Can't remove Trojan.Zaccess

[filmdummy]

Hi, I'm knew to these forums and can't remove a Trojan called Zaccess with Malwarebytes Pro.

[Maniac]

Hello filmdummy and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
• One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

  If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

  Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

  Please read:

  • When should I re-format? How should I reinstall?
  • Help: I Got Hacked. Now What Do I Do?
  • Where to draw the line? When to recommend a format and reinstall?
  Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

  Please let us know how you would like to proceed.

[filmdummy]

 Hi Borislav, and thank you so much for your reply. I must apologize right off the bat for not being that computer tech savy.

 

I am a paying customer if you mean I running Malwarebytes Pro.

 

 

"the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System."

 

- I would like to try and clean the problem first and take it from there, because I don't believe I have a copy of the operating system where I'm staying right now and I'm a little afraid I'll screw something up during the process (I'm not computer tech savy) and loose all kinds of data.

 

Thoughts?
 

[Maniac]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[filmdummy]

^{Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 03
Ran by Owner (administrator) on 20-08-2013 08:47:57
Running from C:\Users\Owner\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal}

^{==================== Processes (Whitelisted) =================}

^{(Webroot) C:\Program Files\Webroot\WRSA.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Facebook) C:\Users\Owner\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Microsoft Corporation) C:\windows\splwow64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe}

^{==================== Registry (Whitelisted) ==================}

^{HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Epson Stylus NX510(Network)] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\windows\TEMP\E_S4A28.tmp" /EF "HKCU" [x]
HKCU\...\Run: [Facebook Update] - C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-11] (Google Inc.)
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
MountPoints2: {9ae4c409-20a0-11df-bea8-806e6f6e6963} - D:\install.EXE id= ver=1.0.0.0
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [749624 2013-08-02] (Webroot)
HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Owner\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)}

^{==================== Internet (Whitelisted) ====================}

^{HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
URLSearchHook: (No Name) - {b9b97401-98e1-4942-930d-c36652dab7f2} -  No File
URLSearchHook: (No Name) - {b3b5c47e-61f7-4d81-af06-461fc86686ce} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=109936&babsrc=SP_ss&mntrId=cc6cf4d7000000000000b482fe27e231
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {4361502C-9948-4D73-9E04-DCCAE5CC8C07} URL =
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll ()
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: TranslatorBar 5 Toolbar - {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTran.dll (Conduit Ltd.)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - TranslatorBar 5 Toolbar - {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTran.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {B9B97401-98E1-4942-930D-C36652DAB7F2} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62}

<sup>Chrome:
=======


CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U14) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Facebook Desktop) - C:\Users\Owner\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0
CHR Extension: (Webroot) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.0.15_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx</sup>

^{==================== Services (Whitelisted) =================}

^{S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-05-26] (Adobe Systems)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [749624 2013-08-02] (Webroot)
S2 Adobe Version Cue CS2; "C:\Users\Owner\Desktop\Photoshop install\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service [x]}

^{==================== Drivers (Whitelisted) ====================}

^{S0 KPSisbGS; C:\Windows\System32\drivers\KPSisbGS.sys [114184 2013-08-20] (Webroot)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114184 2013-08-02] (Webroot)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U4 mbamswissarmy;
U0 SR;
U2 srservice;
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]}

