Jump to content

Claudius46

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by Claudius46

  1. Yes. It appears to be running a little faster. Didn't catch anything on the scan.
  2. # AdwCleaner v3.004 - Report created 14/09/2013 at 21:53:20 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : Bret - BRET-PC # Running from : C:\Users\Bret\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Users\Bret\AppData\Local\Conduit Folder Deleted : C:\Users\Bret\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\Bret\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Bret\AppData\LocalLow\PriceGong ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 ************************* AdwCleaner[R0].txt - [3124 octets] - [14/09/2013 21:38:06] AdwCleaner[s0].txt - [2917 octets] - [14/09/2013 21:53:20] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2977 octets] ##########
  3. Here you go. ComboFix 13-09-13.03 - Bret 09/13/2013 17:39:02.5.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2397 [GMT -4:00] Running from: c:\users\Bret\Desktop\ComboFix.exe AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bret\AppData\Local\Google\Chrome\User Data\Default\Preferences . . ((((((((((((((((((((((((( Files Created from 2013-08-13 to 2013-09-13 ))))))))))))))))))))))))))))))) . . 2013-09-13 21:49 . 2013-09-13 21:49 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-09-13 21:49 . 2013-09-13 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-13 21:49 . 2013-09-13 21:49 -------- d-----w- c:\users\Bret\AppData\Local\temp 2013-09-13 21:26 . 2013-09-13 21:35 -------- d-----w- c:\users\Bret\AppData\Roaming\HPAppData 2013-09-13 21:24 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EC86045-C426-41AA-B53B-133128FE73FD}\mpengine.dll 2013-09-12 00:58 . 2013-09-12 01:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-09-12 00:31 . 2013-09-12 00:31 -------- d-----w- C:\found.003 2013-09-08 23:09 . 2013-09-08 23:09 -------- d-----w- C:\FRST 2013-09-06 04:26 . 2013-09-11 00:26 -------- d-----w- C:\0749da118aea33367ab39412c7e9625e 2013-09-04 03:52 . 2013-09-11 00:26 -------- d-----w- c:\windows\system32\SPReview 2013-08-17 22:41 . 2013-08-17 22:41 -------- d-----w- c:\programdata\EPSON 2013-08-17 22:41 . 2007-12-06 21:08 108032 ----a-w- c:\windows\system32\E_ILMEMA.DLL 2013-08-17 22:41 . 2007-12-06 21:01 81408 ----a-w- c:\windows\system32\E_IBCBEMA.DLL 2013-08-17 04:54 . 2013-08-17 04:56 -------- d-----w- c:\windows\system32\MRT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-13 21:21 . 2012-04-04 00:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-13 21:21 . 2011-07-22 01:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-17 04:53 . 2009-12-09 02:15 78161360 ----a-w- c:\windows\system32\MRT.exe 2012-08-18 23:36 . 2012-08-18 23:37 48136192 ----a-w- c:\program files\NTI Backup Now EZ.msi . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTOSHIBA"="c:\program files (x86)\Toshiba\My Toshiba\MyToshiba.exe" [2009-08-06 264048] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-08 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "BackupNowEZtray"="c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" [2011-09-24 580632] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [x] S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe;c:\program files\TOSHIBA\rselect\RSelSvc.exe [x] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}] 2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\Toshiba\My Toshiba\MyToshiba.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:21] . 2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 05:02] . 2013-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 05:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3229125945-3508983886-2451938384-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3229125945-3508983886-2451938384-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-13 17:56:23 ComboFix-quarantined-files.txt 2013-09-13 21:56 ComboFix2.txt 2013-01-08 03:35 ComboFix3.txt 2011-04-24 02:56 ComboFix4.txt 2011-03-23 14:20 ComboFix5.txt 2013-09-13 21:37 . Pre-Run: 162,060,095,488 bytes free Post-Run: 162,431,463,424 bytes free . - - End Of File - - A290FA3387E1F74351DD58670052DA90 5B5E648D12FCADC244C1EC30318E1EB9
