Jump to content

topherfox

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks so much. I will definitely buy you a virtual beer! Just so you don't think I am a complete moron, we do have a subscription to Trend Micro. It stopped working during this process (before I contacted this forum) and I uninstailled it, planning to reinstall it. Then, lo and behold, it won't install with MBAM installed. I did not want to uninstall MBAM as it was actually working to block all that outbound traffic! So, I've just tried to stay off the internet on this computer, other than checking this forum. I will uninstall MBAM now, reinstall Trend Micro, then promptly put MBAM back! Take care.
  2. Hi. The IP blocks do seem to have stopped. Have not seen one for some time now. Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02 Ran by Topher at 2014-03-05 15:47:17 Run:1 Running from C:\Users\Topher\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [747712 2013-11-22] () C:\Program Files (x86)\Mobogenie HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=977953915&ir= FF SearchEngineOrder.1: Mysearchdial FF SearchPlugin: C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\searchplugins\Mysearchdial.xml CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Jenny\AppData\Local\mysearchdial-speeddial.crx [2013-10-16] 2014-02-05 14:51 - 2013-12-01 15:42 - 00000000 ____D () C:\Users\Jenny\AppData\Local\genienext 2014-02-26 18:57 - 2014-02-26 18:57 - 00012326 _____ () C:\Users\Jenny\AppData\Local\msnxdmad 2014-02-26 18:56 - 2014-02-26 18:56 - 00068161 _____ () C:\Users\Jenny\AppData\Local\jhxuixou ***************** [3776] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe => Process closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully. C:\Program Files (x86)\Mobogenie => Moved successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. Firefox SearchEngineOrder.1 deleted successfully. C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\searchplugins\Mysearchdial.xml => Moved successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully. "C:\Users\Jenny\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found. C:\Users\Jenny\AppData\Local\genienext => Moved successfully. C:\Users\Jenny\AppData\Local\msnxdmad => Moved successfully. C:\Users\Jenny\AppData\Local\jhxuixou => Moved successfully. ==== End of Fixlog ==== ESET LOG ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=71595b09d27a01459780a9d25e75693a # engine=17331 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-03-06 01:02:40 # local_time=2014-03-05 06:02:40 (-0700, Mountain Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 0 230666466 0 0 # scanned=284282 # found=16 # cleaned=0 # scan_time=7925 sh=A9AEC3C8D76F80698570FCC2778C7D9980C8F568 ft=1 fh=af6f7e000a8b6dd1 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\Mobogenie05-03-2014_15-47-17\DaemonProcess.exe" sh=8A396520C9A9167A15FF8C3F83AEBF0FEA4EAEAE ft=1 fh=4bede89b32e23741 vn="a variant of Win32/PCCleaners potentially unwanted application" ac=I fn="C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" sh=0BC242AB15E4055E13D38DFEB8BC58635704FA14 ft=1 fh=ff147e3afb8fd20c vn="a variant of Win32/Kryptik.BVKP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jenny\AppData\Local\pircnfgj.exe.vir" sh=886BFFF2B74E4D2920C8BFE0371583F44014E396 ft=1 fh=ff147e3a4750056b vn="a variant of Win32/Kryptik.BVKP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jenny\AppData\Local\scdkhqif.exe.vir" sh=A184BD791493EC1AACA5D3CA610FAA3D2574D84C ft=1 fh=ff147e3afb8fd20c vn="a variant of Win32/Kryptik.BVKP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jenny\AppData\Local\vnkbqdoh.exe.vir" sh=09B82F25F3484255E03729CBDF18649A4FA61A31 ft=1 fh=23fabdab809eb845 vn="a variant of Win32/Kryptik.BVKP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jenny\AppData\Local\wtutfnrd.exe.vir" sh=B9D616B1B3BB834316D0927CF6C71433C1A976A1 ft=1 fh=ff147e3ab0aab30a vn="Win32/TrojanDownloader.Zortob.F trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jenny\AppData\Local\xwhshpiu.exe.vir" sh=E63586F44A17C40E2088022D6771602878DAA7D9 ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BE trojan" ac=I fn="C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\ahibjmdpkeijhnebmagakmheblenaekf\3.0.7\background.js" sh=6271F3749AEF096B1B565D5A5821745181753D11 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.RAJ trojan" ac=I fn="C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\48cc4fd3-5af53086" sh=6271F3749AEF096B1B565D5A5821745181753D11 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.RAJ trojan" ac=I fn="C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\48cc4fd3-5cd4c775" sh=028AE124A6D7E71AC36409B25DD52D6BE34D475E ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\1a118297-329a8aef" sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\Jenny\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Font Installer Packages\uninstaller.exe" sh=7505E1FCF4961A4CB45890DF87749DF616FF85A2 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B potentially unwanted application" ac=I fn="C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\tq6p3c0r.default\extensions\firefox@mybuzzsearch.com.xpi" sh=4C96F4A6AC5836E6EF3746E58C0551CE803F3EBE ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BE trojan" ac=I fn="C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\tq6p3c0r.default\extensions\{3F9C8107-89A4-417D-C060-AC741B4D04A5}\components\SystemSecurityCryptography.js" sh=D792999D32739844062335B44BA591F78E82D7BA ft=1 fh=371466adb3877be5 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Jenny\Downloads\CuteWriter.exe" sh=A4A12ABE37CC060514E75290AABC0C107C11C2CD ft=1 fh=c71c00118375eaad vn="a variant of Win32/InstallCore.KJ potentially unwanted application" ac=I fn="C:\Users\Topher\Downloads\ZipSetup.exe" FRST.TXT Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02 Ran by Topher (administrator) on OFFICE-PC on 05-03-2014 20:00:02 Running from C:\Users\Topher\Downloads Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe () C:\Windows\MHotKey.exe (Chicony) C:\Windows\ChiFuncExt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Akamai Technologies, Inc.) C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Creative) C:\Windows\CNYHKey.exe (IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (Ziff Davis Media, Inc.) C:\Program Files (x86)\WinTidy\WinTidy.exe (CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (Akamai Technologies, Inc.) C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe (Chicony) C:\Windows\ModLedKey.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7212576 2009-03-10] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LchDrvKey] - C:\Windows\LchDrvKey.exe [36864 2007-03-28] () HKLM-x32\...\Run: [LedKey] - C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative) HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [45056 2009-02-26] (IOI) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink) HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\Run: [Google Update] - "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-21-3433930461-3178264376-1025918575-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.) Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series.lnk ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series.lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () Startup: C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinTidy.lnk ShortcutTarget: WinTidy.lnk -> C:\Program Files (x86)\WinTidy\WinTidy.exe (Ziff Davis Media, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://connect.bch.org/Citrix/AccessPlatform/site/default.aspx HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKCU - DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe64.dll No File BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll No File BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe32.dll No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab DPF: HKLM-x32 {04B6290C-97B8-49A1-B0A3-1312254F7C54} https://clinicalportal.luhcares.org/portal/applets/SharedSession.dll DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: HKLM-x32 {EB29B81A-7351-4890-8BCE-58127C3545F9} https://clinicalportal.luhcares.org/portal/applets/mckntauth.ocx Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe64.dll No File Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe32.dll No File Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default FF user.js: detected! => C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\user.js FF Homepage: hotmail.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Topher\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Topher\AppData\Local\Roblox\Versions\version-88f213c9d8fd49a1\\NPRobloxProxy.dll ( Roblox Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll (DNAML Pty Ltd) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.) FF Extension: Garmin Communicator - C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-02-12] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28] FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-12] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-01-30] FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ Chrome: ======= CHR DefaultSearchProvider: "name": "Mysearchdial" CHR Extension: (Google Docs) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-16] CHR Extension: (Google Drive) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-16] CHR Extension: (YouTube) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-16] CHR Extension: (TrendMicro BEP Extension) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-10-16] CHR Extension: (Google Search) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-16] CHR Extension: (Chrome In-App Payments service) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16] CHR Extension: (Gmail) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-16] CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx [2013-10-16] CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx [2013-10-16] ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 ==================== Drivers (Whitelisted) ==================== S1 Beep; No ImagePath S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] () S3 PolarUSB; C:\Windows\SysWOW64\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X] S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X] U2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-05 20:00 - 2014-03-05 20:00 - 00020444 _____ () C:\Users\Topher\Downloads\FRST.txt 2014-03-05 15:48 - 2014-03-05 15:48 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-05 15:47 - 2014-03-05 15:47 - 02347384 _____ (ESET) C:\Users\Topher\Downloads\esetsmartinstaller_enu.exe 2014-03-05 15:47 - 2014-03-05 15:47 - 00000000 ____D () C:\Users\Topher\Downloads\FRST-OlderVersion 2014-03-05 14:13 - 2014-03-05 14:13 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-03-05 12:09 - 2014-03-05 12:09 - 00000000 ____D () C:\Users\Topher\AppData\Local\CrashDumps 2014-03-05 11:55 - 2014-03-05 11:55 - 00042696 _____ () C:\Users\Topher\Desktop\Addition.txt 2014-03-05 11:54 - 2014-03-05 20:00 - 00000000 ____D () C:\FRST 2014-03-05 11:54 - 2014-03-05 11:55 - 00044358 _____ () C:\Users\Topher\Desktop\FRST.txt 2014-03-05 11:53 - 2014-03-05 15:47 - 02156544 _____ (Farbar) C:\Users\Topher\Downloads\FRST64.exe 2014-03-05 11:50 - 2014-03-05 11:50 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Topher\Downloads\tdsskiller.exe 2014-03-05 08:47 - 2014-03-05 08:47 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.scr 2014-03-05 08:39 - 2014-03-05 08:47 - 00002685 _____ () C:\Users\Topher\Desktop\attach.txt 2014-03-05 08:34 - 2014-03-05 08:34 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.com 2014-03-05 07:44 - 2014-03-05 07:44 - 00017910 _____ () C:\ComboFix.txt 2014-03-05 07:08 - 2014-03-05 07:08 - 05186850 ____R (Swearware) C:\Users\Topher\Downloads\ComboFix.exe 2014-03-04 19:46 - 2014-03-05 07:44 - 00000000 ____D () C:\Qoobox 2014-03-04 19:46 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-04 19:46 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-04 19:46 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-04 19:46 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-04 19:46 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-04 19:46 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-04 19:46 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-04 19:46 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-04 19:40 - 2014-03-04 19:40 - 03819008 _____ () C:\Users\Topher\Downloads\RogueKiller.exe 2014-03-04 19:38 - 2014-03-04 19:38 - 00667952 _____ ( ) C:\Users\Topher\Downloads\ZipSetup.exe 2014-03-04 19:36 - 2014-03-05 06:27 - 00000000 ____D () C:\Windows\ERDNT 2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Jenny\Desktop\ERUNT.lnk 2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Guest\Desktop\ERUNT.lnk 2014-03-04 19:35 - 2014-03-04 19:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-03-04 19:33 - 2014-03-04 19:33 - 00791393 _____ (Lars Hederer ) C:\Users\Topher\Downloads\erunt-setup.exe 2014-03-04 19:31 - 2014-03-04 19:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Topher\Downloads\rkill.exe 2014-03-04 19:19 - 2014-03-04 19:20 - 00001166 _____ () C:\Users\Public\Desktop\Trend Micro Titanium Internet Security Installer.lnk 2014-03-04 19:16 - 2014-03-04 19:17 - 131182568 _____ (Trend Micro Inc.) C:\Users\Topher\Downloads\TrendMicro-TTi_6.0_MR_Full.exe 2014-03-04 03:06 - 2014-02-05 02:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-04 03:06 - 2014-02-05 02:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-04 03:06 - 2014-02-05 02:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-04 03:06 - 2014-02-05 02:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-04 03:06 - 2014-02-05 02:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-04 03:06 - 2014-02-05 02:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-04 03:06 - 2014-02-05 01:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-04 03:06 - 2014-02-05 01:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-03-04 03:06 - 2014-02-05 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-04 03:06 - 2014-02-05 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-04 03:06 - 2014-02-05 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-03-04 03:06 - 2014-02-05 01:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-04 03:05 - 2014-02-05 03:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-04 03:05 - 2014-02-05 03:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-04 03:05 - 2014-02-05 03:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-04 03:05 - 2014-02-05 02:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-04 03:05 - 2014-02-05 02:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-04 03:05 - 2014-02-05 02:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-04 03:05 - 2014-02-05 02:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-04 03:05 - 2014-02-05 02:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-04 03:05 - 2014-02-05 02:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-04 