Jump to content

Moneypak ransomware for the second time this month.


Recommended Posts

Hi,

I have this horrible virus on my laptop that after doing research I found out is the fbi moneypak ransomware. I got it about two weeks ago and after reading and watching youtube videos I did a system restore and ran malwarebytes and hitmanpro and everything seemed to be fine, but today it is back :(. I have two users on my computer, so I am on the other user completely fine. I tried doing another system restore, but I only had one point from yesterday and it did not work.

When I first got it I found a list a files to look for and manually remove, but when I searched for the files in my computer I could not find them.

I don't have the money to take it to a professional and I seriously need it fixed :( someone please help!

Link to post
Share on other sites

Welcome to the forum, here's how we deal with that malware:

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
      • Startup Repair

        System Restore

        Windows Complete PC Restore

        Windows Memory Diagnostic Tool

        Command Prompt

        Select Command Prompt

        Once in the Command Prompt:

    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC
Link to post
Share on other sites

I don't know what is going on then.. I closed the program out twice and both times it became non responsive at closing. I also deleted and redownloaded and it has became stuck in the same spot again.

The txt file that is along with it when it scans is below and I am attaching a screenshot of what the program is doing.

I don't have a flashdrive so I hope that isn't what I have to do. :/

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2013
Ran by test at 2013-09-05 17:40:06
Running from C:\Users\test\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
 2013 (Version: 2013.0.2904)
 Update for Microsoft Office 2007 (KB2508958) (x32)
4D Embroidery System 8.2 Documentation Update (x32 Version: 8.2)
4D Embroidery System 8.2 Update (x32 Version: 8.2)
50 FREE MP3s +1 Free Audiobook! (x32 Version: 1.0.0.1)
Adobe AIR (x32 Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Amazon Cloud Drive (x32 Version: 0.8.10.1)
Apple Application Support (x32 Version: 1.1.0)
Apple Software Update (x32 Version: 2.1.1.116)
ArcSoft Print Creations - Album Page (x32)
ArcSoft Print Creations - Funhouse (x32)
ArcSoft Print Creations - Greeting Card (x32)
ArcSoft Print Creations - Photo Book (x32)
ArcSoft Print Creations - Photo Calendar (x32)
ArcSoft Print Creations - Scrapbook (x32)
ArcSoft Print Creations - Slimline Card (x32)
ArcSoft Print Creations (x32 Version: 2.8.255.384)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3211)
AVG PC TuneUp (x32 Version: 12.0.4000.108)
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108)
Bejeweled 2 Deluxe 1.1 (x32 Version: 1.1)
Bing Bar (x32 Version: 7.2.241.0)
Blender (Version: 2.62-release)
CCScore (x32 Version: 8.02.0000.0001)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
dBworx ver 3.4 (Freeware) (x32)
DefaultTab (x32 Version: 2.2.1.0)
Direct DiscRecorder (x32 Version: 1.00.0000)
DivX Setup (x32 Version: 2.6.1.22)
Dolby Control Center (Version: 2.2.1)
Download Updater (AOL Inc.) (x32)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0)
Embroidery Machine Communication Software 8.2 (x32 Version: 8.2)
ESSBrwr (x32 Version: 8.02.0000.0001)
ESSCDBK (x32 Version: 8.02.0000.0001)
ESScore (x32 Version: 8.02.0000.0001)
ESSgui (x32 Version: 8.02.0000.0001)
ESSini (x32 Version: 8.02.0000.0001)
ESSPCD (x32 Version: 8.02.0000.0001)
ESSPDock (x32 Version: 6.03.0001.0004)
ESSTOOLS (x32 Version: 5.00.0000.0004)
essvatgt (x32 Version: 8.00.0000.0001)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Firestorm-Release (remove only) (x32 Version: 4.3.1.31155)
Flash Player Pro V5.4 (x32)
Free RAR Extract Frog (x32 Version: 5.00)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (x32 Version: 29.0.1547.62)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32)
Google Update Helper (x32 Version: 1.3.21.153)
HitmanPro 3.7 (Version: 3.7.7.205)
HP Photo Creations (x32 Version: 1.0.0.11502)
HP Photosmart 5520 series Basic Device Software (Version: 28.0.1315.0)
HP Photosmart 5520 series Help (x32 Version: 27.0.0)
HP Photosmart 5520 series Product Improvement Study (Version: 28.0.1315.0)
HP Update (x32 Version: 5.003.003.001)
iLivid (x32 Version: 4.0.0.2624)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
InternetHelper3  Firefox Toolbar (x32 Version: 1.0.0.0)
Intuit SiteBuilder (x32)
IrfanView (remove only) (x32 Version: 4.27)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
JavaFX 2.0.2 (x32 Version: 2.0.2)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Kodak EasyShare software (x32)
League of Legends (x32 Version: 3.0.0)
Logitech Vid (x32 Version: 1.10.1009)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727)
Microsoft Visual J# 2.0 Redistributable Package (x32)
Microsoft Works (x32 Version: 9.7.0621)
mIRC (x32 Version: 7.32)
MixiDJ V1 Toolbar (x32 Version: 6.11.2.6)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0)
MyToshiba (x32 Version: 2.2.0.3)
netbrdg (x32 Version: 7.01.0000.0001)
OfotoXMI (x32 Version: 8.02.1000.0001)
Pando Media Booster (x32 Version: 2.6.0.7)
Pandora (x32 Version: 2.0.3)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Quickbooks Financial Center (x32 Version: 2.02)
QuickTime (x32 Version: 7.65.17.80)
Realtek Ethernet Controller  Driver (x32 Version: 1.00.0008)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904)
Realtek WLAN Driver (x32 Version: 2.00.0006)
RICOH R5U230 Media Driver ver.2.06.03.02 (x32 Version: 2.06.03.02)
Samsung Master (x32 Version: 1.1.14)
SelectionLinks (x32 Version: 1.0)
Sendori (x32 Version: 2.0.15)
SFR (x32 Version: 8.01.0000.0001)
SHASTA (x32 Version: 7.01.0000.0001)
skin0001 (x32 Version: 8.02.0000.0001)
SKINXSDK (x32 Version: 8.02.0000.0001)
Skype Launcher (x32 Version: 2.01)
SoulSeek Client 156c (x32)
SoulseekQt (x32)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
staticcr (x32 Version: 8.02.0000.0001)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
Toshiba Application Installer (x32 Version: 9.0.0.9)
TOSHIBA Assist (x32 Version: 3.00.09)
TOSHIBA ConfigFree (x32 Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.0.07-A)
TOSHIBA eco Utility (Version: 1.1.7.64)
TOSHIBA eco Utility (x32 Version: 1.1.7.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: )
TOSHIBA Face Recognition (Version: 3.1.0.64)
TOSHIBA Face Recognition (x32 Version: 3.1.0.64)
TOSHIBA Hardware Setup (x32 Version: 2.00.11)
TOSHIBA HDD Protection (Version: 2.2.0.0)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.2)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.2)
Toshiba Online Backup (x32 Version: 1.2.0.35)
TOSHIBA PC Health Monitor (Version: 1.4.1.64)
Toshiba Quality Application (x32 Version: 1.001.0000)
TOSHIBA Recovery Media Creator (Version: 2.1.0.2 for x64)
TOSHIBA Service Station (x32 Version: 2.1.31)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32)
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32)
TOSHIBA Supervisor Password (x32 Version: 2.00.09)
TOSHIBA USB Sleep and Charge Utility (x32 Version: 1.2.3.0)
TOSHIBA Value Added Package (Version: 1.2.25.64)
TOSHIBA Value Added Package (x32 Version: 1.2.25.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.4)
ToshibaRegistration (x32 Version: 1.0.3)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VPRINTOL (x32 Version: 8.02.0000.0001)
Vz In Home Agent (x32 Version: 7.03.32)
WildTangent Games (x32 Version: 1.0.0.71)
Winamp (x32 Version: 5.63 )
Winamp Toolbar (x32)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
WIRELESS (x32 Version: 8.02.0000.0001)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
Zune (Version: 04.00.0740.00)
Zune Language Pack (ES) (Version: 04.00.0740.00)
Zune Language Pack (FR) (Version: 04.00.0740.00)
 
