programdata\ewplm 2013-04-19 19:06 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83AB8063-0907-446C-B7FC-972E4844DFFB}\mpengine.dll 2013-04-09 20:01 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-04-09 20:01 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-09 20:01 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-09 20:01 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-09 20:01 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-09 20:01 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-09 20:01 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll 2013-04-09 20:01 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll 2013-04-09 20:01 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-09 20:00 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-26 17:59 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-22 16:27 . 2012-07-31 16:30 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-22 16:27 . 2011-06-30 22:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 21:50 . 2010-01-08 21:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-12 08:10 . 2009-12-30 20:31 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-02-12 04:48 . 2013-03-13 16:47 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 16:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-11 1520840] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-21 39408] "HP Officejet Pro 8600 (NET)"="c:\program files\Hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-05-26 1801064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-07-31 1791272] "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-04 153640] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-04 400936] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-07-30 354360] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-23 24848] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-07-06 11227136] "AT&T Communication Manager"="c:\apps\AT&T\Communication Manager\ATTCM.exe" [2009-10-10 883272] "LogMeIn GUI"="c:\apps\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936] "HP LaserJet Professional M1530 MFP Series Fax"="c:\program files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 2459192] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-01-19 495708] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-11 1573576] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-27 296096] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2009-06-30 00:09 75320 ----a-w- c:\windows\System32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 ATTRcAppSvc;AT&T RcAppSvc;c:\apps\AT&T\Communication Manager\RcAppSvc.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 CAATT;AT&T Con App Svc;c:\apps\AT&T\Communication Manager\ConAppsSvc.exe [x] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x] R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x] R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x] R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SafeBoot;SafeBoot; [x] S0 SbAlg;SbAlg; [x] S0 SbFsLock;SbFsLock; [x] S1 RsvLock;RsvLock; [x] S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [x] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [x] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x] S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\apps\LogMeIn\x86\LMIGuardianSvc.exe [x] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\apps\LogMeIn\x86\RaInfo.sys [x] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc Cognizance REG_MULTI_SZ ASBroker Bioscrypt REG_MULTI_SZ ASChannel GPSvcGroup REG_MULTI_SZ GPSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-11 18:03 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 16:27] . 2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:25] . 2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:25] . 2013-04-22 c:\windows\Tasks\HPCeeScheduleFormjones.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2010-03-24 c:\windows\Tasks\Install_NSS.job - c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-03-23 02:41] . 2013-04-19 c:\windows\Tasks\Norton Security Scan for mjones.job - c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-09-27 10:30] . 2013-04-23 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-11-27 19:53] . 2013-02-22 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-11-27 19:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb mStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 . - - - - ORPHANS REMOVED - - - - . AddRemove-LSI Soft Modem - c:\windows\agrsmdel AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1320) c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\IDT\WDM\STacSV.exe c:\windows\system32\atieclxx.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\apps\LogMeIn\x86\RaMaint.exe c:\apps\LogMeIn\x86\LogMeIn.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Microsoft\BingBar\SeaPort.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\taskhost.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2013-04-22 18:06:47 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-23 01:06 . Pre-Run: 251,693,662,208 bytes free Post-Run: 254,921,289,728 bytes free . - - End Of File - - 4FB3E4832A146C60932B7FBE30A8D0A1