^{==================== NetSvcs (Whitelisted) ===================}

^{==================== One Month Created Files and Folders ========}

^{2013-08-20 08:37 - 2013-08-20 08:37 - 05106564 _____ (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2013-08-20 07:16 - 2013-08-20 08:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-20 07:15 - 2013-08-20 08:20 - 00000000 ____D C:\Users\Owner\Desktop\mbar
2013-08-20 07:13 - 2013-08-20 07:13 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.06.1.1005.exe
2013-08-20 07:06 - 2013-08-20 07:06 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2013-08-20 06:47 - 2013-08-20 06:48 - 00020601 _____ C:\Users\Owner\Desktop\Addition.txt
2013-08-20 06:46 - 2013-08-20 06:46 - 00000000 ____D C:\FRST
2013-08-20 06:45 - 2013-08-20 06:45 - 01576196 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-08-20 06:41 - 2013-08-20 06:41 - 01576196 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-08-19 15:12 - 2013-08-19 15:59 - 00215729 _____ C:\Users\Owner\Desktop\Shopping List for Murder (screenplay part I).fdr
2013-08-19 15:09 - 2013-08-19 16:04 - 00206590 _____ C:\Users\Owner\Desktop\Shopping List for Murder (screenplay part II).fdr
2013-08-17 13:19 - 2013-08-17 13:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{65F50CD0-7353-4546-B849-7BA14FFC8E44}
2013-08-17 06:21 - 2013-08-17 06:21 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-17 06:20 - 2013-08-17 06:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 06:20 - 2013-08-17 06:21 - 00000000 ____D C:\Program Files\iTunes
2013-08-17 06:20 - 2013-08-17 06:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-17 06:20 - 2013-08-17 06:20 - 00000000 ____D C:\Program Files\iPod
2013-08-15 00:56 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-15 00:56 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-15 00:56 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-15 00:56 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-15 00:56 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-15 00:56 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-15 00:56 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-15 00:56 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-15 00:56 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-15 00:56 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-15 00:56 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-15 00:56 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-15 00:56 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-15 00:56 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-15 00:56 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-15 00:56 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-15 00:56 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-15 00:56 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-15 00:56 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-15 00:56 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-15 00:56 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-15 00:56 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-15 00:56 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-15 00:56 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-15 00:56 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-15 00:56 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-15 00:56 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-15 00:56 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-15 00:56 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-15 00:56 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-15 00:56 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 23:59 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-14 23:59 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-14 23:59 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-14 23:59 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-14 23:59 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-14 23:59 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-14 23:59 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-08-14 23:59 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-14 23:59 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-14 23:59 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-14 23:59 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-14 23:59 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-14 23:59 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-08-14 23:59 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-08-14 23:59 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-08-14 23:59 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-14 23:59 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-14 23:59 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-08-14 23:59 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-14 23:59 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-14 23:59 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-14 23:59 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-08-14 23:59 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-08-14 23:59 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-08-14 23:59 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-08-14 23:59 - 2013-06-14 21:35 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2013-08-14 23:59 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-14 23:58 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-14 10:26 - 2013-08-14 10:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{2BE6DA7B-4758-46C0-964B-3CEF99606304}
2013-08-12 12:16 - 2013-08-12 12:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{ADCFBD61-394D-4E74-809D-6F2B03A42A96}
2013-08-11 13:34 - 2013-08-11 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{002101A2-9488-418E-BBB7-A09C66E59DE3}
2013-08-07 21:56 - 2013-08-07 21:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{7DB5B612-7CE8-40A6-8460-9B11DEBB2291}
2013-08-07 06:51 - 2013-08-07 06:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{12CD9B8C-2FC7-4254-A9EA-16ADE8B2EB59}
2013-08-07 06:49 - 2013-08-07 06:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{ECF6B6F4-1348-48F1-8EB2-14BF0DB37EEA}
2013-08-05 18:32 - 2013-08-05 18:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2013-07-29 04:52 - 2013-07-29 04:53 - 00000000 ____D C:\Users\Owner\AppData\Local\{20129E2F-57D4-487B-A363-E781A44962C1}
2013-07-28 12:59 - 2013-07-28 12:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{CB2F8FF5-48AC-48BE-A027-411D3320A748}
2013-07-26 05:23 - 2013-07-26 05:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{000907A8-B792-47FE-A9C2-22DEB27A0F85}
2013-07-24 21:56 - 2013-07-24 21:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{D0DC2514-1F0D-4828-BF1E-60E042EA8A43}
2013-07-24 06:12 - 2013-07-24 06:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{8D4256C4-78EB-4EB1-BA82-72DA1BA0001F}
2013-07-23 04:34 - 2013-07-23 04:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{2724F4CE-F9C2-4004-A39D-6984914107BB}
2013-07-22 06:07 - 2013-07-22 06:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{CD8C901C-5053-4186-A76B-AB212A5E043C}}