==================== Restore Points  =========================
 
28-08-2013 11:23:24 Windows Update
29-08-2013 07:00:23 Windows Update
29-08-2013 21:20:28 Restore Operation
29-08-2013 21:34:20 Windows Update
30-08-2013 07:00:18 Windows Update
30-08-2013 10:55:18 Windows Update
31-08-2013 04:07:29 Windows Update
31-08-2013 07:00:23 Windows Update
31-08-2013 07:11:13 Windows Update
03-09-2013 20:22:42 Windows Update
05-09-2013 19:28:52 Restore Operation
05-09-2013 19:56:16 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2013-04-19 21:52 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {05859D66-D4CB-46D4-AD2F-B63417E5B323} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core => C:\Users\Sherri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28] (Facebook Inc.)
Task: {24D70FA3-C1F2-4C4E-AEC5-AADC9781330D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA => C:\Users\Sherri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28] (Facebook Inc.)
Task: {2AB32470-FDF4-4524-A5A5-B41C1BE4648A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {302CCE28-DACD-440F-9F36-9EBC28178093} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2957177768-920838209-864878691-1001
Task: {3D9E80AC-9630-4D67-A0DD-109939C606B3} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2012-08-23] (AVG)
Task: {4411F95D-49DE-4C08-BC58-1B00AB84C505} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {47EBE630-C23B-4F14-B39B-A420F1A22768} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-04-19] ()
Task: {5A76E2B2-5473-4947-9C13-552726D4C4FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core => C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-09] (Google Inc.)
Task: {6C6F8BFE-A3EA-439B-B533-AFBFAE545F64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {6F1D1C7A-DEF9-4619-8308-928C5B9AB498} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {906C096E-44F0-404F-BF1A-A3600555F328} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {A45E3869-9909-4137-987D-37728DAB597C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {B43A9819-2152-4CD3-A23E-E47191229648} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA => C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-09] (Google Inc.)
Task: {E88ADED8-689B-4890-A492-1013B5700110} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {F101007C-D06E-41CD-8AE3-E9D45FFA5079} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core.job => C:\Users\Sherri\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA.job => C:\Users\Sherri\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core.job => C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA.job => C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-23 11:31 - 2012-08-23 11:31 - 00029048 _____ (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll
2012-10-22 13:04 - 2012-10-22 13:04 - 00266872 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgsea.dll
2012-12-06 04:07 - 2012-12-06 04:07 - 00952952 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgsysa.dll
2009-08-27 10:30 - 2009-08-27 10:30 - 00278016 _____ (Intel Corporation) C:\windows\system32\igfxrENU.lrc
2009-07-20 20:44 - 2009-07-20 20:44 - 00395048 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2009-07-20 20:44 - 2009-07-20 20:44 - 00204072 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2009-08-05 17:21 - 2009-08-05 17:21 - 00113152 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll
2009-08-05 17:21 - 2009-08-05 17:21 - 00123392 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll
2009-08-05 17:22 - 2009-08-05 17:22 - 00260096 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TCooling.dll
2009-08-05 17:21 - 2009-08-05 17:21 - 00275456 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
2009-08-05 17:22 - 2009-08-05 17:22 - 00298496 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
2009-08-05 17:22 - 2009-08-05 17:22 - 00055808 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
2009-08-05 17:22 - 2009-08-05 17:22 - 00263168 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll
2009-08-05 17:21 - 2009-08-05 17:21 - 00265216 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll
2009-08-05 17:21 - 2009-08-05 17:21 - 00263168 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll
2009-08-05 17:21 - 2009-08-05 17:21 - 00260608 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll
2013-05-15 17:22 - 2013-04-13 01:49 - 00308736 _____ (Microsoft Corporation) C:\windows\AppPatch\AppPatch64\AcGenral.DLL
2009-03-23 00:40 - 2009-03-23 00:40 - 00155648 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll
2009-03-23 00:40 - 2009-03-23 00:40 - 00053760 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-08-05 17:22 - 2009-08-05 17:22 - 00263680 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TFunctab.DLL
2008-07-14 13:33 - 2008-07-14 13:33 - 00134456 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
2008-07-14 13:35 - 2008-07-14 13:35 - 00107832 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-05-18 12:46 - 2009-05-18 12:46 - 00048640 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnEsc.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2008-07-14 13:34 - 2008-07-14 13:34 - 00053560 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll
2009-08-05 17:22 - 2009-08-05 17:22 - 00266240 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TFunc2.DLL
2008-07-14 13:34 - 2008-07-14 13:34 - 00054072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll
2008-07-14 13:34 - 2008-07-14 13:34 - 00054072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll
2009-07-13 17:41 - 2009-07-13 17:41 - 00096600 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 00077624 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll
2009-07-15 14:53 - 2009-07-15 14:53 - 00362496 _____ (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
2008-07-14 13:34 - 2008-07-14 13:34 - 00057656 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll
2009-07-13 18:36 - 2009-07-13 18:36 - 00068440 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll
2009-09-02 23:23 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-06-23 23:38 - 2009-06-23 23:38 - 00077376 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\HDD Protection\NotifyThp.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-14 22:02 - 2009-07-14 22:02 - 00018352 _____ (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\ConfigFree\x64\CFNotify64.dll
2007-12-11 12:42 - 2007-12-11 12:42 - 00017784 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2008-07-14 13:35 - 2008-07-14 13:35 - 00233272 _____ (TOSHIBA Corp.) C:\Program Files\TOSHIBA\Utilities\NotifyX.dll
2007-05-07 22:58 - 2007-05-07 22:58 - 00018040 _____ (TOSHIBA Corporation) C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-08-11 19:11 - 2009-08-11 19:11 - 00559992 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-08-11 19:10 - 2009-08-11 19:10 - 00088432 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHci.dll
2009-08-04 14:13 - 2009-08-04 14:13 - 00103936 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHCTL.dll
2009-08-04 14:12 - 2009-08-04 14:12 - 00259584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TReport.dll
2009-08-04 14:12 - 2009-08-04 14:12 - 00108544 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHMui.dll
2009-09-17 15:41 - 2009-09-17 15:41 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-09-17 15:42 - 2009-09-17 15:42 - 00265072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll
2011-06-20 23:10 - 2010-11-20 08:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2009-07-13 19:51 - 2009-07-13 21:14 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vidcap.ax
2011-06-20 23:10 - 2010-11-20 08:16 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kswdmcap.ax
2010-11-16 05:25 - 2010-10-27 20:17 - 00408128 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Bin\ArcCon.dll
2013-07-01 12:49 - 2013-07-01 12:49 - 00275744 _____ (Sendori, Inc.) C:\Program Files (x86)\Sendori\DynLib.dll
2012-10-22 13:04 - 2012-10-22 13:04 - 00862328 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgntopensslx.dll
2012-12-06 04:07 - 2012-12-06 04:07 - 00793720 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgsysx.dll
2012-10-22 13:04 - 2012-10-22 13:04 - 00311928 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avglogx.dll
2012-12-11 03:52 - 2012-12-11 03:52 - 02608760 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgkrnlapix.dll
2012-11-15 23:34 - 2012-11-15 23:34 - 01001592 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgx.dll
2012-10-22 13:04 - 2012-10-22 13:04 - 00481400 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcommx.dll
2012-10-22 13:04 - 2012-10-22 13:04 - 00348792 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidpmx.dll
2012-10-22 13:04 - 2012-10-22 13:04 - 00177272 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avglngx.dll
2012-10-22 13:04 - 2012-10-22 13:04 - 02024056 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avguires.dll
2012-10-22 13:03 - 2012-10-22 13:03 - 00279160 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgclitx.dll
2012-10-22 13:04 - 2012-10-22 13:04 - 00025208 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgapps.dll
2012-10-22 13:04 - 2012-10-22 13:04 - 00403064 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgdecider.dll
2009-07-22 01:37 - 2009-07-22 01:37 - 00144776 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSParts.dll
2009-08-18 23:18 - 2009-08-18 23:18 - 00304536 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSAPI.dll
2009-07-28 20:26 - 2009-07-28 20:26 - 00066936 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWLAPI.dll
2009-07-27 21:57 - 2009-07-27 21:57 - 01561984 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSMUI.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\windows\system32\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Sherri\Documents\Thumbs.db:encryptable
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/05/2013 05:36:41 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1080
 