  4. Done and done. The root kit found nothing on the scan. Much appreciated.
  5. Here is the Scan Result of FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013 Ran by SYSTEM on MININT-UNCN9JV on 08-09-2013 15:09:17 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation) HKLM\...\Run: [LtMoh] - C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation) HKLM\...\Run: [smartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET) HKLM\...\RunOnce: [*Restore] - C:\windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [backupNowEZtray] - C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [580632 2011-09-23] (NTI Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Adobe Photo Downloader] - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKU\Bret\...\Run: [MyTOSHIBA] - C:\Program Files (x86)\Toshiba\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA) HKU\Bret\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-07] (Google Inc.) Startup: C:\Users\Bret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bdzjrjtmq.lnk ShortcutTarget: bdzjrjtmq.lnk -> C:\PROGRA~3\qmtjrjzdb.plz (Sumitomo Forestry Corporation) ==================== Services (Whitelisted) ================= S2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation) ==================== Drivers (Whitelisted) ==================== S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET) S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET) S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET) S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [427008 2009-06-10] (Realtek Semiconductor Corporation ) S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\etavaresCF23338e\catchme.sys [x] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-07 23:36 - 2013-09-07 23:36 - 00003288 ____N C:\bootsqm.dat 2013-09-07 22:52 - 2013-09-07 22:52 - 00000000 _____ C:\ProgramData\nbcltt9.dat 2013-09-07 22:02 - 2013-09-07 23:39 - 95025368 ____T C:\ProgramData\bdzjrjtmq.pff 2013-09-07 22:02 - 2013-09-07 23:38 - 00000000 _____ C:\ProgramData\bdzjrjtmq.ctrl 2013-09-07 22:02 - 2013-09-07 22:02 - 00160260 _____ (Sumitomo Forestry Corporation) C:\ProgramData\qmtjrjzdb.plz 2013-09-07 22:02 - 2013-09-07 22:02 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\bdzjrjtmq.pzz 2013-09-07 21:29 - 2013-09-07 21:29 - 95025368 ____T C:\ProgramData\v3fr9mqa.pff 2013-09-07 21:29 - 2013-09-07 21:29 - 00160252 _____ (Sumitomo Forestry Corporation) C:\ProgramData\aqm9rf3v.plz 2013-09-07 21:29 - 2013-09-07 21:29 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\v3fr9mqa.pzz 2013-09-07 21:29 - 2013-09-07 21:29 - 00000000 _____ C:\ProgramData\v3fr9mqa.ctrl 2013-09-07 21:27 - 2013-09-07 21:29 - 95025368 ____T C:\ProgramData\dlczjrj6o.pff 2013-09-07 21:27 - 2013-09-07 21:27 - 00160252 _____ (Sumitomo Forestry Corporation) C:\ProgramData\o6jrjzcld.plz 2013-09-07 21:27 - 2013-09-07 21:27 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\dlczjrj6o.pzz 2013-09-07 21:27 - 2013-09-07 21:27 - 00000000 _____ C:\ProgramData\dlczjrj6o.ctrl 2013-09-07 21:24 - 2013-09-07 21:24 - 00012817 _____ C:\Users\Bret\Desktop\hs_err_pid10444.log 2013-09-07 21:16 - 2013-09-07 21:16 - 00012440 _____ C:\Users\Bret\Desktop\hs_err_pid9236.log 2013-09-05 20:26 - 2013-09-08 03:23 - 00000000 ____D C:\0749da118aea33367ab39412c7e9625e 2013-09-03 19:52 - 2013-09-08 03:23 - 00000000 ____D C:\Windows\System32\SPReview 2013-09-03 18:42 - 2013-09-03 18:43 - 17016828 _____ C:\Users\Bret\Downloads\www.3movs.com---british-mom-tia-layne-takes-it-doggy-style_lq.mp4 2013-09-03 18:18 - 2013-09-03 18:18 - 09716036 _____ C:\Users\Bret\Downloads\www.3movs.com---puma-swede-in-a-high-heels-riding-hard-pole-reverse-cowgirl_lq.mp4 2013-08-21 19:20 - 2013-08-21 19:20 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-08-17 14:41 - 2013-08-17 14:41 - 00000000 ____D C:\ProgramData\EPSON 2013-08-17 14:41 - 2007-12-06 13:08 - 00108032 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_ILMEMA.DLL 2013-08-17 14:41 - 2007-12-06 13:01 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_IBCBEMA.DLL 2013-08-16 20:54 - 2013-08-16 20:56 - 00000000 ____D C:\Windows\System32\MRT ==================== One Month Modified Files and Folders ======= 2013-09-08 03:23 - 2013-09-05 20:26 - 00000000 ____D C:\0749da118aea33367ab39412c7e9625e 2013-09-08 03:23 - 2013-09-03 19:52 - 00000000 ____D C:\Windows\System32\SPReview 2013-09-08 03:23 - 2009-11-10 18:05 - 00000000 ____D C:\Users\Bret\AppData\Local\TOSHIBA 2013-09-08 03:23 - 2009-11-10 18:02 - 00000000 ____D C:\users\Bret 2013-09-08 03:23 - 2009-09-03 17:17 - 00000000 ____D C:\ProgramData\Toshiba 2013-09-08 03:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-09-07 23:39 - 2013-09-07 22:02 - 95025368 ____T C:\ProgramData\bdzjrjtmq.pff 2013-09-07 23:38 - 2013-09-07 22:02 - 00000000 _____ C:\ProgramData\bdzjrjtmq.ctrl 2013-09-07 23:37 - 2010-02-11 21:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-07 23:37 