03:05 - 2014-02-05 02:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-04 03:05 - 2014-02-05 01:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-04 03:05 - 2014-02-05 01:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-04 03:05 - 2014-02-05 01:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-04 03:05 - 2014-02-05 01:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-04 03:05 - 2014-02-05 01:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-04 03:05 - 2014-02-05 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-04 03:05 - 2014-02-05 01:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-03-04 03:05 - 2014-02-05 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-04 03:05 - 2014-02-05 01:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-04 03:05 - 2014-02-05 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-04 01:40 - 2013-12-04 21:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-03-04 01:40 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-03-03 21:35 - 2014-03-03 21:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-03 21:34 - 2014-03-04 01:26 - 00000000 ____D () C:\Users\Topher\Downloads\mbar 2014-02-28 19:00 - 2014-02-28 19:00 - 00000340 _____ () C:\Windows\SysWOW64\out.bin 2014-02-26 18:54 - 2014-02-26 18:54 - 00000000 _____ () C:\Users\Jenny\AppData\Roaming\SharedSettings.ccs 2014-02-19 14:19 - 2014-02-19 14:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 15:46 - 2014-02-16 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\New Folder 2014-02-07 19:49 - 2014-03-05 19:56 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2014-02-07 19:49 - 2014-03-05 19:56 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2014-02-07 19:49 - 2014-02-07 19:49 - 00003958 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA 2014-02-07 19:49 - 2014-02-07 19:49 - 00003562 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core 2014-02-07 19:49 - 2014-02-07 19:49 - 00000000 ____D () C:\Program Files (x86)\GUM1272.tmp 2014-02-04 10:45 - 2014-02-04 10:45 - 00277712 _____ () C:\Windows\Minidump\Mini020414-01.dmp ==================== One Month Modified Files and Folders ======= 2014-03-05 20:00 - 2014-03-05 20:00 - 00020444 _____ () C:\Users\Topher\Downloads\FRST.txt 2014-03-05 20:00 - 2014-03-05 11:54 - 00000000 ____D () C:\FRST 2014-03-05 19:59 - 2010-02-04 15:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-05 19:56 - 2014-02-07 19:49 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2014-03-05 19:56 - 2014-02-07 19:49 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2014-03-05 19:56 - 2012-04-11 07:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-05 19:56 - 2006-10-10 12:04 - 01330357 _____ () C:\Windows\WindowsUpdate.log 2014-03-05 18:14 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-05 18:14 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-05 15:48 - 2014-03-05 15:48 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-05 15:47 - 2014-03-05 15:47 - 02347384 _____ (ESET) C:\Users\Topher\Downloads\esetsmartinstaller_enu.exe 2014-03-05 15:47 - 2014-03-05 15:47 - 00000000 ____D () C:\Users\Topher\Downloads\FRST-OlderVersion 2014-03-05 15:47 - 2014-03-05 11:53 - 02156544 _____ (Farbar) C:\Users\Topher\Downloads\FRST64.exe 2014-03-05 15:43 - 2010-02-04 15:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-05 14:21 - 2006-11-02 05:46 - 00713714 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-05 14:14 - 2006-11-02 08:42 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-05 14:14 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-05 14:13 - 2014-03-05 14:13 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-03-05 12:09 - 2014-03-05 12:09 - 00000000 ____D () C:\Users\Topher\AppData\Local\CrashDumps 2014-03-05 11:55 - 2014-03-05 11:55 - 00042696 _____ () C:\Users\Topher\Desktop\Addition.txt 2014-03-05 11:55 - 2014-03-05 11:54 - 00044358 _____ () C:\Users\Topher\Desktop\FRST.txt 2014-03-05 11:50 - 2014-03-05 11:50 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Topher\Downloads\tdsskiller.exe 2014-03-05 08:47 - 2014-03-05 08:47 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.scr 2014-03-05 08:47 - 2014-03-05 08:39 - 00002685 _____ () C:\Users\Topher\Desktop\attach.txt 2014-03-05 08:34 - 2014-03-05 08:34 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.com 2014-03-05 08:16 - 2013-07-27 07:00 - 00458304 _____ () C:\Windows\PFRO.log 2014-03-05 07:44 - 2014-03-05 07:44 - 00017910 _____ () C:\ComboFix.txt 2014-03-05 07:44 - 2014-03-04 19:46 - 00000000 ____D () C:\Qoobox 2014-03-05 07:40 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-05 07:37 - 2013-08-09 08:18 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-05 07:08 - 2014-03-05 07:08 - 05186850 ____R (Swearware) C:\Users\Topher\Downloads\ComboFix.exe 2014-03-05 06:27 - 2014-03-04 19:36 - 00000000 ____D () C:\Windows\ERDNT 2014-03-04 20:54 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default 2014-03-04 20:32 - 2009-09-13 15:58 - 00000000 ____D () C:\Users\Jenny 2014-03-04 19:40 - 2014-03-04 19:40 - 03819008 _____ () C:\Users\Topher\Downloads\RogueKiller.exe 2014-03-04 19:38 - 2014-03-04 19:38 - 00667952 _____ ( ) C:\Users\Topher\Downloads\ZipSetup.exe 2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Jenny\Desktop\ERUNT.lnk 2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Guest\Desktop\ERUNT.lnk 2014-03-04 19:35 - 2014-03-04 19:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-03-04 19:35 - 2009-09-13 15:43 - 00000000 ___RD () C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-04 19:33 - 2014-03-04 19:33 - 00791393 _____ (Lars Hederer ) C:\Users\Topher\Downloads\erunt-setup.exe 2014-03-04 19:31 - 2014-03-04 19:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Topher\Downloads\rkill.exe 2014-03-04 19:20 - 2014-03-04 19:19 - 00001166 _____ () C:\Users\Public\Desktop\Trend Micro Titanium Internet Security Installer.lnk 2014-03-04 19:18 - 2013-07-26 14:49 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-03-04 19:18 - 2010-07-30 15:21 - 00000000 ____D () C:\ProgramData\Trend Micro 2014-03-04 19:17 - 2014-03-04 19:16 - 131182568 _____ (Trend Micro Inc.) C:\Users\Topher\Downloads\TrendMicro-TTi_6.0_MR_Full.exe 2014-03-04 19:08 - 2013-07-27 07:11 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-03-04 03:08 - 2013-08-14 16:04 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-04 03:07 - 2006-11-02 05:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-04 01:30 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\nap 2014-03-04 01:26 - 2014-03-03 21:34 - 00000000 ____D () C:\Users\Topher\Downloads\mbar 2014-03-03 21:35 - 2014-03-03 21:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-02 09:25 - 2013-11-02 14:41 - 00000000 ____D () C:\Users\Jenny\AppData\Local\CutePDF Writer 2014-02-28 19:00 - 2014-02-28 19:00 - 00000340 _____ () C:\Windows\SysWOW64\out.bin 2014-02-26 18:54 - 2014-02-26 18:54 - 00000000 _____ () C:\Users\Jenny\AppData\Roaming\SharedSettings.ccs 2014-02-25 17:03 - 2012-05-05 11:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-21 15:19 - 2012-04-11 07:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 15:19 - 2012-04-11 07:59 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-21 15:19 - 2011-06-06 06:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-21 12:38 - 2012-04-14 11:07 - 00000000 ____D () C:\Users\Topher\Documents\boulderendo 2014-02-19 14:20 - 2014-02-19 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-18 08:47 - 2009-09-20 15:09 - 00002651 _____ () C:\Users\Jenny\Desktop\Microsoft