Start Time: 01ceaa7a076840ef
 
Termination Time: 15
 
Application Path: C:\Users\test\Downloads\FRST64.exe
 
Report Id:
 
Error: (09/05/2013 04:53:41 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1938
 
Start Time: 01ceaa71f8c84a4d
 
Termination Time: 9
 
Application Path: C:\Users\test\Downloads\FRST64.exe
 
Report Id:
 
Error: (09/05/2013 03:41:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: TuneUpUtilitiesApp64.exe, version: 12.0.4000.108, time stamp: 0x5035f809
Faulting module name: TuneUpUtilitiesApp64.exe, version: 12.0.4000.108, time stamp: 0x5035f809
Exception code: 0xc0000417
Fault offset: 0x00000000000392b0
Faulting process id: 0x10a8
Faulting application start time: 0xTuneUpUtilitiesApp64.exe0
Faulting application path: TuneUpUtilitiesApp64.exe1
Faulting module path: TuneUpUtilitiesApp64.exe2
Report Id: TuneUpUtilitiesApp64.exe3
 
Error: (09/05/2013 03:27:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: TuneUpUtilitiesApp64.exe, version: 12.0.4000.108, time stamp: 0x5035f809
Faulting module name: TuneUpUtilitiesApp64.exe, version: 12.0.4000.108, time stamp: 0x5035f809
Exception code: 0xc0000417
Fault offset: 0x00000000000392b0
Faulting process id: 0xf04
Faulting application start time: 0xTuneUpUtilitiesApp64.exe0
Faulting application path: TuneUpUtilitiesApp64.exe1
Faulting module path: TuneUpUtilitiesApp64.exe2
Report Id: TuneUpUtilitiesApp64.exe3
 
Error: (09/05/2013 00:41:38 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (09/03/2013 04:11:50 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (09/03/2013 03:21:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Exception code: 0xc0000005
Fault offset: 0x000b8554
Faulting process id: 0xa50
Faulting application start time: 0xrads_user_kernel.exe0
Faulting application path: rads_user_kernel.exe1
Faulting module path: rads_user_kernel.exe2
Report Id: rads_user_kernel.exe3
 
Error: (09/02/2013 03:43:27 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (09/01/2013 09:52:18 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
 
Error: (09/01/2013 08:56:29 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (09/05/2013 03:40:19 PM) (Source: Service Control Manager) (User: )
Description: The sndappv2 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/05/2013 03:40:18 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service hung on starting.
 