^{==================== One Month Modified Files and Folders =======}

^{2013-08-20 08:48 - 2009-07-13 21:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 08:48 - 2009-07-13 21:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 08:45 - 2011-11-27 15:25 - 00000000 ____D C:\ProgramData\WRData
2013-08-20 08:43 - 2013-08-20 08:43 - 00114184 _____ (Webroot) C:\windows\system32\Drivers\KPSisbGS.sys
2013-08-20 08:37 - 2013-08-20 08:37 - 05106564 _____ (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2013-08-20 08:36 - 2010-06-06 19:36 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 08:30 - 2010-11-24 15:00 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000UA.job
2013-08-20 08:26 - 2012-04-20 04:27 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 08:20 - 2013-08-20 07:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-20 08:20 - 2013-08-20 07:15 - 00000000 ____D C:\Users\Owner\Desktop\mbar
2013-08-20 07:50 - 2010-02-23 10:04 - 01774530 _____ C:\windows\WindowsUpdate.log
2013-08-20 07:46 - 2010-06-06 19:36 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-20 07:45 - 2009-12-11 23:43 - 00362406 _____ C:\windows\PFRO.log
2013-08-20 07:45 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-20 07:45 - 2009-07-13 21:51 - 00120489 _____ C:\windows\setupact.log
2013-08-20 07:19 - 2012-03-08 01:30 - 00000928 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000UA.job
2013-08-20 07:13 - 2013-08-20 07:13 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.06.1.1005.exe
2013-08-20 07:06 - 2013-08-20 07:06 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2013-08-20 06:48 - 2013-08-20 06:47 - 00020601 _____ C:\Users\Owner\Desktop\Addition.txt
2013-08-20 06:46 - 2013-08-20 06:46 - 00000000 ____D C:\FRST
2013-08-20 06:45 - 2013-08-20 06:45 - 01576196 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-08-20 06:41 - 2013-08-20 06:41 - 01576196 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-08-20 03:53 - 2012-11-15 09:58 - 00000000 ____D C:\Users\Owner\AppData\Local\lptmp1018036628
2013-08-20 03:53 - 2011-11-27 15:25 - 00000000 ____D C:\Program Files\Webroot
2013-08-20 03:53 - 2009-07-14 00:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-20 03:53 - 2009-07-13 20:20 - 00000000 ____D C:\windows\registration
2013-08-20 02:54 - 2010-05-26 11:27 - 00000000 ____D C:\Users\Owner
2013-08-19 19:19 - 2012-03-08 01:30 - 00000906 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000Core.job
2013-08-19 16:30 - 2010-11-24 15:00 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000Core.job
2013-08-19 16:05 - 2013-01-22 02:10 - 00000000 ____D C:\Users\Owner\Desktop\SLFM
2013-08-19 16:04 - 2013-08-19 15:09 - 00206590 _____ C:\Users\Owner\Desktop\Shopping List for Murder (screenplay part II).fdr
2013-08-19 15:59 - 2013-08-19 15:12 - 00215729 _____ C:\Users\Owner\Desktop\Shopping List for Murder (screenplay part I).fdr
2013-08-18 19:26 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-08-17 13:19 - 2013-08-17 13:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{65F50CD0-7353-4546-B849-7BA14FFC8E44}
2013-08-17 13:19 - 2010-12-07 14:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2013-08-17 12:54 - 2013-06-18 01:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-17 06:21 - 2013-08-17 06:21 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-17 06:21 - 2013-08-17 06:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 06:21 - 2013-08-17 06:20 - 00000000 ____D C:\Program Files\iTunes
2013-08-17 06:21 - 2013-08-17 06:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-17 06:20 - 2013-08-17 06:20 - 00000000 ____D C:\Program Files\iPod
2013-08-16 04:37 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2013-08-15 00:53 - 2009-07-13 22:13 - 00740814 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-15 00:50 - 2013-07-16 03:03 - 00000000 ____D C:\windows\system32\MRT
2013-08-15 00:50 - 2010-02-23 10:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 00:47 - 2010-05-26 11:38 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-15 00:47 - 2009-07-13 19:34 - 00000499 _____ C:\windows\win.ini
2013-08-14 10:26 - 2013-08-14 10:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{2BE6DA7B-4758-46C0-964B-3CEF99606304}
2013-08-12 12:16 - 2013-08-12 12:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{ADCFBD61-394D-4E74-809D-6F2B03A42A96}
2013-08-12 06:52 - 2010-06-06 22:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer
2013-08-12 00:19 - 2009-07-13 22:08 - 00032540 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-08-11 13:42 - 2010-05-26 11:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-08-11 13:34 - 2013-08-11 13:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{002101A2-9488-418E-BBB7-A09C66E59DE3}
2013-08-11 03:53 - 2011-12-28 11:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Epson
2013-08-09 21:08 - 2012-05-28 19:18 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-07 21:56 - 2013-08-07 21:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{7DB5B612-7CE8-40A6-8460-9B11DEBB2291}
2013-08-07 06:51 - 2013-08-07 06:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{12CD9B8C-2FC7-4254-A9EA-16ADE8B2EB59}
2013-08-07 06:49 - 2013-08-07 06:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{ECF6B6F4-1348-48F1-8EB2-14BF0DB37EEA}
2013-08-05 18:32 - 2013-08-05 18:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2013-08-02 16:48 - 2011-11-27 15:25 - 00151728 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2013-08-02 16:48 - 2011-11-27 15:25 - 00114184 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys
2013-08-02 16:48 - 2011-11-27 15:25 - 00104360 _____ (Webroot) C:\windows\system32\WRusr.dll
2013-07-31 16:38 - 2011-09-23 08:44 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-29 04:53 - 2013-07-29 04:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{20129E2F-57D4-487B-A363-E781A44962C1}
2013-07-28 12:59 - 2013-07-28 12:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{CB2F8FF5-48AC-48BE-A027-411D3320A748}
2013-07-26 05:23 - 2013-07-26 05:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{000907A8-B792-47FE-A9C2-22DEB27A0F85}
2013-07-25 22:13 - 2013-08-15 00:56 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-25 22:13 - 2013-08-15 00:56 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-25 22:13 - 2013-08-15 00:56 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-25 22:12 - 2013-08-15 00:56 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-25 22:12 - 2013-08-15 00:56 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-25 22:12 - 2013-08-15 00:56 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-25 22:12 - 2013-08-15 00:56 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-25 22:12 - 2013-08-15 00:56 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-25 22:12 - 2013-08-15 00:56 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-25 22:12 - 2013-08-15 00:56 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-25 22:12 - 2013-08-15 00:56 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-25 22:12 - 2013-08-15 00:56 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-25 22:12 - 2013-08-15 00:56 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-25 22:12 - 2013-08-15 00:56 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-25 20:35 - 2013-08-15 00:56 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-25 20:13 - 2013-08-15 00:56 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-25 20:13 - 2013-08-15 00:56 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-25 20:12 - 2013-08-15 00:56 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-25 20:12 - 2013-08-15 00:56 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-25 20:12 - 2013-08-15 00:56 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-25 20:12 - 2013-08-15 00:56 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-25 20:12 - 2013-08-15 00:56 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-25 20:12 - 2013-08-15 00:56 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-25 20:12 - 2013-08-15 00:56 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-25 20:12 - 2013-08-15 00:56 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-25 20:12 - 2013-08-15 00:56 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-25 20:11 - 2013-08-15 00:56 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-25 20:11 - 2013-08-15 00:56 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-25 19:49 - 2013-08-15 00:56 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-25 19:39 - 2013-08-15 00:56 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-25 18:59 - 2013-08-15 00:56 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 02:25 - 2013-08-14 23:59 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-25 01:57 - 2013-08-14 23:59 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-24 21:56 - 2013-07-24 21:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{D0DC2514-1F0D-4828-BF1E-60E042EA8A43}
2013-07-24 06:12 - 2013-07-24 06:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{8D4256C4-78EB-4EB1-BA82-72DA1BA0001F}
2013-07-23 04:34 - 2013-07-23 04:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{2724F4CE-F9C2-4004-A39D-6984914107BB}
2013-07-22 06:07 - 2013-07-22 06:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{CD8C901C-5053-4186-A76B-AB212A5E043C}}