Word 2007.lnk 2014-02-16 16:19 - 2013-05-12 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\Decorating 2014-02-16 15:46 - 2014-02-16 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\New Folder 2014-02-13 12:37 - 2012-12-31 08:55 - 00000000 ____D () C:\Users\Jenny\Documents\Printables 2014-02-12 14:54 - 2010-02-04 15:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-12 14:54 - 2010-02-04 15:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-07 19:49 - 2014-02-07 19:49 - 00003958 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA 2014-02-07 19:49 - 2014-02-07 19:49 - 00003562 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core 2014-02-07 19:49 - 2014-02-07 19:49 - 00000000 ____D () C:\Program Files (x86)\GUM1272.tmp 2014-02-06 12:56 - 2014-02-01 09:55 - 00000000 ____D () C:\Users\Jenny\Documents\Ryan party printables 2014-02-05 14:55 - 2009-09-14 19:10 - 00000000 ____D () C:\Users\Topher\AppData\Local\Adobe 2014-02-05 03:19 - 2014-03-04 03:05 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 03:02 - 2014-03-04 03:05 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 03:00 - 2014-03-04 03:05 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 02:54 - 2014-03-04 03:05 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 02:54 - 2014-03-04 03:05 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 02:52 - 2014-03-04 03:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 02:52 - 2014-03-04 03:05 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 02:52 - 2014-03-04 03:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 02:51 - 2014-03-04 03:06 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 02:51 - 2014-03-04 03:06 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 02:51 - 2014-03-04 03:05 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 02:51 - 2014-03-04 03:05 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 02:51 - 2014-03-04 03:05 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 02:50 - 2014-03-04 03:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 02:50 - 2014-03-04 03:06 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-05 02:50 - 2014-03-04 03:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 01:58 - 2014-03-04 03:05 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-05 01:56 - 2014-03-04 03:05 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-05 01:53 - 2014-03-04 03:05 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-05 01:51 - 2014-03-04 03:05 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-05 01:50 - 2014-03-04 03:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-05 01:49 - 2014-03-04 03:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-05 01:49 - 2014-03-04 03:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-05 01:48 - 2014-03-04 03:06 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-05 01:48 - 2014-03-04 03:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-05 01:48 - 2014-03-04 03:06 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-05 01:48 - 2014-03-04 03:05 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-05 01:48 - 2014-03-04 03:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-05 01:47 - 2014-03-04 03:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-05 01:47 - 2014-03-04 03:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-05 01:47 - 2014-03-04 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-05 01:46 - 2014-03-04 03:06 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-04 12:46 - 2005-02-12 15:47 - 00000000 ____D () C:\Users\Jenny\Documents\Random 2014-02-04 12:44 - 2012-01-26 14:42 - 00000000 ____D () C:\Users\Jenny\Documents\Documents for iPhone 2014-02-04 12:42 - 2005-02-12 15:47 - 00000000 ____D () C:\Users\Jenny\Documents\Work - Summaries, Notes 2014-02-04 10:45 - 2014-02-04 10:45 - 00277712 _____ () C:\Windows\Minidump\Mini020414-01.dmp 2014-02-04 10:45 - 2013-05-12 19:36 - 512441477 _____ () C:\Windows\MEMORY.DMP 2014-02-04 10:45 - 2013-05-12 19:36 - 00000000 ____D () C:\Windows\Minidump Files to move or delete: ==================== C:\Users\Jenny\gotomypc_533.exe Some content of TEMP: ==================== C:\Users\Topher\AppData\Local\temp\{D54EAD61-F722-4BAE-97B4-4D1E114713C4}.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-05 14:21 ==================== End Of Log ============================
  3. Wow. You guys rock. Thank you. Done. Here is report. It won't let me post (too long) so attaching it again. TDSSKiller.3.0.0.25_05.03.2014_14.12.27_log.txt
  4. Thanks for the help. Here are the log files. Apparently TDS Killer Log is too long, I'll try attaching that one. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 Ran by Topher (administrator) on OFFICE-PC on 05-03-2014 11:54:38 Running from C:\Users\Topher\Downloads Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Akamai Technologies, Inc.) C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Ziff Davis Media, Inc.) C:\Program Files (x86)\WinTidy\WinTidy.exe (Creative) C:\Windows\CNYHKey.exe (IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (Akamai Technologies, Inc.) C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe () C:\Windows\MHotKey.exe (Chicony) C:\Windows\ModLedKey.exe (Chicony) C:\Windows\ChiFuncExt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7212576 2009-03-10] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LchDrvKey] - C:\Windows\LchDrvKey.exe [36864 2007-03-28] () HKLM-x32\...\Run: [LedKey] - C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative) HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [45056 2009-02-26] (IOI) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink) HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [747712 2013-11-22] () HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\Run: [Google Update] - "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-21-3433930461-3178264376-1025918575-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.) Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series.lnk ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series.lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () Startup: C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinTidy.lnk ShortcutTarget: WinTidy.lnk -> C:\Program Files (x86)\WinTidy\WinTidy.exe (Ziff Davis Media, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://connect.bch.org/Citrix/AccessPlatform/site/default.aspx HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=sumamsd1103&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyC0FtA0CyB0DtD0A0EtCzztN0D0Tzu0SyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=977953915&ir= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKCU - DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe64.dll No File BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll No File BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe32.dll No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab DPF: HKLM-x32 {04B6290C-97B8-49A1-B0A3-1312254F7C54} https://clinicalportal.luhcares.org/portal/applets/SharedSession.dll DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: HKLM-x32 {EB29B81A-7351-4890-8BCE-58127C3545F9} https://clinicalportal.luhcares.org/portal/applets/mckntauth.ocx Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe64.dll No File Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe32.dll No File Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default FF user.js: detected! => C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\user.js FF SearchEngineOrder.1: Mysearchdial FF Homepage: hotmail.com FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Topher\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Topher\AppData\Local\Roblox\Versions\version-88f213c9d8fd49a1\\NPRobloxProxy.dll ( Roblox Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll (DNAML Pty Ltd) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.) FF SearchPlugin: C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\searchplugins\Mysearchdial.xml FF Extension: Garmin Communicator - C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-02-12] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28] FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-12] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-01-30] FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ Chrome: ======= CHR DefaultSearchProvider: "name": "Mysearchdial" CHR Extension: (Google Docs) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-16] CHR Extension: (Google Drive) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-16] CHR Extension: (YouTube) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-16] CHR Extension: (TrendMicro BEP Extension) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-10-16] CHR Extension: (Google Search) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-16] CHR Extension: (Chrome In-App Payments service) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16] CHR Extension: (Gmail) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-16] CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx [2013-10-16] CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Jenny\AppData\Local\mysearchdial-speeddial.crx [2013-10-16] CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx [2013-10-16] ==================== Services (Whitelisted) ================= R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 ==================== Drivers (Whitelisted) ==================== S1 Beep; No ImagePath S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] () S3 PolarUSB; C:\Windows\SysWOW64\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X] S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X] U2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-05 11:54 - 2014-03-05 11:54 - 00024742 _____ () C:\Users\Topher\Downloads\FRST.txt 2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\FRST 2014-03-05 11:53 - 2014-03-05 11:53 - 02157056 _____ (Farbar) C:\Users\Topher\Downloads\FRST64.exe 2014-03-05 11:50 - 2014-03-05 11:50 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Topher\Downloads\tdsskiller.exe 2014-03-05 08:47 - 2014-03-05 08:47 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.scr 2014-03-05 08:39 - 2014-03-05 08:47 - 00002685 _____ () C:\Users\Topher\Desktop\attach.txt 2014-03-05 08:34 - 2014-03-05 08:34 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.com 2014-03-05 07:44 - 2014-03-05 07:44 - 00017910 _____ () C:\ComboFix.txt 2014-03-05 07:08 - 2014-03-05 07:08 - 05186850 ____R (Swearware) C:\Users\Topher\Downloads\ComboFix.exe 2014-03-04 19:46 - 2014-03-05 07:44 - 00000000 ____D () C:\Qoobox 2014-03-04 19:46 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-03-04 19:46 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-03-04 19:46 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-03-04 19:46 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-03-04 19:46 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-03-04 19:46 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe 2014-03-04 19:46 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe 2014-03-04 19:46 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe 2014-03-04 19:40 - 2014-03-04 19:40 - 03819008 _____ () C:\Users\Topher\Downloads\RogueKiller.exe 2014-03-04 19:38 - 2014-03-04 19:38 - 00667952 _____ ( ) C:\Users\Topher\Downloads\ZipSetup.exe 2014-03-04 19:36 - 2014-03-05 06:27 - 00000000 ____D () C:\Windows\ERDNT 2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Jenny\Desktop\ERUNT.lnk 2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Guest\Desktop\ERUNT.lnk 2014-03-04 19:35 - 2014-03-04 19:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-03-04 19:33 - 2014-03-04 19:33 - 00791393 _____ (Lars Hederer ) C:\Users\Topher\Downloads\erunt-setup.exe 2014-03-04 19:31 - 2014-03-04 19:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Topher\Downloads\rkill.exe 2014-03-04 19:19 - 2014-03-04 19:20 - 00001166 _____ () C:\Users\Public\Desktop\Trend Micro Titanium Internet Security Installer.lnk 2014-03-04 19:16 - 2014-03-04 19:17 - 131182568 _____ (Trend Micro Inc.) C:\Users\Topher\Downloads\TrendMicro-TTi_6.0_MR_Full.exe 2014-03-04 03:06 - 2014-02-05 02:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-04 03:06 - 2014-02-05 02:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-04 03:06 - 2014-02-05 02:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-04 03:06 - 2014-02-05 02:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-04 03:06 - 2014-02-05 02:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-04 03:06 - 2014-02-05 02:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-04 03:06 - 2014-02-05 01:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-04 03:06 - 2014-02-05 01:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-03-04 03:06 - 2014-02-05 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-04 03:06 - 2014-02-05 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-04 03:06 - 2014-02-05 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-03-04 03:06 - 2014-02-05 01:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-04 03:05 - 2014-02-05 03:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-04 03:05 - 2014-02-05 03:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-04 03:05 - 2014-02-05 03:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-04 03:05 - 2014-02-05 02:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-04 03:05 - 2014-02-05 02:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-04 03:05 - 2014-02-05 02:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-04 03:05 - 2014-02-05 02:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-04 03:05 - 2014-02-05 02:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-04 03:05 - 2014-02-05 02:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-04 03:05 - 2014-02-05 02:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-04 03:05 - 2014-02-05 01:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-04 03:05 - 2014-02-05 01:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-04 03:05 - 2014-02-05 01:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-04 03:05 - 2014-02-05 01:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-04 03:05 - 2014-02-05 01:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-04 03:05 - 2014-02-05 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-04 03:05 - 2014-02-05 01:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-03-04 03:05 - 2014-02-05 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-04 03:05 - 2014-02-05 01:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-04 03:05 - 2014-02-05 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-04 01:40 - 2013-12-04 21:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-03-04 01:40 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-03-03 21:35 - 2014-03-03 21:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-03 21:34 - 2014-03-04 01:26 - 00000000 ____D () C:\Users\Topher\Downloads\mbar 2014-02-28 19:00 - 2014-02-28 19:00 - 00000340 _____ () C:\Windows\SysWOW64\out.bin 2014-02-26 18:57 - 2014-02-26 18:57 - 00012326 _____ () C:\Users\Jenny\AppData\Local\msnxdmad 2014-02-26 18:56 - 2014-02-26 18:56 - 00068161 _____ () C:\Users\Jenny\AppData\Local\jhxuixou 2014-02-26 18:54 - 2014-02-26 18:54 - 00000000 _____ () C:\Users\Jenny\AppData\Roaming\SharedSettings.ccs 2014-02-19 14:19 - 2014-02-19 14:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 15:46 - 2014-02-16 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\New Folder 2014-02-07 19:49 - 2014-03-05 11:54 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2014-02-07 19:49 - 2014-03-04 19:54 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2014-02-07 19:49 - 2014-02-07 19:49 - 00003958 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA 2014-02-07 19:49 - 2014-02-07 19:49 - 00003562 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core 2014-02-07 19:49 - 2014-02-07 19:49 - 00000000 ____D () C:\Program Files (x86)\GUM1272.tmp 2014-02-04 10:45 - 2014-02-04 10:45 - 00277712 _____ () C:\Windows\Minidump\Mini020414-01.dmp ==================== One Month Modified Files and Folders ======= 2014-03-05 11:54 - 2014-03-05 11:54 - 00024742 _____ () C:\Users\Topher\Downloads\FRST.txt 2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\FRST 2014-03-05 11:54 - 2014-02-07 19:49 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2014-03-05 11:53 - 2014-03-05 11:53 - 02157056 _____ (Farbar) C:\Users\Topher\Downloads\FRST64.exe 2014-03-05 11:50 - 2014-03-05 11:50 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Topher\Downloads\tdsskiller.exe 2014-03-05 11:48 - 2012-04-11 07:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-05 11:46 - 2010-02-04 15:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-05 11:46 - 2006-10-10 12:04 - 01304758 _____ () C:\Windows\WindowsUpdate.log 2014-03-05 11:45 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-05 11:45 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-05 08:47 - 2014-03-05 08:47 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.scr 2014-03-05 08:47 - 2014-03-05 08:39 - 00002685 _____ () C:\Users\Topher\Desktop\attach.txt 2014-03-05 08:34 - 2014-03-05 08:34 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.com 2014-03-05 08:21 - 2006-11-02 05:46 - 00713714 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-05 08:16 - 2013-07-27 07:00 - 00458304 _____ () C:\Windows\PFRO.log 2014-03-05 08:16 - 2010-02-04 15:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-05 08:16 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-05 08:15 - 2006-11-02 08:42 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-05 07:44 - 2014-03-05 07:44 - 00017910 _____ () C:\ComboFix.txt 2014-03-05 07:44 - 2014-03-04 19:46 - 00000000 ____D () C:\Qoobox 2014-03-05 07:40 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini 2014-03-05 07:37 - 2013-08-09 08:18 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-05 07:08 - 2014-03-05 07:08 - 05186850 ____R (Swearware) C:\Users\Topher\Downloads\ComboFix.exe 2014-03-05 06:27 - 2014-03-04 19:36 - 00000000 ____D () C:\Windows\ERDNT 2014-03-04 20:54 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default 2014-03-04 20:32 - 2009-09-13 15:58 - 00000000 ____D () C:\Users\Jenny 2014-03-04 19:54 - 2014-02-07 19:49 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2014-03-04 19:40 - 2014-03-04 19:40 - 03819008 _____ () C:\Users\Topher\Downloads\RogueKiller.exe 2014-03-04 19:38 - 2014-03-04 19:38 - 00667952 _____ ( ) C:\Users\Topher\Downloads\ZipSetup.exe 2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Jenny\Desktop\ERUNT.lnk 2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Guest\Desktop\ERUNT.lnk 2014-03-04 19:35 - 2014-03-04 19:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-03-04 19:35 - 2009-09-13 15:43 - 00000000 ___RD () C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-04 19:33 - 2014-03-04 19:33 - 00791393 _____ (Lars Hederer ) C:\Users\Topher\Downloads\erunt-setup.exe 2014-03-04 19:31 - 2014-03-04 19:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Topher\Downloads\rkill.exe 2014-03-04 19:20 - 2014-03-04 19:19 - 00001166 _____ () C:\Users\Public\Desktop\Trend Micro Titanium Internet Security Installer.lnk 2014-03-04 19:18 - 2013-07-26 14:49 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-03-04 19:18 - 2010-07-30 15:21 - 00000000 ____D () C:\ProgramData\Trend Micro 2014-03-04 19:17 - 2014-03-04 19:16 - 131182568 _____ (Trend Micro Inc.) C:\Users\Topher\Downloads\TrendMicro-TTi_6.0_MR_Full.exe 2014-03-04 19:08 - 2013-07-27 07:11 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-03-04 03:08 - 2013-08-14 16:04 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-04 03:07 - 2006-11-02 05:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-04 01:30 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\nap 2014-03-04 01:26 - 2014-03-03 21:34 - 00000000 ____D () C:\Users\Topher\Downloads\mbar 2014-03-03 21:35 - 2014-03-03 21:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-02 09:25 - 2013-11-02 14:41 - 00000000 ____D () C:\Users\Jenny\AppData\Local\CutePDF Writer 2014-02-28 19:00 - 2014-02-28 19:00 - 00000340 _____ () C:\Windows\SysWOW64\out.bin 2014-02-26 18:57 - 2014-02-26 18:57 - 00012326 _____ () C:\Users\Jenny\AppData\Local\msnxdmad 2014-02-26 18:56 - 2014-02-26 18:56 - 00068161 _____ () C:\Users\Jenny\AppData\Local\jhxuixou 2014-02-26 18:54 - 2014-02-26 18:54 - 00000000 _____ () C:\Users\Jenny\AppData\Roaming\SharedSettings.ccs 2014-02-25 17:03 - 2012-05-05 11:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-21 15:19 - 2012-04-11 07:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 15:19 - 2012-04-11 07:59 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-21 15:19 - 2011-06-06 06:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-21 12:38 - 2012-04-14 11:07 - 00000000 ____D () C:\Users\Topher\Documents\boulderendo 2014-02-19 14:20 - 2014-02-19 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-18 08:47 - 2009-09-20 15:09 - 00002651 _____ () C:\Users\Jenny\Desktop\Microsoft Word 2007.lnk 2014-02-16 16:19 - 2013-05-12 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\Decorating 2014-02-16 15:46 - 2014-02-16 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\New Folder 2014-02-13 12:37 - 2012-12-31 08:55 - 00000000 ____D () C:\Users\Jenny\Documents\Printables 2014-02-12 14:54 - 2010-02-04 15:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-12 14:54 - 2010-02-04 15:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-07 19:49 - 2014-02-07 19:49 - 00003958 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA 2014-02-07 19:49 - 2014-02-07 19:49 - 00003562 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core 2014-02-07 19:49 - 2014-02-07 19:49 - 00000000 ____D () C:\Program Files (x86)\GUM1272.tmp 2014-02-06 12:56 - 2014-02-01 09:55 - 00000000 ____D () C:\Users\Jenny\Documents\Ryan party printables 2014-02-05 14:55 - 2009-09-14 19:10 - 00000000 ____D () C:\Users\Topher\AppData\Local\Adobe 2014-02-05 14:51 - 2013-12-01 15:42 - 00000000 ____D () C:\Users\Jenny\AppData\Local\genienext 2014-02-05 03:19 - 2014-03-04 03:05 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-05 03:02 - 2014-03-04 03:05 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-05 03:00 - 2014-03-04 03:05 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-05 02:54 - 2014-03-04 03:05 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-05 02:54 - 2014-03-04 03:05 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-05 02:52 - 2014-03-04 03:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-05 02:52 - 2014-03-04 03:05 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-05 