  8. Here are the 2 logs, the one with 2 found was the first scan 18 days out of date done from Safe Mode w/ Command Prompt, 2nd was done inside Windows and 1 was found. She's working on your last post as we speak. Again, we thank you for your help. mbam-log-2013-04-22 (16-05-40).txt MBAM-log-2013-04-22 (16-32-53).txt
  9. Results of the RogueKiller scan. BTW, I have 3 MBAM logs as well, one from the 1st scan that found 2, 1 from another scan after the update which found one and a clean scan. Do you need any of those log files? RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : mjones [Admin rights] Mode : Scan -- Date : 04/22/2013 16:59:53 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9320423AS ATA Device +++++ --- User --- [MBR] c7ece7e29994ea9214c268f804b6b1ed [bSP] 6cc8b66dcb99ee5a5e444df68528afb2 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 303179 Mo 1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 620928315 | Size: 2055 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SanDisk Cruzer Switch USB Device +++++ --- User --- [MBR] abb3bb1a9b50906ea13e716405c1e297 [bSP] 2f5891d7453139f5a9c7e80997760056 : MBR Code unknown Partition table: 0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7632 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_04222013_02d1659.txt >> RKreport[1]_S_04222013_02d1659.txt
  10. Thank you MrC. While I was posting this, I had the user download MBAM to a flash drive, boot to command prompt through recovery options and type explorer.exe which then got us a GUI. I had her install the latest version and ran a scan. It said the DB was out of date by 18 days but wouldn't update so we ran the can anyways and it found trojan.fakems and hijack shell gen. I had her reboot normally and it appears to be gone. I've had her do a subsequent update to MBAM and she's running a scan now. Would you still like for us to run your fix and post the log? I really appreciate your quick reply, I didn't expect that or I wouldn't have had her try this last ditch effort. I just want to make sure it's completely gone.
  11. Hello, I have a user with the lovely FBI Ransomware virus and we get a white screen while trying to access Safe Mode. I had her download Farbar and below are the results of her scan. I would really appreciate some help with getting this back to where I can run Malwarebytes to remove this infection. Thanks in advance for your help. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2013 02 Ran by SYSTEM on 22-04-2013 13:48:02 Running from F:\ Windows 7 Professional (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ==================== Registry (Whitelisted) ================== HKLM\...\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1791272 2012-07-31] (Synaptics Incorporated) HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [153640 2009-06-03] (ActivIdentity) HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [400936 2009-06-03] (ActivIdentity) HKLM\...\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start [354360 2009-07-30] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule [24848 2009-07-23] (Bioscrypt Inc.) HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [288312 2009-07-27] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM\...\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11227136 2009-07-06] (Hewlett-Packard) HKLM\...\Run: [AT&T Communication Manager] "C:\Apps\AT&T\Communication Manager\ATTCM.exe" -a [883272 2009-10-09] (ATT) HKLM\...\Run: [LogMeIn GUI] "C:\Apps\LogMeIn\x86\LogMeInSystray.exe" [63048 2008-08-11] (LogMeIn, Inc.) HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.) HKLM\...\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [58936 2010-10-25] (Hewlett-Packard Company) HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax" [2459192 2010-08-24] (Hewlett-Packard Company) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2012-01-19] (IDT, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1573576 2012-12-10] (Ask) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM\...\Run: [] [x] HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296096 2012-09-27] (RealNetworks, Inc.) HKLM\...\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM\...\runonceex: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions) Winlogon\Notify\DeviceNP: DeviceNP.dll (Hewlett-Packard Limited) HKU\Admninistrator\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2009-06-17] (Hewlett-Packard Company) HKU\Admninistrator\...\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start [x] HKU\itmanager\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2009-06-17] (Hewlett-Packard Company) HKU\itmanager\...\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start [x] HKU\mjones\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2009-06-17] (Hewlett-Packard Company) HKU\mjones\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] HKU\mjones\...