^{Files to move or delete:
====================
C:\ProgramData\7432182.bat
C:\ProgramData\7432182.pad
C:\ProgramData\7432182.reg}

^{==================== Bamital & volsnap Check =================}

^{C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit}

^{LastRegBack: 2013-08-16 04:31}

^{==================== End Of Log ============================}

[filmdummy]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2013 03
Ran by Owner at 2013-08-20 06:48:35
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
 Update for Microsoft Office 2007 (KB2508958) (x32)
Adobe AIR (x32 Version: 3.0.0.4080)
Adobe Common File Installer (x32 Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe GoLive CS2 (x32 Version: 8.0.1)
Adobe Help Center 1.0 (x32 Version: 001.000.000)
Adobe Illustrator CS2 (x32 Version: 12.000.000)
Adobe InDesign CS2 (x32 Version: 004.000.000)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000)
Adobe Version Cue CS2 (x32 Version: 2.0.1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Best Buy pc app (HKCU Version: 3.1.2.0)
Best Buy pc app (Version: 3.1.2.0)
Best Buy pc app (x32 Version: 3.1.2.0)
Bing Bar (x32 Version: 7.0.609.0)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX (x32)
Canon Easy-WebPrint EX (x32)
Canon IJ Network Scanner Selector EX (x32)
Canon IJ Network Tool (x32)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MP Navigator EX 5.1 (x32)
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual (x32)
Canon MX430 series User Registration (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Canon Speed Dial Utility (x32)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Dolby Control Center (Version: 2.2.1)
ePDF Writer 2.8
Epson Event Manager (x32 Version: 2.30.01)
EPSON NX510 Series Printer Uninstall
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.4j)
EpsonNet Setup (x32 Version: 3.1c)
eReg (x32 Version: 1.20.138.34)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
Final Draft (x32 Version: 8.0.3.120)
Google Chrome (x32 Version: 28.0.1500.95)
Google Talk Plugin (x32 Version: 4.4.2.14502)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
iCloud (Version: 2.1.2.8)
Intel® Control Center (x32 Version: 1.2.0.1006)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.1986)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.5.0.1037)
iTunes (Version: 11.0.5.5)
Java 6 Update 14 (x32 Version: 6.0.140)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0)
NaturalReaderFree (x32 Version: 11.9)
PlayReady PC Runtime amd64 (Version: 1.3.0)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller  Driver (x32 Version: 1.00.0008)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5972)
Realtek WLAN Driver (x32 Version: 2.00.0006)
RICOH R5U230 Media Driver ver.2.06.03.02 (x32 Version: 2.06.03.02)
Roxio Burn (x32 Version: 1.2)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio Roxio Burn (x32 Version: 1.0.0)
Roxio Update Manager (x32 Version: 6.0.0)
Safari (x32 Version: 5.34.57.2)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.5 (x32 Version: 6.5.158)
Suite Specific (x32 Version: 2.0.0)
Synaptics Pointing Device Driver (Version: 14.0.11.0)
Toshiba Application Installer (x32 Version: 9.0.0.9)
TOSHIBA Assist (x32 Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA Bulletin Board (x32 Version: 1.5.05.64)
TOSHIBA ConfigFree (x32 Version: 8.0.25)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.1.07-A)
TOSHIBA eco Utility (Version: 1.1.12.64)
TOSHIBA eco Utility (x32 Version: 1.1.12.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: )
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Face Recognition (x32 Version: 3.1.3.64)
TOSHIBA Hardware Setup (x32 Version: 2.00.15)
TOSHIBA HDD Protection (Version: 2.2.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)
TOSHIBA Media Controller (x32 Version: 1.0.80.3.64)
TOSHIBA PC Health Monitor (Version: 1.5.6.64)
TOSHIBA Quality Application (x32 Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA ReelTime (x32 Version: 1.5.07.64)
TOSHIBA Service Station (x32 Version: 2.2.9)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32)
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32)
TOSHIBA Supervisor Password (x32 Version: 2.00.11)
TOSHIBA USB Sleep and Charge Utility (x32 Version: 1.3.2.0)
TOSHIBA Value Added Package (Version: 1.2.32.64)
TOSHIBA Value Added Package (x32 Version: 1.2.32.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.7)
ToshibaRegistration (x32 Version: 1.0.3)
TranslatorBar 5 Toolbar (x32 Version: 6.2.3.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Webroot SecureAnywhere (x32 Version: 8.0.2.167)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