Error: (09/05/2013 03:37:53 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (09/05/2013 03:37:41 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
 
Error: (09/05/2013 03:37:40 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (09/05/2013 03:37:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
 
Signatures Attempted: %24
 
Error Code: 0x80070002
 
Error description: The system cannot find the file specified. 
 
Signature version: 0.0.0.0;0.0.0.0
 
Engine version: %600
 
Error: (09/05/2013 03:31:40 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TOSHIBA eco Utility Service service.
 
Error: (09/05/2013 03:23:28 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service failed to start due to the following error: 
%%1053
 
Error: (09/05/2013 03:23:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.
 
Error: (09/05/2013 03:22:14 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
 

post-145146-0-74137100-1378417769_thumb.

Link to post
Share on other sites

I unchecked the optional scan "addition.txt." and it worked.. here is frst.txt.

Sorry I am being complicated.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by test (administrator) on SHERRI-PC on 05-09-2013 18:00:43
Running from C:\Users\test\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - "C:\windows\system32\thpsrv" /logon [x]
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [MyTOSHIBA] - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
HKCU\...\Run: [searchProtect] - C:\Users\test\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]
HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKU\Sherri\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-02] (Google Inc.)
HKU\Sherri\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\Sherri\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-08-22] (Yahoo! Inc.)
HKU\Sherri\...\Run: [Google Update] - C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-09] (Google Inc.)
HKU\Sherri\...\Run: [MusicManager] - C:\Users\Sherri\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7345664 2013-06-20] (Google Inc.)
HKU\Sherri\...\Run: [HP Photosmart 5520 series (NET)] - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\Sherri\...\Run: [Facebook Update] - C:\Users\Sherri\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-28] (Facebook Inc.)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll  [138096 2013-07-28] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL [7168 2013-02-07] ()
Startup: C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: MixiDJ V1 Toolbar - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMix0.dll (Conduit Ltd.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SelectionLinks - {E8861423-0DAB-459E-A8D5-DB264E69E70C} - C:\Program Files (x86)\OApps\SelectionLinks.dll No File
BHO-x32: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - MixiDJ V1 Toolbar - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMix0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 16 C:\windows\system32\Sendori.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\f8vbmlfa.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM-x32\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Homestead SiteBuilder Plugin for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\nphssb.dll (Homestead Technologies, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: () - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.14.370.24_0
CHR Extension: () - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0
CHR Extension: () - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [cpgiblhchgoecodgpfekaadnmndjalhj] - C:\Users\Sherri\AppData\Local\CRE\cpgiblhchgoecodgpfekaadnmndjalhj.crx
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Sherri\AppData\Local\Torch\Plugins\TorchPlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-29] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)
S3 ZuneWlanCfgSvc; c:\windows\system32\ZuneWlanCfgSvc.exe [470256 2009-09-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-05 15:56 - 2013-09-05 15:56 - 00000000 ____D C:\FRST
2013-09-05 15:12 - 2013-09-05 15:36 - 00000000 ____D C:\ProgramData\nspDDVn3
2013-08-30 18:58 - 2013-08-30 18:58 - 00000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2013-08-30 18:58 - 2013-08-30 18:58 - 00000000 ____D C:\Users\test\AppData\Local\Mozilla
2013-08-29 22:50 - 2013-08-29 22:50 - 00041018 _____ C:\windows\system32\.crusader
2013-08-29 22:05 - 2013-08-31 01:37 - 00001938 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-29 22:05 - 2013-08-29 22:05 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-29 22:04 - 2013-08-29 22:04 - 09879648 _____ (SurfRight B.V.) C:\Users\Sherri\Desktop\HitmanPro_x64.exe
2013-08-29 22:03 - 2013-08-29 22:50 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 18:00 - 2013-08-29 18:00 - 00001154 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 18:00 - 2013-08-29 18:00 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\Malwarebytes
2013-08-29 18:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-29 05:20 - 2013-08-29 05:20 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore
2013-08-29 03:03 - 2013-08-31 00:07 - 00000000 ____D C:\Users\test\AppData\Roaming\mIRC
2013-08-29 01:38 - 2013-08-29 18:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 00:26 - 2013-08-29 02:01 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Games
2013-08-28 20:08 - 2013-08-28 20:08 - 00000000 ____D C:\Users\test\AppData\Roaming\AVG
2013-08-28 19:14 - 2013-08-28 19:44 - 00000000 ____D C:\ProgramData\pubax
2013-08-28 19:14 - 2013-08-28 19:42 - 00000000 ____D C:\ProgramData\vhyf
2013-08-24 17:39 - 2013-08-24 17:40 - 00005120 _____ C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-24 17:32 - 2013-08-24 17:32 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia
2013-08-24 17:29 - 2013-09-05 15:36 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-24 17:29 - 2013-08-29 17:25 - 00000000 ____D C:\Riot Games
2013-08-24 17:29 - 2013-08-24 17:59 - 00000000 ____D C:\Users\test\AppData\Local\PMB Files
2013-08-24 17:29 - 2013-08-24 17:29 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-08-24 17:28 - 2013-08-29 17:25 - 00000000 ____D C:\Users\test\AppData\Roaming\Riot Games
2013-08-24 17:28 - 2013-08-24 17:28 - 32229024 _____ (Riot Games) C:\Users\test\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2013-08-24 17:27 - 2013-08-29 17:25 - 00000000 ____D C:\Users\test\AppData\Local\Google
2013-08-24 17:26 - 2013-08-29 17:26 - 00000000 ____D C:\Users\test\AppData\Roaming\AVG2013
2013-08-24 17:26 - 2013-08-29 17:25 - 00000000 ____D C:\Users\test\AppData\Local\TOSHIBA
2013-08-24 17:26 - 2013-08-24 17:26 - 00000000 ____D C:\Users\test\AppData\Local\ArcSoft
2013-08-24 17:25 - 2013-08-29 21:56 - 00000000 ____D C:\Users\test\AppData\Roaming\SearchProtect
2013-08-24 17:25 - 2013-08-29 17:26 - 00000000 ____D C:\Users\test\AppData\Roaming\ArcSoft
2013-08-24 17:25 - 2013-08-24 17:27 - 00002300 _____ C:\Users\test\Desktop\Google Chrome.lnk
2013-08-24 17:25 - 2013-08-24 17:25 - 00095672 _____ C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-24 17:25 - 2013-08-24 17:25 - 00001458 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Local\Avg2013
2013-08-24 17:24 - 2013-09-05 15:36 - 00000000 ____D C:\Users\test
2013-08-24 17:24 - 2013-08-29 17:25 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-24 17:24 - 2013-08-24 17:24 - 00000258 __RSH C:\Users\test\ntuser.pol
2013-08-24 17:24 - 2013-08-24 17:24 - 00000020 ___SH C:\Users\test\ntuser.ini
2013-08-24 17:24 - 2009-11-02 14:03 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Help
2013-08-24 17:24 - 2009-07-14 00:49 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-08-24 06:15 - 2013-08-24 17:29 - 00000000 __SHD C:\AI_RecycleBin
2013-08-24 05:43 - 2013-08-24 05:43 - 00003142 _____ C:\windows\System32\Tasks\{704AEEA8-0174-469B-A0F0-871D2FB77502}
2013-08-23 15:55 - 2013-08-23 15:55 - 00000000 ___SD C:\Users\Sherri\Documents\My Pando Packages
2013-08-23 15:52 - 2013-08-29 17:25 - 00000000 ____D C:\Users\Sherri\.swt
2013-08-22 20:51 - 2013-08-29 17:25 - 00000000 ____D C:\Users\Sherri\AppData\Local\Microsoft Games
2013-08-18 14:03 - 2013-08-18 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 18:32 - 2013-09-04 01:13 - 00000000 ____D C:\Users\Sherri\AppData\Local\SoulseekQt
2013-08-16 18:24 - 2013-08-29 17:26 - 00000000 ____D C:\Program Files (x86)\SoulseekQt
2013-08-16 18:23 - 2013-08-16 18:23 - 07811497 _____ C:\Users\Sherri\Desktop\SoulseekQt-2013-8-3.exe
2013-08-14 20:40 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-14 20:40 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-14 20:40 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-14 20:40 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-14 20:40 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-14 20:40 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-14 20:40 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-14 20:40 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-14 20:40 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-14 20:40 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 20:39 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-14 20:39 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-14 20:39 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-14 20:39 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-14 20:39 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-14 03:04 - 2013-08-14 03:07 - 00000000 ____D C:\windows\system32\MRT
2013-08-13 19:40 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-13 19:40 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-13 19:40 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-13 19:40 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-13 19:40 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-13 19:40 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-13 19:40 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-13 19:40 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-13 19:40 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-13 19:40 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-13 19:39 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-13 19:39 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-13 19:39 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-13 19:39 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-13 19:39 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-08-13 19:39 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-13 19:39 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-08-13 19:39 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-08-13 19:39 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-08-13 19:39 - 2013-07-09 00:53 - 00059392 _____ C:\Users\Sherri\AppData\Roaming\cache.dat
2013-08-13 19:39 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-13 19:39 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-08-13 19:39 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-08-13 19:39 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-08-13 19:39 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-08-13 19:39 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-08-13 19:39 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-13 19:39 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-08 21:50 - 2013-08-08 21:50 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\LolClient
2013-08-07 00:34 - 2013-08-07 00:34 - 00002762 _____ C:\windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012
 