\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\Hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN1A31S37R05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [ 2011-05-25] (Hewlett-Packard Co.) HKU\mjones\...\Winlogon: [shell] C:\Users\mjones\AppData\Roaming\mcafee.ini,explorer.exe [x] Lsa: [Notification Packages] scecli ASWLNPkg Startup: C:ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (No File) Startup: C:ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) ========================== Services (Whitelisted) ================= S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity) S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation) S2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-23] (Bioscrypt Inc.) S2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-23] (Bioscrypt Inc.) S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.) S3 ATTRcAppSvc; C:\Apps\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-10-09] (SmithMicro Inc.) S3 CAATT; C:\Apps\AT&T\Communication Manager\ConAppsSvc.exe [125512 2009-10-09] (SmithMicro Inc.) S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [362040 2009-06-29] (Hewlett-Packard Ltd) S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-07-30] (Hewlett-Packard Development Company, L.P) S2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.) S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-07-06] (Hewlett-Packard) S2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [78104 2010-04-14] (iWin Inc.) S2 LMIGuardianSvc; C:\Apps\LogMeIn\x86\LMIGuardianSvc.exe [374704 2012-11-09] (LogMeIn, Inc.) S2 LMIMaint; C:\Apps\LogMeIn\x86\RaMaint.exe [137136 2012-11-09] (LogMeIn, Inc.) S2 LogMeIn; C:\Apps\LogMeIn\x86\LogMeIn.exe [390528 2010-11-08] (LogMeIn, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools) S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2012-01-19] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [294952 2010-08-29] (Broadcom Corporation.) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32312 2009-06-29] (Hewlett-Packard Development Company L.P.) S2 LMIInfo; C:\Apps\LogMeIn\x86\RaInfo.sys [12856 2008-08-11] (LogMeIn, Inc.) S2 LMIRfsDriver; C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2008-08-11] (LogMeIn, Inc.) S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCTINDIS5; C:\Windows\system32\PCTINDIS5.SYS [32408 2009-10-09] (Smith Micro Inc.) S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International) S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [109216 2009-07-29] (SafeBoot International) S0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.) S0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1763968 2010-06-03] () S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26760 2008-08-22] () S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [190080 2009-03-31] (Sierra Wireless Inc.) S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [148096 2009-05-04] (Sierra Wireless Inc.) S3 btwaudio; system32\drivers\btwaudio.sys [x] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x] S4 LMIRfsClientNP; No ImagePath S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-22 13:47 - 2013-04-22 13:47 - 00000000 ____D C:\FRST 2013-04-22 11:13 - 2013-04-22 11:13 - 00000000 ____D C:ProgramData\ewplm 2013-04-22 11:09 - 2013-04-22 11:09 - 00155128 ____A (Hilgraeve, Inc.) C:\Users\mjones\Desktop\mala.tmp 2013-04-16 08:42 - 2013-04-16 08:42 - 00230278 ____A C:\Users\mjones\Desktop\Store List 04.12.13 SH.xlsx 2013-04-09 14:03 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-09 14:03 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-09 14:03 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-09 14:03 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-09 14:03 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-09 14:03 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-09 14:03 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-09 14:03 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-09 14:03 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-09 14:03 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-09 14:03 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-09 14:03 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-09 14:03 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-09 14:03 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-09 14:03 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-09 14:03 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-09 12:01 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-04-09 12:01 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-09 12:01 - 2013-03-18 20:48 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-09 12:01 - 2013-03-18 18:49 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-09 12:01 - 2013-02-28 19:09 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-09 12:01 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-09 12:01 