06-08-2013 11:34:58 Windows Update
09-08-2013 20:43:06 Windows Update
12-08-2013 07:17:21 Windows Backup
13-08-2013 13:22:55 Windows Update
14-08-2013 20:06:13 Windows Backup
15-08-2013 07:46:05 Windows Update
20-08-2013 09:03:14 Windows Update
20-08-2013 09:39:47 Windows Backup
20-08-2013 10:01:36 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2011-11-23 18:55 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B83052E-2E4C-4C76-9F90-9B399BFF47A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0F296541-57E3-418E-8137-113ECB47E9DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-06] (Google Inc.)
Task: {19788BE4-33E3-4A00-8369-FCBEFC6DF87F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {19C0D395-4082-4718-881D-C69E7BCE5694} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {26717D4E-94FF-4741-9A30-ACA816892217} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {3759DD09-9F8A-49E5-8DD0-498231A56E48} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {4430D1A1-68D8-4708-821D-172EB1C51215} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-10] (Adobe Systems Incorporated)
Task: {59D812AB-8804-4AA9-9B27-691EBCB79093} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {5EA7E504-13E8-48E1-A8D4-134AF8D81C24} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {82EB5CF1-3A6D-458D-86E4-3B9CC3C799DB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {997858C3-D641-48DC-B54B-5B25010989AF} - System32\Tasks\{5181D06B-C518-4A79-A7F6-A4EEE63BF55F} => C:\Program Files\Internet Explorer\iexplore.exe [2013-07-25] (Microsoft Corporation)
Task: {9BF965D4-80C4-4587-B505-160F1BA610E4} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {B951DC2C-1452-4D35-8E35-56A89F36E38B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {C79BD101-72C0-4775-86C4-7DB634AB0EC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-06] (Google Inc.)
Task: {C97836AA-A41F-4E58-BA50-3B440D2D4BDA} - System32\Tasks\{E4874AA2-7212-4BFF-941E-9A2016ADBB4F} => C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe No File
Task: {C9D393B8-A757-4FEC-9560-C5E56FEC216E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {D6686F3B-A8B1-42DF-95CB-CEA4A3D5B494} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {DC9247F5-3482-4E37-951E-FA43425E42AC} - System32\Tasks\{0A7C40FB-AC0A-4CF6-903D-99BF6A968813} => C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe No File
Task: {DDF85614-BC19-48DB-B453-67ABF33300E0} - System32\Tasks\{BB9B7855-6382-4F20-A299-E9FAEEBC303E} => C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe No File
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2013 05:32:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4056

Error: (08/20/2013 05:32:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4056

Error: (08/20/2013 05:32:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2013 05:32:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011

Error: (08/20/2013 05:32:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011

Error: (08/20/2013 05:32:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2013 05:32:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013

Error: (08/20/2013 05:32:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013

Error: (08/20/2013 05:32:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2013 05:32:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

System errors:
=============
Error: (08/20/2013 03:03:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.155.2595.0).

Error: (08/20/2013 02:54:52 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Version Cue CS2 service failed to start due to the following error:
%%2

Error: (08/20/2013 02:16:20 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Version Cue CS2 service failed to start due to the following error:
%%2

Error: (08/20/2013 01:58:30 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Version Cue CS2 service failed to start due to the following error:
%%2

Error: (08/19/2013 08:05:31 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Version Cue CS2 service failed to start due to the following error:
%%2

Error: (08/19/2013 06:51:56 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Version Cue CS2 service failed to start due to the following error:
%%2

Error: (08/19/2013 02:01:43 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Version Cue CS2 service failed to start due to the following error:
%%2

Error: (08/19/2013 06:33:40 AM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/19/2013 06:26:02 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Version Cue CS2 service failed to start due to the following error:
%%2

Error: (08/18/2013 02:39:23 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Version Cue CS2 service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 3894.84 MB
Available physical RAM: 1999.93 MB
Total Pagefile: 7787.87 MB
Available Pagefile: 5637.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:328.96 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (ED_WOOD) (CDROM) (Total:7.73 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 31AC024B)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)

==================== End Of Log ============================

[Maniac]

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the same directory as FRST.exe and save it as fixlist.txt

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

C:\ProgramData\7432182.bat

C:\ProgramData\7432182.pad

C:\ProgramData\7432182.reg

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

Reboot Normally.

[filmdummy]

I'm so sorry, I don't think I understand. Paste this below, even with the word "Quote" on the top to notepad?

 

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
C:\ProgramData\7432182.bat
C:\ProgramData\7432182.pad
C:\ProgramData\7432182.reg

 

and save it to what directory? How do I save it to a directory? FRST 64 and the two note pad docs it produced are on the desktop do you mean save this to the desktop?

[filmdummy]

okay I think I may have done it.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-08-2013 03
Ran by Owner at 2013-08-20 09:20:16 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Quote

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
C:\ProgramData\7432182.bat
C:\ProgramData\7432182.pad
C:\ProgramData\7432182.reg

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
C:\ProgramData\7432182.bat => Moved successfully.
C:\ProgramData\7432182.pad => Moved successfully.
C:\ProgramData\7432182.reg => Moved successfully.

==== End of Fixlog ====

[Maniac]

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the same directory as FRST.exe and save it as fixlist.txt

If your FRST tool is on the desktop, save on the deskopt, if is not save where it is. Looks like your FRST tool is on your Desktop:

Running from C:\Users\Owner\Desktop

So save it there.

fixlist.txt content should be my script (without Quote word).

Please read more carefully and don't rush.

[Maniac]

Follow the instructions here for DDS tool and post both log files.

http://forums.malwarebytes.org/index.php?showtopic=9573

[filmdummy]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-08-2013 03
Ran by Owner at 2013-08-20 09:32:27 Run:2
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
 C:\ProgramData\7432182.bat
 C:\ProgramData\7432182.pad
 C:\ProgramData\7432182.reg
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.