==================== One Month Modified Files and Folders =======
 
2013-09-05 18:00 - 2013-09-05 18:00 - 01947160 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2013-09-05 17:38 - 2009-09-18 07:09 - 01487092 _____ C:\windows\WindowsUpdate.log
2013-09-05 17:34 - 2012-11-21 07:27 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 17:26 - 2012-02-09 23:37 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA.job
2013-09-05 17:25 - 2012-12-17 17:43 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 17:20 - 2013-04-19 18:24 - 00000340 _____ C:\windows\Tasks\HP Photo Creations Communicator.job
2013-09-05 15:56 - 2013-09-05 15:56 - 00000000 ____D C:\FRST
2013-09-05 15:47 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 15:47 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 15:43 - 2013-07-28 16:43 - 00000000 ____D C:\ProgramData\MFAData
2013-09-05 15:41 - 2012-12-17 17:43 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-05 15:39 - 2013-03-25 16:36 - 00000000 ____D C:\ProgramData\Sendori
2013-09-05 15:37 - 2013-07-29 16:09 - 00002240 _____ C:\windows\setupact.log
2013-09-05 15:37 - 2009-10-23 23:17 - 00000000 ____D C:\Users\Sherri
2013-09-05 15:37 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-05 15:37 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-05 15:36 - 2013-09-05 15:12 - 00000000 ____D C:\ProgramData\nspDDVn3
2013-09-05 15:36 - 2013-08-24 17:29 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-05 15:36 - 2013-08-24 17:24 - 00000000 ____D C:\Users\test
2013-09-05 15:36 - 2013-07-26 21:37 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\mIRC
2013-09-05 15:36 - 2013-05-22 20:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-05 15:36 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2013-09-05 15:35 - 2013-08-02 01:17 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-05 15:35 - 2009-09-02 23:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-04 01:13 - 2013-08-16 18:32 - 00000000 ____D C:\Users\Sherri\AppData\Local\SoulseekQt
2013-09-03 16:16 - 2013-07-26 21:37 - 00000000 ____D C:\Program Files (x86)\mIRC
2013-09-03 15:35 - 2013-07-28 03:30 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA.job
2013-09-03 15:11 - 2013-07-29 16:09 - 00074286 _____ C:\windows\PFRO.log
2013-09-03 03:35 - 2013-07-28 03:30 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core.job
2013-09-02 23:26 - 2012-02-09 23:37 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core.job
2013-08-31 13:48 - 2009-10-23 23:29 - 00000000 ____D C:\Users\Sherri\AppData\Local\Google
2013-08-31 03:12 - 2009-09-18 07:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-31 01:37 - 2013-08-29 22:05 - 00001938 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-31 01:36 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2013-08-31 00:07 - 2013-08-29 03:03 - 00000000 ____D C:\Users\test\AppData\Roaming\mIRC
2013-08-30 18:58 - 2013-08-30 18:58 - 00000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2013-08-30 18:58 - 2013-08-30 18:58 - 00000000 ____D C:\Users\test\AppData\Local\Mozilla
2013-08-30 18:18 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2013-08-29 22:50 - 2013-08-29 22:50 - 00041018 _____ C:\windows\system32\.crusader
2013-08-29 22:50 - 2013-08-29 22:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 22:05 - 2013-08-29 22:05 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-29 22:04 - 2013-08-29 22:04 - 09879648 _____ (SurfRight B.V.) C:\Users\Sherri\Desktop\HitmanPro_x64.exe
2013-08-29 21:58 - 2013-04-05 08:33 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
2013-08-29 21:58 - 2013-03-24 23:34 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-08-29 21:58 - 2013-03-24 23:33 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\SearchProtect
2013-08-29 21:56 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Roaming\SearchProtect
2013-08-29 21:56 - 2013-04-05 08:32 - 00000000 ____D C:\ProgramData\Datamngr
2013-08-29 21:56 - 2013-03-24 23:36 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-08-29 21:56 - 2011-05-22 00:51 - 00000000 ____D C:\Program Files (x86)\Yontoo Layers
2013-08-29 18:00 - 2013-08-29 18:00 - 00001154 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 18:00 - 2013-08-29 18:00 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\Malwarebytes
2013-08-29 18:00 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 17:26 - 2013-08-24 17:26 - 00000000 ____D C:\Users\test\AppData\Roaming\AVG2013
2013-08-29 17:26 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Roaming\ArcSoft
2013-08-29 17:26 - 2013-08-16 18:24 - 00000000 ____D C:\Program Files (x86)\SoulseekQt
2013-08-29 17:26 - 2013-05-22 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-29 17:26 - 2013-03-24 23:34 - 00000000 ____D C:\Program Files (x86)\MixiDJ_V1
2013-08-29 17:26 - 2010-01-07 02:32 - 00000000 ____D C:\Program Files\Zune
2013-08-29 17:26 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-29 17:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-29 17:25 - 2013-08-24 17:29 - 00000000 ____D C:\Riot Games
2013-08-29 17:25 - 2013-08-24 17:28 - 00000000 ____D C:\Users\test\AppData\Roaming\Riot Games
2013-08-29 17:25 - 2013-08-24 17:27 - 00000000 ____D C:\Users\test\AppData\Local\Google
2013-08-29 17:25 - 2013-08-24 17:26 - 00000000 ____D C:\Users\test\AppData\Local\TOSHIBA
2013-08-29 17:25 - 2013-08-24 17:24 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-08-29 17:25 - 2013-08-23 15:52 - 00000000 ____D C:\Users\Sherri\.swt
2013-08-29 17:25 - 2013-08-22 20:51 - 00000000 ____D C:\Users\Sherri\AppData\Local\Microsoft Games
2013-08-29 05:20 - 2013-08-29 05:20 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore
2013-08-29 02:01 - 2013-08-29 00:26 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Games
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-28 20:08 - 2013-08-28 20:08 - 00000000 ____D C:\Users\test\AppData\Roaming\AVG
2013-08-28 19:44 - 2013-08-28 19:14 - 00000000 ____D C:\ProgramData\pubax