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-09 12:01 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-09 12:01 - 2013-01-23 20:47 - 00196328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys 2013-04-09 12:00 - 2013-03-01 21:07 - 01212264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-03-28 14:26 - 2013-03-28 14:26 - 00009448 ____A C:\Users\mjones\Documents\Notes on University and 52nd Location.xlsx 2013-03-26 09:59 - 2013-02-11 19:32 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys ==================== One Month Modified Files and Folders ======== 2013-04-22 13:47 - 2013-04-22 13:47 - 00000000 ____D C:\FRST 2013-04-22 12:09 - 2010-01-08 16:25 - 00029316 ____A C:\Windows\PFRO.log 2013-04-22 12:00 - 2009-12-30 18:28 - 01912325 ____A C:\Windows\WindowsUpdate.log 2013-04-22 12:00 - 2009-07-13 20:34 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-22 12:00 - 2009-07-13 20:34 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-22 11:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-22 11:56 - 2009-07-13 20:39 - 00554406 ____A C:\Windows\setupact.log 2013-04-22 11:26 - 2012-11-13 18:00 - 00000274 ____A C:\Windows\Tasks\RMAutoUpdate.job 2013-04-22 11:26 - 2012-11-09 14:16 - 00000000 ____D C:\Program Files\PC Tools Registry Mechanic 2013-04-22 11:26 - 2010-02-01 09:25 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-22 11:22 - 2009-12-30 11:26 - 00000187 ____A C:ProgramData\HPWALog.txt 2013-04-22 11:13 - 2013-04-22 11:13 - 00000000 ____D C:ProgramData\ewplm 2013-04-22 11:09 - 2013-04-22 11:09 - 00155128 ____A (Hilgraeve, Inc.) C:\Users\mjones\Desktop\mala.tmp 2013-04-22 11:02 - 2010-02-01 09:25 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-22 10:37 - 2012-07-31 08:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-22 08:27 - 2012-07-31 08:30 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-04-22 08:27 - 2011-06-30 14:48 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-04-22 08:27 - 2010-01-08 13:51 - 00000000 ____D C:ProgramData\Adobe 2013-04-22 08:23 - 2013-02-15 09:42 - 00000324 ____A C:\Windows\Tasks\HPCeeScheduleFormjones.job 2013-04-22 08:23 - 2010-01-08 16:54 - 00000000 ____D C:ProgramData\LogMeIn 2013-04-19 13:16 - 2012-09-27 13:39 - 00000404 ___AH C:\Windows\Tasks\Norton Security Scan for mjones.job 2013-04-19 11:14 - 2010-02-19 14:11 - 00000052 ____A C:\Windows\System32\DOErrors.log 2013-04-19 11:13 - 2011-11-03 12:39 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-04-19 11:05 - 2010-07-07 20:17 - 00000000 ___AD C:ProgramData\TEMP 2013-04-16 08:42 - 2013-04-16 08:42 - 00230278 ____A C:\Users\mjones\Desktop\Store List 04.12.13 SH.xlsx 2013-04-15 12:01 - 2012-10-12 09:49 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-04-12 15:40 - 2010-04-28 12:05 - 00000000 ____D C:\Users\mjones\Documents\Forms 2013-04-12 13:34 - 2010-04-07 14:49 - 00000000 ____D C:\Users\mjones\Documents\Tier 3 2013-04-11 10:03 - 2011-09-07 09:31 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-04-09 15:28 - 2009-07-13 20:33 - 00470432 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-09 14:04 - 2010-01-08 09:40 - 00000000 ____D C:ProgramData\Microsoft Help 2013-04-09 14:00 - 2010-01-08 09:27 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-03-28 14:26 - 2013-03-28 14:26 - 00009448 ____A C:\Users\mjones\Documents\Notes on University and 52nd Location.xlsx 2013-03-26 15:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore ==================== Known DLLs (ALL) ========================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 2812.87 MB Available physical RAM: 2285.46 MB Total Pagefile: 2811.14 MB Available Pagefile: 2292.62 MB Total Virtual: 2047.88 MB Available Virtual: 1960.7 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:296.07 GB) (Free:234.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.93 GB) FAT32 Drive f: () (Removable) (Total:7.45 GB) (Free:6.86 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 8 MB Disk 1 Online 7633 MB 0 B Partitions of Disk 0: =============== Disk ID: 95AA95AA Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 296 GB 31 KB Partition 2 Primary 2055 MB 296 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 296 GB Healthy ========================================================= Disk: 0 Partition 2 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D HP_TOOLS FAT32 Partition 2055 MB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: 00000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7633 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 7633 MB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 95AA95AA) Partition 1: (Active) - (Size=296 GB) - (Type=07) (NTFS) Partition 2: (Not Active) - (Size=2 GB) - (Type=0C) ==================================================================== Disk: 1 (Size: 7 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) Last Boot: 2013-04-15 11:55 ==================== End Of Log ============================ FRST Scan - Melissa.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.