==== End of Fixlog ====

[filmdummy]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Owner at 9:43:34 on 2013-08-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3895.2265 [GMT -7:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Owner\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uURLSearchHooks: TranslatorBar 5 Toolbar: {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTran.dll
uURLSearchHooks: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - <orphaned>
mURLSearchHooks: TranslatorBar 5 Toolbar: {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTran.dll
dURLSearchHooks: {0696f815-a3a9-490a-bb14-9ec3350b1276} - <orphaned>
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TranslatorBar 5 Toolbar: {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTran.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: TranslatorBar 5 Toolbar: {B9B97401-98E1-4942-930D-C36652DAB7F2} - C:\Program Files (x86)\TranslatorBar_5\tbTran.dll
TB: TranslatorBar 5 Toolbar: {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTran.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Epson Stylus NX510(Network)] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\windows\TEMP\E_S4A28.tmp" /EF "HKCU"
uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Owner\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}




TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{944FE31A-4185-4093-AA21-CA9160BD042E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F12B1709-09B0-46A1-BDBB-88321E676DE5} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F12B1709-09B0-46A1-BDBB-88321E676DE5}\4496A7A797341647D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F12B1709-09B0-46A1-BDBB-88321E676DE5}\544656E60275966696 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{F12B1709-09B0-46A1-BDBB-88321E676DE5}\76275656E636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F12B1709-09B0-46A1-BDBB-88321E676DE5}\B4F464645414 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F12B1709-09B0-46A1-BDBB-88321E676DE5}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-2-23 55280]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-2-23 482384]
R0 WRkrn;WRkrn;C:\windows\System32\drivers\WRkrn.sys [2011-11-27 114184]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-2-23 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-3 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-1-26 701512]
R2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2010-2-23 60416]
R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-2-23 81408]
R2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2010-2-23 55808]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-23 2314240]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2011-11-27 749624]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-2-23 9216]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-2-23 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2009-10-30 244736]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2011-9-1 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2011-9-1 15128]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-1-26 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-2-23 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-2-23 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-2-23 946688]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-2-23 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2010-12-7 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2011-6-27 20992]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-5 824688]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-6-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-08-20 14:16:31 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-20 14:02:03 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7FC7FA0-4759-4808-869A-768CAA2354B4}\mpengine.dll
2013-08-20 13:46:32 -------- d-----w- C:\FRST
2013-08-17 20:19:26 -------- d-----w- C:\Users\Owner\AppData\Local\{65F50CD0-7353-4546-B849-7BA14FFC8E44}
2013-08-17 13:20:32 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 13:20:32 -------- d-----w- C:\Program Files\iTunes
2013-08-17 13:20:32 -------- d-----w- C:\Program Files\iPod
2013-08-17 13:20:32 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-15 06:59:59 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-08-15 06:58:47 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-08-14 17:26:26 -------- d-----w- C:\Users\Owner\AppData\Local\{2BE6DA7B-4758-46C0-964B-3CEF99606304}
2013-08-12 19:16:08 -------- d-----w- C:\Users\Owner\AppData\Local\{ADCFBD61-394D-4E74-809D-6F2B03A42A96}
2013-08-11 20:34:14 -------- d-----w- C:\Users\Owner\AppData\Local\{002101A2-9488-418E-BBB7-A09C66E59DE3}
2013-08-08 04:56:19 -------- d-----w- C:\Users\Owner\AppData\Local\{7DB5B612-7CE8-40A6-8460-9B11DEBB2291}
2013-08-07 13:51:41 -------- d-----w- C:\Users\Owner\AppData\Local\{12CD9B8C-2FC7-4254-A9EA-16ADE8B2EB59}
2013-08-07 13:49:25 -------- d-----w- C:\Users\Owner\AppData\Local\{ECF6B6F4-1348-48F1-8EB2-14BF0DB37EEA}
2013-07-29 11:52:54 -------- d-----w- C:\Users\Owner\AppData\Local\{20129E2F-57D4-487B-A363-E781A44962C1}
2013-07-28 19:59:27 -------- d-----w- C:\Users\Owner\AppData\Local\{CB2F8FF5-48AC-48BE-A027-411D3320A748}
2013-07-26 12:23:26 -------- d-----w- C:\Users\Owner\AppData\Local\{000907A8-B792-47FE-A9C2-22DEB27A0F85}
2013-07-25 04:56:13 -------- d-----w- C:\Users\Owner\AppData\Local\{D0DC2514-1F0D-4828-BF1E-60E042EA8A43}
2013-07-24 13:12:12 -------- d-----w- C:\Users\Owner\AppData\Local\{8D4256C4-78EB-4EB1-BA82-72DA1BA0001F}
2013-07-23 11:34:35 -------- d-----w- C:\Users\Owner\AppData\Local\{2724F4CE-F9C2-4004-A39D-6984914107BB}
2013-07-22 13:07:07 -------- d-----w- C:\Users\Owner\AppData\Local\{CD8C901C-5053-4186-A76B-AB212A5E043C}
.
==================== Find3M  ====================
.
2013-08-02 23:48:10 151728 ----a-w- C:\windows\SysWow64\WRusr.dll
2013-08-02 23:48:10 114184 ----a-w- C:\windows\System32\drivers\WRkrn.sys
2013-08-02 23:48:10 104360 ----a-w- C:\windows\System32\WRusr.dll
2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-07-10 21:28:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 21:28:32 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-06-15 04:35:40 1111552 ----a-w- C:\windows\System32\rdpcorets.dll
2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2012-11-15 16:58:31 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH:  9:44:30.95 ===============