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-07 23:37 - 2009-07-13 20:51 - 00108376 _____ C:\Windows\setupact.log 2013-09-07 23:36 - 2013-09-07 23:36 - 00003288 ____N C:\bootsqm.dat 2013-09-07 22:52 - 2013-09-07 22:52 - 00000000 _____ C:\ProgramData\nbcltt9.dat 2013-09-07 22:02 - 2013-09-07 22:02 - 00160260 _____ (Sumitomo Forestry Corporation) C:\ProgramData\qmtjrjzdb.plz 2013-09-07 22:02 - 2013-09-07 22:02 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\bdzjrjtmq.pzz 2013-09-07 21:29 - 2013-09-07 21:29 - 95025368 ____T C:\ProgramData\v3fr9mqa.pff 2013-09-07 21:29 - 2013-09-07 21:29 - 00160252 _____ (Sumitomo Forestry Corporation) C:\ProgramData\aqm9rf3v.plz 2013-09-07 21:29 - 2013-09-07 21:29 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\v3fr9mqa.pzz 2013-09-07 21:29 - 2013-09-07 21:29 - 00000000 _____ C:\ProgramData\v3fr9mqa.ctrl 2013-09-07 21:29 - 2013-09-07 21:27 - 95025368 ____T C:\ProgramData\dlczjrj6o.pff 2013-09-07 21:27 - 2013-09-07 21:27 - 00160252 _____ (Sumitomo Forestry Corporation) C:\ProgramData\o6jrjzcld.plz 2013-09-07 21:27 - 2013-09-07 21:27 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\dlczjrj6o.pzz 2013-09-07 21:27 - 2013-09-07 21:27 - 00000000 _____ C:\ProgramData\dlczjrj6o.ctrl 2013-09-07 21:24 - 2013-09-07 21:24 - 00012817 _____ C:\Users\Bret\Desktop\hs_err_pid10444.log 2013-09-07 21:16 - 2013-09-07 21:16 - 00012440 _____ C:\Users\Bret\Desktop\hs_err_pid9236.log 2013-09-05 20:25 - 2010-02-11 21:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-05 20:20 - 2012-04-03 16:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-05 18:41 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-05 18:41 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-05 18:36 - 2009-09-20 00:02 - 01781792 _____ C:\Windows\WindowsUpdate.log 2013-09-03 18:43 - 2013-09-03 18:42 - 17016828 _____ C:\Users\Bret\Downloads\www.3movs.com---british-mom-tia-layne-takes-it-doggy-style_lq.mp4 2013-09-03 18:18 - 2013-09-03 18:18 - 09716036 _____ C:\Users\Bret\Downloads\www.3movs.com---puma-swede-in-a-high-heels-riding-hard-pole-reverse-cowgirl_lq.mp4 2013-09-01 18:33 - 2010-02-18 18:12 - 00000000 ____D C:\Users\Bret\Documents\Targets 2013-08-21 19:20 - 2013-08-21 19:20 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-08-21 19:20 - 2012-04-03 16:45 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 19:20 - 2012-04-03 16:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 19:20 - 2011-07-21 17:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-21 19:11 - 2013-06-17 17:40 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-21 19:11 - 2013-06-17 17:40 - 00000000 ____D C:\Program Files\iTunes 2013-08-21 19:11 - 2012-02-16 17:26 - 00000000 ____D C:\Windows\System32\Macromed 2013-08-21 19:11 - 2010-12-18 21:06 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-21 19:09 - 2013-06-17 17:40 - 00000000 ____D C:\Program Files\iPod 2013-08-17 18:23 - 2010-02-18 18:12 - 00000000 ____D C:\Users\Bret\Documents\DD 2013-08-17 14:41 - 2013-08-17 14:41 - 00000000 ____D C:\ProgramData\EPSON 2013-08-17 10:40 - 2009-11-10 18:26 - 00000000 ____D C:\Users\Bret\AppData\Local\Google 2013-08-16 20:56 - 2013-08-16 20:54 - 00000000 ____D C:\Windows\System32\MRT 2013-08-16 20:56 - 2009-09-20 00:15 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-16 20:53 - 2009-12-08 18:15 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe Files to move or delete: ==================== C:\ProgramData\2582228.pad C:\ProgramData\aqm9rf3v.plz C:\ProgramData\bdzjrjtmq.ctrl C:\ProgramData\dlczjrj6o.ctrl C:\ProgramData\nbcltt9.dat C:\ProgramData\o6jrjzcld.plz C:\ProgramData\qmtjrjzdb.plz C:\ProgramData\v3fr9mqa.ctrl C:\Users\Bret\AppData\Local\Temp\byubolbtfvvblknaoeg.bfg C:\Users\Bret\AppData\Local\Temp\dvmnmimctxtncorwhpo.bfg C:\Users\Bret\AppData\Local\Temp\dyqompgpcgvcmbxnoje.bfg C:\Users\Bret\AppData\Local\Temp\jvflrnjgxsqbxxpxnyn.bfg C:\Users\Bret\AppData\Local\Temp\kmyxxoynaespglduwtw.bfg C:\Users\Bret\AppData\Local\Temp\lowproc.exe C:\Users\Bret\AppData\Local\Temp\stubhelper.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-09-05 20:29:00 Restore point made on: 2013-09-06 19:16:25 Restore point made on: 2013-09-07 21:41:26 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3963.99 MB Available physical RAM: 3373.95 MB Total Pagefile: 3962.14 MB Available Pagefile: 3376.89 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (TI102618W0G) (Fixed) (Total:287.57 GB) (Free:151.12 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (USB DISK) (Removable) (Total:57.63 GB) (Free:57.63 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: ED6E01AF) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=288 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=9 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 58 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=58 GB) - (Type=0C) LastRegBack: 2013-07-16 18:58 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.