2013-08-28 19:42 - 2013-08-28 19:14 - 00000000 ____D C:\ProgramData\vhyf
2013-08-24 17:59 - 2013-08-24 17:29 - 00000000 ____D C:\Users\test\AppData\Local\PMB Files
2013-08-24 17:40 - 2013-08-24 17:39 - 00005120 _____ C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-24 17:32 - 2013-08-24 17:32 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia
2013-08-24 17:29 - 2013-08-24 17:29 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-08-24 17:29 - 2013-08-24 06:15 - 00000000 __SHD C:\AI_RecycleBin
2013-08-24 17:29 - 2013-08-02 01:18 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2013-08-24 17:28 - 2013-08-24 17:28 - 32229024 _____ (Riot Games) C:\Users\test\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2013-08-24 17:27 - 2013-08-24 17:25 - 00002300 _____ C:\Users\test\Desktop\Google Chrome.lnk
2013-08-24 17:26 - 2013-08-24 17:26 - 00000000 ____D C:\Users\test\AppData\Local\ArcSoft
2013-08-24 17:25 - 2013-08-24 17:25 - 00095672 _____ C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-24 17:25 - 2013-08-24 17:25 - 00001458 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ___RD C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Local\Avg2013
2013-08-24 17:24 - 2013-08-24 17:24 - 00000258 __RSH C:\Users\test\ntuser.pol
2013-08-24 17:24 - 2013-08-24 17:24 - 00000020 ___SH C:\Users\test\ntuser.ini
2013-08-24 16:59 - 2009-10-23 23:33 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-08-24 05:59 - 2012-08-12 21:42 - 00000000 ____D C:\Users\Sherri\Desktop\Dani
2013-08-24 05:43 - 2013-08-24 05:43 - 00003142 _____ C:\windows\System32\Tasks\{704AEEA8-0174-469B-A0F0-871D2FB77502}
2013-08-23 16:56 - 2009-09-02 23:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-23 15:55 - 2013-08-23 15:55 - 00000000 ___SD C:\Users\Sherri\Documents\My Pando Packages
2013-08-23 14:56 - 2009-07-14 01:13 - 00793204 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-22 22:14 - 2013-03-24 23:33 - 00000000 _____ C:\END
2013-08-22 20:28 - 2009-10-28 00:11 - 00000000 ____D C:\windows\System32\Tasks\Games
2013-08-21 01:21 - 2013-04-05 05:21 - 00000000 ____D C:\Users\Sherri\.gimp-2.8
2013-08-20 15:34 - 2012-11-21 07:27 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 15:34 - 2012-11-21 07:27 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 15:34 - 2011-05-16 09:54 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 16:04 - 2012-06-22 12:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 14:05 - 2013-08-18 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 18:34 - 2012-06-13 19:18 - 00000000 ____D C:\SMRTNTKY
2013-08-16 18:23 - 2013-08-16 18:23 - 07811497 _____ C:\Users\Sherri\Desktop\SoulseekQt-2013-8-3.exe
2013-08-14 03:43 - 2009-07-14 01:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-08-14 03:09 - 2009-09-18 07:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 03:07 - 2013-08-14 03:04 - 00000000 ____D C:\windows\system32\MRT
2013-08-14 03:04 - 2009-12-03 23:57 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-13 18:49 - 2013-03-24 23:36 - 00000258 __RSH C:\Users\Sherri\ntuser.pol
2013-08-08 21:50 - 2013-08-08 21:50 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\LolClient
2013-08-07 16:03 - 2012-03-09 00:56 - 00773050 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-08-07 00:34 - 2013-08-07 00:34 - 00002762 _____ C:\windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012
 
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{882802d8-25b0-3841-78c1-6eb482e67ba9}
C:\Users\Sherri\AppData\Roaming\cache.dat
C:\Users\Sherri\AppData\Local\Temp\install_flashplayer11x32_ltr5x64d_awc_aih.exe
C:\Users\Sherri\AppData\Local\Temp\mirc732.exe
C:\Users\Sherri\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Sherri\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Sherri\AppData\Local\Temp\{6718D86C-0463-4A83-9B59-F9AE9F3387F7}\setup.exe
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\Setup.exe
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupEngine.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupUi.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupUtility.exe
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\sqmapi.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\3082\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\3076\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\2070\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\2052\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1055\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1053\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1049\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1046\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1045\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1044\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1043\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1042\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1041\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1040\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1038\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1037\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1036\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1035\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1033\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1032\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1031\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1030\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1029\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1028\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1025\SetupResources.dll
C:\Users\test\AppData\Local\Temp\swt-win32-3349.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
 
 
LastRegBack: 2013-09-02 18:32
 
==================== End Of Log ============================
Link to post
Share on other sites

Please read the following information first.