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/26/2010 11:27:05 AM
System Uptime: 8/20/2013 9:34:26 AM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core i3 CPU       M 330  @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 329.49 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP425: 8/9/2013 1:43:06 PM - Windows Update
RP426: 8/12/2013 12:17:21 AM - Windows Backup
RP427: 8/13/2013 6:22:55 AM - Windows Update
RP428: 8/14/2013 1:06:13 PM - Windows Backup
RP429: 8/15/2013 12:46:05 AM - Windows Update
RP430: 8/20/2013 2:03:14 AM - Windows Update
RP431: 8/20/2013 2:39:47 AM - Windows Backup
RP432: 8/20/2013 3:01:36 AM - Windows Update
RP433: 8/20/2013 7:43:05 AM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader XI (11.0.03)
Adobe Stock Photos 1.0
Adobe Version Cue CS2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Best Buy pc app
Bing Bar
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 5.1
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual
Canon MX430 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
D3DX10
Dolby Control Center
Epson Event Manager
EPSON NX510 Series Printer Uninstall
EPSON Scan
EpsonNet Print
EpsonNet Setup
eReg
Facebook Messenger 2.1.4814.0
Final Draft
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
iCloud
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Java 6 Update 14
Junk Mail filter update
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NaturalReaderFree
PlayReady PC Runtime amd64
QuickTime
Realtek Ethernet Controller  Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RICOH R5U230 Media Driver ver.2.06.03.02
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Click to Call
Skype™ 6.5
Suite Specific
Synaptics Pointing Device Driver
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TranslatorBar 5 Toolbar
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Webroot SecureAnywhere
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/20/2013 9:34:49 AM, Error: Service Control Manager [7000]  - The Adobe Version Cue CS2 service failed to start due to the following error:  The system cannot find the file specified.
8/20/2013 3:03:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.155.2595.0).
8/16/2013 4:39:34 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/16/2013 12:39:50 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
8/14/2013 5:16:17 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================
 

 

[Maniac]

Step 1

Please uninstall this application: TranslatorBar 5 Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 4

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log

[filmdummy]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.1 (08.19.2013:1)
OS: Windows 7 Ultimate x64
Ran by Owner on Tue 08/20/2013 at 10:12:20.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\i want this
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imside1egate.application.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2642706
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

 

~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\televisionfanatic"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\televisionfanaticei"
Successfully deleted: [Folder] "C:\Program Files (x86)\televisionfanatic"
Successfully deleted: [Folder] "C:\Program Files (x86)\televisionfanaticei"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\google\chrome\user data\default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{000907A8-B792-47FE-A9C2-22DEB27A0F85}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{002101A2-9488-418E-BBB7-A09C66E59DE3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{058B7E8F-2F6B-48ED-847E-456E61ED3F12}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{10C063A0-2C01-471C-A1B8-7D756EF2C059}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{12CD9B8C-2FC7-4254-A9EA-16ADE8B2EB59}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1ADC70F1-954C-43DF-8179-F8B7A7AB233E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{20129E2F-57D4-487B-A363-E781A44962C1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2724F4CE-F9C2-4004-A39D-6984914107BB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2BE6DA7B-4758-46C0-964B-3CEF99606304}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5A69370A-06FF-430F-9587-21F0907BC3CA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{65F50CD0-7353-4546-B849-7BA14FFC8E44}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7C7C0DD7-CC6D-47C9-AEC5-BFD8712E904F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7DB5B612-7CE8-40A6-8460-9B11DEBB2291}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8D0515BA-C3CF-4FE3-B44E-18D685C37FE6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8D4256C4-78EB-4EB1-BA82-72DA1BA0001F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8F994F40-7392-4063-BEED-33ADC0FB4E42}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A2D246E4-B253-45EA-B7DE-9B2E84043A9F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{ADCFBD61-394D-4E74-809D-6F2B03A42A96}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C935748B-24B5-410B-BE34-178260D3154D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CB2F8FF5-48AC-48BE-A027-411D3320A748}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CC743F93-D1F3-4FE8-8AB0-B920A7E8E4F5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CD2FF6B0-6039-46FC-BEF6-5DCC38001254}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CD8C901C-5053-4186-A76B-AB212A5E043C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D0DC2514-1F0D-4828-BF1E-60E042EA8A43}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D3C2A804-2C5D-476E-867D-9F625DEBF389}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DC0FB614-5D48-46D5-872A-0BA723BC742B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E2A64461-6094-4CD7-944A-4B720C187F66}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{ECF6B6F4-1348-48F1-8EB2-14BF0DB37EEA}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/20/2013 at 10:19:23.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[filmdummy]

# AdwCleaner v3.000 - Report created 20/08/2013 at 10:32:11
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Owner - CARPATHIA-FILMS
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MyScrapNook_12
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B3B5C47E-61F7-4D81-AF06-461FC86686CE}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2148 octets] - [20/08/2013 10:27:38]
AdwCleaner[R1].txt - [2208 octets] - [20/08/2013 10:30:02]
AdwCleaner[s0].txt - [2103 octets] - [20/08/2013 10:32:11]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2163 octets] ##########