02:52 - 2014-03-04 03:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-05 02:51 - 2014-03-04 03:06 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-05 02:51 - 2014-03-04 03:06 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-05 02:51 - 2014-03-04 03:05 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-05 02:51 - 2014-03-04 03:05 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-05 02:51 - 2014-03-04 03:05 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-05 02:50 - 2014-03-04 03:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-05 02:50 - 2014-03-04 03:06 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-05 02:50 - 2014-03-04 03:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-05 01:58 - 2014-03-04 03:05 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-05 01:56 - 2014-03-04 03:05 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-05 01:53 - 2014-03-04 03:05 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-05 01:51 - 2014-03-04 03:05 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-05 01:50 - 2014-03-04 03:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-05 01:49 - 2014-03-04 03:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-05 01:49 - 2014-03-04 03:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-02-05 01:48 - 2014-03-04 03:06 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-05 01:48 - 2014-03-04 03:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-05 01:48 - 2014-03-04 03:06 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-05 01:48 - 2014-03-04 03:05 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-05 01:48 - 2014-03-04 03:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-05 01:47 - 2014-03-04 03:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-05 01:47 - 2014-03-04 03:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-02-05 01:47 - 2014-03-04 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-05 01:46 - 2014-03-04 03:06 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-04 12:46 - 2005-02-12 15:47 - 00000000 ____D () C:\Users\Jenny\Documents\Random 2014-02-04 12:44 - 2012-01-26 14:42 - 00000000 ____D () C:\Users\Jenny\Documents\Documents for iPhone 2014-02-04 12:42 - 2005-02-12 15:47 - 00000000 ____D () C:\Users\Jenny\Documents\Work - Summaries, Notes 2014-02-04 10:45 - 2014-02-04 10:45 - 00277712 _____ () C:\Windows\Minidump\Mini020414-01.dmp 2014-02-04 10:45 - 2013-05-12 19:36 - 512441477 _____ () C:\Windows\MEMORY.DMP 2014-02-04 10:45 - 2013-05-12 19:36 - 00000000 ____D () C:\Windows\Minidump Files to move or delete: ==================== C:\Users\Jenny\gotomypc_533.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-05 08:21 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014 Ran by Topher at 2014-03-05 11:55:17 Running from C:\Users\Topher\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden ABIM Tutorial (HKLM-x32\...\{9F050422-7445-40AF-BAD0-12F7FDC23D5E}) (Version: 2.12.5.77 - Pearson VUE) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.) Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden Canon MP Navigator 2.0 (HKLM-x32\...\MP Navigator 2.0) (Version: - ) Canon MP500 (HKLM\...\{BA4DF4C3-196E-4128-969A-00996B5A46F8}) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix) Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Citrix online plug-in (DV) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden Citrix online plug-in (HDX) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden Citrix online plug-in (USB) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden Citrix online plug-in (Web) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325a - CyberLink Corp.) CyberLink Power2Go (x32 Version: 6.0.2325a - CyberLink Corp.) Hidden Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Documents To Go Desktop for iPhone (HKLM-x32\...\DTGDesktop) (Version: 2.0000.006 - DataViz, Inc.) Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.300 - Nuance Communications Inc.) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) Evernote v. 4.5.4 (HKLM-x32\...\{2A07AA78-79DB-11E1-8313-984BE15F174E}) (Version: 4.5.4.6498 - Evernote Corp.) FileMaker Pro 10 (HKLM-x32\...\{96F5D143-C950-465D-A8BE-C3D4D9CB3C1F}) (Version: 10.0.3.0 - FileMaker, Inc.) FlexiLayouts 2 PRO Editor (HKLM-x32\...\com.extend.csslayoutspro) (Version: 2.1.140 - Extend Studio S.R.L.) FlexiLayouts 2 PRO Editor (x32 Version: 2.1.140 - Extend Studio S.R.L.) Hidden Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.52 - WildTangent) Gateway Photo Frame 4.2.3.6 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.6 - I/O Interconnect) Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3006 - Acer Incorporated) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife) HP Photosmart 7510 series Basic Device Software (HKLM\...\{7B286FFB-7F98-4337-9903-A2103AAAAE5E}) (Version: 25.0.571.0 - Hewlett-Packard Co.) HP Photosmart 7510 series Help (HKLM-x32\...\{24E01F02-4261-42B8-9BD9-80E5E6D64952}) (Version: 140.0.2.2 - Hewlett Packard) HP Photosmart 7510 series Product Improvement Study (HKLM\...\{2543D658-38B1-4286-BA75-12CA6103743D}) (Version: 25.0.571.0 - Hewlett-Packard Co.) HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.290 - Sun Microsystems, Inc.) Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway) LEGO Universe (HKLM-x32\...\NetDevil_LEGO_Universe_is1) (Version: - LEGO Software) LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft) Microsoft Money Shared Libraries (x32 Version: 16.0.0.705 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation) Polar IrDA USB Adapter (HKLM-x32\...\{7A6EC173-9388-4172-8F44-17FFEA8A53BC}) (Version: 1.03.0000 - ) Polar ProTrainer (HKLM-x32\...\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}) (Version: 5.20.130 - ) PowerAgent 7.4.5 (HKLM-x32\...\PowerAgent_is1) (Version: - Saris Cycling Group) PowerAgent 7.5.3.27 (HKLM\...\PowerAgent_is1) (Version: - Saris Cycling Group, Inc.) PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5807 - Realtek Semiconductor Corp.) ROBLOX Player for Topher (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Safari (HKLM-x32\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrainingPeaks Device Agent (HKLM-x32\...\{C1C5E1B5-14C1-49BB-8C92-42F028544CA6}) (Version: 3.0.88.1 - TrainingPeaks) TrainingPeaks WKO+ (HKLM-x32\...\{BCCDBCD1-3614-4df9-8796-320188288606}) (Version: 3.00.048 - TrainingPeaks) TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 10.20.200 - Nuance Communications Inc.) WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin) Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden WinTidy 1.0.11 (HKLM-x32\...\PC Magazine's WinTidy_is1) (Version: 1.0.11 - Ziff Davis Media, Inc.) ==================== Restore Points ========================= 11-10-2013 21:35:30 Windows Update 14-10-2013 16:28:20 Scheduled Checkpoint 31-10-2013 02:31:04 Scheduled Checkpoint 05-11-2013 03:47:45 Scheduled Checkpoint 06-11-2013 03:09:32 Scheduled Checkpoint 12-11-2013 19:07:24 Scheduled Checkpoint 13-11-2013 23:48:49 Windows Update 14-11-2013 10:00:29 Windows Update 15-11-2013 02:30:08 Scheduled Checkpoint 25-11-2013 02:31:32 Installed WeatherBug 03-12-2013 03:09:00 Removed Bing Bar 09-12-2013 23:51:07 Scheduled Checkpoint 12-12-2013 10:00:27 Windows Update 15-12-2013 00:26:42 Device Driver Package Install: Citrix Systems Inc. 15-12-2013 00:54:16 Windows Update 17-12-2013 23:44:28 Scheduled Checkpoint 18-12-2013 13:32:50 Scheduled Checkpoint 21-12-2013 22:20:31 Scheduled Checkpoint 15-01-2014 01:13:35 Scheduled Checkpoint 15-01-2014 21:22:55 Windows Update 17-01-2014 14:16:47 Scheduled Checkpoint 18-01-2014 16:46:39 Removed WeatherBug ==================== Hosts content: ========================== 2006-11-02 05:34 - 2014-03-05 07:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {04AE77BA-0E2A-48B2-AD8F-B23E00575863} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {350F3B72-6350-4AC4-B52E-1F272DFA277F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04] (Google Inc.) Task: {5E1D1306-3C68-46D5-820D-71FB84A9AE4B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation) Task: {6D72F9F4-373C-4354-93C6-A7646EADCAC1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated) Task: {6E87849F-780D-4743-A7DF-98B3C0ED828D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04] (Google Inc.) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {840DAB68-0770-4829-91D7-3A28321B74E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {9494C612-558A-4BBB-832C-AF44A1911056} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {9A7DF967-F80A-4C3F-98BA-28BB2BFED9C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe Task: {BD325C4D-1EB9-49CA-98C3-E97DC9359D11} - System32\Tasks\AdobeAAMUpdater-1.0-Office-PC-Jenny => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated) Task: {E0B3DFFF-49A2-48BF-9A7F-AA4EC3205733} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-02-25] (Acer) Task: {E56789B0-9980-4C7E-92B0-D6EB465BBCB5} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {FE729E00-D28E-4133-BFB4-9E6F73061300} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] () Task: {FF888BC1-B274-4C48-81B2-15DFB52CF973} - System32\Tasks\AdobeAAMUpdater-1.0-Office-PC-Topher => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-02 14:25 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll 2009-04-02 01:22 - 2008-05-30 10:50 - 00581120 _____ () C:\Windows\MHotKey.exe 2013-12-01 15:42 - 2013-11-22 04:25 - 00747712 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe 2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2009-02-26 13:11 - 2009-02-26 13:11 - 00031744 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll 2009-02-26 13:11 - 2009-02-26 13:11 - 00025088 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll 2008-08-27 16:32 - 2008-08-27 16:32 - 00619816 ____N () C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll 2008-06-09 09:55 - 2008-06-09 09:55 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2014-02-19 14:19 - 2014-02-19 14:20 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-02-21 15:19 - 2014-02-21 15:19 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Citrix XenApp.lnk => C:\Windows\pss\Citrix XenApp.lnk.CommonStartup ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Photosmart Prem C310 series Description: Photosmart Prem C310 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart 7510 series Description: Photosmart 7510 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/05/2014 08:17:48 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/05/2014 06:28:59 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/04/2014 07:13:08 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/04/2014 07:02:39 PM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{7CD9BD50-DA2C-4246-8247-84C8FBCD7932}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (03/05/2014 08:17:48 AM) (Source: Service Control Manager) (User: ) Description: Beep SRTSP SRTSPX Error: (03/05/2014 08:17:48 AM) (Source: Service Control Manager) (User: ) Description: Norton Internet Security%%3 Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Microsoft Office Sessions: ========================= Error: (04/26/2012 10:03:02 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/26/2012 09:45:58 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/26/2012 09:45:42 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-03-05 11:55:12.395 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-05 11:55:12.064 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-05 11:55:11.740 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-05 11:55:11.418 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-05 11:55:11.074 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-05 11:55:10.754 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-05 11:55:10.429 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-05 11:55:10.094 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-05 08:47:49.884 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-03-05 08:47:49.435 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 51% Total physical RAM: 4060.26 MB Available physical RAM: 1954.54 MB Total Pagefile: 8317.26 MB Available Pagefile: 5938.71 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:583.17 GB) (Free:344.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: CD6556B4) Partition: GPT Partition Type. ==================== End Of Log ============================ TDSSKiller_Log.txt
  5. For about 1 week, have been getting frequent (every few minutes) pop-up notification in system tray from Malware Bytes, "Malware bytes has successfully blocked access to a potentially malicious website: various IPs" Port: various Type: outgoing Process: explorer.exe This occurs even when no browser is running. I don't have any peer-to-peer or Skype running, that I am aware of. Running MalwareBytes Pro, have not been able to stop process. Here is attach.txt (DDS only created 1 log file, not sure why, I'm new to this). Thanks. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 10/10/2006 1:05:21 PM System Uptime: 3/5/2014 8:15:48 AM (0 hours ago) . Motherboard: Gateway | | WG43M Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 583 GiB total, 344.491 GiB free. D: is CDROM () E: is Removable G: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&1D01FCF&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&1D01FCF&0 Service: i8042prt . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart Prem C310 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart Prem C310 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart 7510 series Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: HP Name: Photosmart 7510 series PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: . ==== System Restore Points =================== . RP658: 10/11/2013 3:35:30 PM - Windows Update RP659: 10/14/2013 10:28:20 AM - Scheduled Checkpoint RP660: 10/30/2013 8:31:04 PM - Scheduled Checkpoint RP661: 11/4/2013 8:47:45 PM - Scheduled Checkpoint RP662: 11/5/2013 8:09:32 PM - Scheduled Checkpoint RP663: 11/12/2013 12:07:24 PM - Scheduled Checkpoint RP664: 11/13/2013 4:48:49 PM - Windows Update RP665: 11/14/2013 3:00:29 AM - Windows Update RP666: 11/14/2013 7:30:08 PM - Scheduled Checkpoint RP667: 11/24/2013 7:31:32 PM - Installed WeatherBug RP668: 12/2/2013 8:09:00 PM - Removed Bing Bar RP669: 12/9/2013 4:51:07 PM - Scheduled Checkpoint RP670: 12/12/2013 3:00:27 AM - Windows Update RP671: 12/14/2013 5:26:42 PM - Device Driver Package Install: Citrix Systems Inc. RP672: 12/14/2013 5:54:16 PM - Windows Update RP673: 12/17/2013 4:44:28 PM - Scheduled Checkpoint RP674: 12/18/2013 6:32:50 AM - Scheduled Checkpoint RP675: 12/21/2013 3:20:31 PM - Scheduled Checkpoint RP676: 1/14/2014 6:13:35 PM - Scheduled Checkpoint RP677: 1/15/2014 2:22:55 PM - Windows Update RP678: 1/17/2014 7:16:47 AM - Scheduled Checkpoint RP679: 1/18/2014 9:46:39 AM - Removed WeatherBug . ==== Image File Execution Options ============= . . ==== Installed Programs ====================== . . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.