 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

The malware isn't showing, but we can take care of some of the damage:

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

--------------------------------

You're have to do it this way: (make sure you scan the infected user)

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
      • Startup Repair

        System Restore

        Windows Complete PC Restore

        Windows Memory Diagnostic Tool

        Command Prompt

        Select Command Prompt

        Once in the Command Prompt:

    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2013

Ran by test at 2013-09-05 19:13:44 Run:1

Running from C:\Users\test\Desktop\frst

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKCU\...\Run: [searchProtect] - C:\Users\test\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]

AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL [7168 2013-02-07] ()

C:\Program Files (x86)\Google\Desktop\Install\{882802d8-25b0-3841-78c1-6eb482e67ba9}

C:\Users\Sherri\AppData\Roaming\cache.dat

C:\Users\Sherri\AppData\Local\Temp\install_flashplayer11x32_ltr5x64d_awc_aih.exe

C:\Users\Sherri\AppData\Local\Temp\mirc732.exe

C:\Users\Sherri\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Sherri\AppData\Local\Temp\swt-win32-3740.dll

C:\Users\Sherri\AppData\Local\Temp\{6718D86C-0463-4A83-9B59-F9AE9F3387F7}\setup.exe

C:\Users\test\AppData\Local\Temp\swt-win32-3349.dll

DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

*****************

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

C:\Program Files (x86)\Google\Desktop\Install\{882802d8-25b0-3841-78c1-6eb482e67ba9} => Moved successfully.

C:\Users\Sherri\AppData\Roaming\cache.dat => Moved successfully.

C:\Users\Sherri\AppData\Local\Temp\install_flashplayer11x32_ltr5x64d_awc_aih.exe => Moved successfully.

C:\Users\Sherri\AppData\Local\Temp\mirc732.exe => Moved successfully.

C:\Users\Sherri\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.

C:\Users\Sherri\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully.

C:\Users\Sherri\AppData\Local\Temp\{6718D86C-0463-4A83-9B59-F9AE9F3387F7}\setup.exe => Moved successfully.

C:\Users\test\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.

"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.

"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

 

 

The system needs a manual reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

I was able to get on the infected user, because after I did the system restore the screen does not get locked.. so I ran frst. I don't know if this says the same thing as the other one but I thought I would show you. Is it not showing the malware because of the system restore? Because that's what I did a couple weeks ago and it came back.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by Sherri (administrator) on SHERRI-PC on 05-09-2013 19:28:38
Running from C:\Users\test\Desktop\frst
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google Inc.) C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Sherri\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Facebook Inc.) C:\Users\Sherri\AppData\Local\Facebook\Update\FacebookUpdate.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -  [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - "C:\windows\system32\thpsrv" /logon [x]
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-02] (Google Inc.)
HKCU\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-08-22] (Yahoo! Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-09] (Google Inc.)
HKCU\...\Run: [MusicManager] - C:\Users\Sherri\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7345664 2013-06-20] (Google Inc.)
HKCU\...\Run: [HP Photosmart 5520 series (NET)] - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [Facebook Update] - C:\Users\Sherri\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-28] (Facebook Inc.)
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {b45ca7f1-c24f-11e2-9842-001e33f55305} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [TUSBSleepChargeSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll  [97280 2009-07-13] ()
Startup: C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3292584&octid=CT3292584&SearchSource=61&CUI=UN21445560912756712&UM=2&UP=SP2BBEEC9B-4852-41DE-832D-6E23E588929E
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: (No Name) - {67097627-fd8e-4f6b-af4b-ecb65e50112e} -  No File
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://supertoolbar.ask.com/redirect?client=ie&tb=WBR&o=&src=crm&q={searchTerms}&locale={locale.underscore}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://supertoolbar.ask.com/redirect?client=ie&tb=WBR&o=&src=crm&q={searchTerms}&locale={locale.underscore}
SearchScopes: HKCU - {275C6FFD-FA1E-45BE-B2CD-5F640AB89DF7} URL = http://search.conduit.com/Results.aspx?ctid=CT3300031&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {87B8356F-E5A9-44D5-9469-7D3DC4FDD446} URL = http://search.aol.com/aol/search?s_it=tb50winamp&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKCU - {9BBAD223-D8DA-4CA4-AAD3-4C13A8D130BD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292584&CUI=UN21445560912756712&UM=2
SearchScopes: HKCU - {FE07B97F-196A-4480-B8AC-343D3B5038DA} URL =
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: MixiDJ V1 Toolbar - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMix0.dll (Conduit Ltd.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SelectionLinks - {E8861423-0DAB-459E-A8D5-DB264E69E70C} - C:\Program Files (x86)\OApps\SelectionLinks.dll No File
BHO-x32: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - MixiDJ V1 Toolbar - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - C:\Program Files (x86)\MixiDJ_V1\prxtbMix0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {67097627-FD8E-4F6B-AF4B-ECB65E50112E} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 16 C:\windows\system32\Sendori.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default
FF user.js: detected! => C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\user.js
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Google


FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Sherri\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Sherri\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sherri\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Sherri\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Sherri\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\searchplugins\internethelper3-customized-web-search.xml
FF SearchPlugin: C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: Winamp Toolbar - C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: Search-Results Toolbar - C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\Extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
FF Extension: ChatZilla - C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF Extension: Yahoo! Toolbar - C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: addon - C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\Extensions\addon@defaulttab.com.xpi
FF Extension: plugin - C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\Extensions\plugin@yontoo.com.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM-x32\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome:
=======