[filmdummy]

I did a quick scan twice and both times nothing was found by MBAM

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.20.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Owner :: CARPATHIA-FILMS [administrator]

Protection: Enabled

8/20/2013 11:03:03 AM
mbam-log-2013-08-20 (11-03-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227084
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[filmdummy]

ComboFix 13-08-20.01 - Owner 08/21/2013  10:19:00.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3895.2324 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MyScrapNook_12EI
c:\programdata\7432182.js
c:\windows\PFRO.log
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-21 to 2013-08-21  )))))))))))))))))))))))))))))))
.
.
2013-08-21 17:32 . 2013-08-21 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-20 17:26 . 2013-08-20 17:32 -------- d-----w- C:\AdwCleaner
2013-08-20 17:12 . 2013-08-20 17:12 -------- d-----w- c:\windows\ERUNT
2013-08-20 14:16 . 2013-08-20 15:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-20 14:02 . 2013-07-15 10:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7FC7FA0-4759-4808-869A-768CAA2354B4}\mpengine.dll
2013-08-20 13:46 . 2013-08-20 13:46 -------- d-----w- C:\FRST
2013-08-17 13:20 . 2013-08-17 13:21 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 13:20 . 2013-08-17 13:21 -------- d-----w- c:\program files\iTunes
2013-08-17 13:20 . 2013-08-17 13:21 -------- d-----w- c:\program files (x86)\iTunes
2013-08-17 13:20 . 2013-08-17 13:20 -------- d-----w- c:\program files\iPod
2013-08-15 06:59 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 06:58 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 07:47 . 2010-05-26 18:38 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 23:48 . 2011-11-27 22:25 151728 ----a-w- c:\windows\SysWow64\WRusr.dll
2013-08-02 23:48 . 2011-11-27 22:25 114184 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2013-08-02 23:48 . 2011-11-27 22:25 104360 ----a-w- c:\windows\system32\WRusr.dll
2013-07-10 21:28 . 2012-04-20 11:27 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-10 21:28 . 2011-05-18 21:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 04:45 . 2013-08-15 06:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-05 03:34 . 2013-07-10 12:09 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 12:09 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 12:09 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2012-11-15 16:58 . 2012-11-15 16:58 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2013-08-02 749624]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Owner\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-15 9842040]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-15 9842040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 23:36 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 21:28]
.
2013-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 02:14]
.
2013-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-363646311-648277713-4188717381-1000UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 02:14]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 02:36]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 02:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b9b97401-98e1-4942-930d-c36652dab7f2} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{B9B97401-98E1-4942-930D-C36652DAB7F2} - (no file)
AddRemove-48e4cff94f039634 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{B9B97401-98E1-4942-930D-C36652DAB7F2}"=hex:51,66,7a,6c,4c,1d,38,12,6f,77,aa,
   bd,d3,d6,2c,0c,ec,1b,80,26,57,84,f3,e6
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
   cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
   59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
   cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
   36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:46,3e,21,d2,6c,32,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-21  10:56:50
ComboFix-quarantined-files.txt  2013-08-21 17:56
.
Pre-Run: 353,230,057,472 bytes free
Post-Run: 353,404,354,560 bytes free
.
- - End Of File - - 9B5FCE525EBE1B0C6F6194938630446B
 

[filmdummy]

Sorry I took so long to reply Borislav.

[Maniac]

Don't be sorry about that, take your time!

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[filmdummy]

C:\Qoobox\Quarantine\C\ProgramData\7432182.js.vir JS/Agent.NIG trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\57471ca-2bf234ff Java/Exploit.CVE-2012-1723.HZ trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\16f16f4c-30f740dd multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\42f9804c-50dc09fd a variant of Java/Exploit.Agent.NNO trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6f9834c-2b98973b multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\61e9760d-1380a061 multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\606d5c4f-4896006e multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5af4b510-785a0895 multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\e403e91-4af2e7ae multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\57ee06d2-5fef701e Java/Exploit.Agent.NDH trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\6474ded3-340f712d a variant of Java/Exploit.CVE-2013-0422.CF trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\eec9dd7-1145c884 multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\147a119c-62413b07 multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\68f3b943-23d259e6 multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\6c24f7e1-7208b9cf multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\23a6a7e2-313b4808 multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\19d77728-4a488d53 multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\59742430-6c6d2f7b multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\20526b9-1808850f Java/Exploit.Agent.PEL trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\86c23b-78c25227 multiple threats cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4db30bd-6515a4e6 Java/Exploit.Agent.PFB trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\35268048-4ce7bd8d Java/Exploit.CVE-2013-0422.AR trojan cleaned by deleting - quarantined
 

[Maniac]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, then click Remove JRE.
• Run the built-in uninstallers for all copies of java listed
• Click the Next button
• Click the Next button again
• Click the Java Manual Download link
• A browser window will open with the Java download page
• Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
• Run the installer
• Close JavaRa

[filmdummy]

I'm having trouble running this program plus My virus scan keeps blocking it.

[filmdummy]

so I disabled my virus protection and I'm not getting the options you listed above when I try to download.