CHR DefaultSearchURL: (Search Results) - http://dts.search-results.com/sr?src=crb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2160055091764346&q={searchTerms}
CHR DefaultSuggestURL: (Search Results) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Homestead SiteBuilder Plugin for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\nphssb.dll (Homestead Technologies, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Sherri\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Facebook Plugin) - C:\Users\Sherri\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (MixiDJ V1) - C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj\10.16.4.512_0
CHR Extension: (Wajam) - C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0
CHR Extension: (DefaultTab) - C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0
CHR Extension: (Torch Share) - C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.2504_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [cpgiblhchgoecodgpfekaadnmndjalhj] - C:\Users\Sherri\AppData\Local\CRE\cpgiblhchgoecodgpfekaadnmndjalhj.crx
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Sherri\AppData\Local\Torch\Plugins\TorchPlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-29] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)
S3 ZuneWlanCfgSvc; c:\windows\system32\ZuneWlanCfgSvc.exe [470256 2009-09-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-05 19:11 - 2013-09-05 19:28 - 00000000 ____D C:\Users\test\Desktop\frst
2013-09-05 18:46 - 2013-09-05 18:46 - 00000000 ____D C:\Users\test\AppData\Roaming\HpUpdate
2013-09-05 18:34 - 2013-09-05 18:34 - 00000000 ____D C:\Users\test\AppData\Local\Macromedia
2013-09-05 15:56 - 2013-09-05 19:13 - 00000000 ____D C:\FRST
2013-09-05 15:12 - 2013-09-05 15:36 - 00000000 ____D C:\ProgramData\nspDDVn3
2013-08-30 18:58 - 2013-08-30 18:58 - 00000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2013-08-30 18:58 - 2013-08-30 18:58 - 00000000 ____D C:\Users\test\AppData\Local\Mozilla
2013-08-29 22:50 - 2013-08-29 22:50 - 00041018 _____ C:\windows\system32\.crusader
2013-08-29 22:05 - 2013-08-31 01:37 - 00001938 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-29 22:05 - 2013-08-29 22:05 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-29 22:04 - 2013-08-29 22:04 - 09879648 _____ (SurfRight B.V.) C:\Users\Sherri\Desktop\HitmanPro_x64.exe
2013-08-29 22:03 - 2013-08-29 22:50 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 18:00 - 2013-08-29 18:00 - 00001154 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 18:00 - 2013-08-29 18:00 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\Malwarebytes
2013-08-29 18:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-29 05:20 - 2013-08-29 05:20 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore
2013-08-29 03:03 - 2013-09-05 19:08 - 00000000 ____D C:\Users\test\AppData\Roaming\mIRC
2013-08-29 01:38 - 2013-08-29 18:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 00:26 - 2013-08-29 02:01 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Games
2013-08-28 20:08 - 2013-08-28 20:08 - 00000000 ____D C:\Users\test\AppData\Roaming\AVG
2013-08-28 19:14 - 2013-08-28 19:44 - 00000000 ____D C:\ProgramData\pubax
2013-08-28 19:14 - 2013-08-28 19:42 - 00000000 ____D C:\ProgramData\vhyf
2013-08-24 17:39 - 2013-08-24 17:40 - 00005120 _____ C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-24 17:32 - 2013-08-24 17:32 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia
2013-08-24 17:29 - 2013-09-05 15:36 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-24 17:29 - 2013-08-29 17:25 - 00000000 ____D C:\Riot Games
2013-08-24 17:29 - 2013-08-24 17:59 - 00000000 ____D C:\Users\test\AppData\Local\PMB Files
2013-08-24 17:29 - 2013-08-24 17:29 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-08-24 17:28 - 2013-08-29 17:25 - 00000000 ____D C:\Users\test\AppData\Roaming\Riot Games
2013-08-24 17:28 - 2013-08-24 17:28 - 32229024 _____ (Riot Games) C:\Users\test\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2013-08-24 17:27 - 2013-08-29 17:25 - 00000000 ____D C:\Users\test\AppData\Local\Google
2013-08-24 17:26 - 2013-08-29 17:26 - 00000000 ____D C:\Users\test\AppData\Roaming\AVG2013
2013-08-24 17:26 - 2013-08-29 17:25 - 00000000 ____D C:\Users\test\AppData\Local\TOSHIBA
2013-08-24 17:26 - 2013-08-24 17:26 - 00000000 ____D C:\Users\test\AppData\Local\ArcSoft
2013-08-24 17:25 - 2013-08-29 21:56 - 00000000 ____D C:\Users\test\AppData\Roaming\SearchProtect
2013-08-24 17:25 - 2013-08-29 17:26 - 00000000 ____D C:\Users\test\AppData\Roaming\ArcSoft
2013-08-24 17:25 - 2013-08-24 17:27 - 00002300 _____ C:\Users\test\Desktop\Google Chrome.lnk
2013-08-24 17:25 - 2013-08-24 17:25 - 00095672 _____ C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Local\Avg2013
2013-08-24 17:24 - 2013-09-05 15:36 - 00000000 ____D C:\Users\test
2013-08-24 17:24 - 2013-08-24 17:24 - 00000258 __RSH C:\Users\test\ntuser.pol
2013-08-24 17:24 - 2013-08-24 17:24 - 00000020 ___SH C:\Users\test\ntuser.ini
2013-08-24 17:24 - 2009-11-02 14:03 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Help
2013-08-24 06:15 - 2013-08-24 17:29 - 00000000 __SHD C:\AI_RecycleBin
2013-08-24 05:43 - 2013-08-24 05:43 - 00003142 _____ C:\windows\System32\Tasks\{704AEEA8-0174-469B-A0F0-871D2FB77502}
2013-08-23 15:55 - 2013-08-23 15:55 - 00000000 ___SD C:\Users\Sherri\Documents\My Pando Packages
2013-08-23 15:52 - 2013-08-29 17:25 - 00000000 ____D C:\Users\Sherri\.swt
2013-08-22 20:51 - 2013-08-29 17:25 - 00000000 ____D C:\Users\Sherri\AppData\Local\Microsoft Games
2013-08-18 14:03 - 2013-08-18 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 18:32 - 2013-09-04 01:13 - 00000000 ____D C:\Users\Sherri\AppData\Local\SoulseekQt
2013-08-16 18:24 - 2013-08-29 17:26 - 00000000 ____D C:\Program Files (x86)\SoulseekQt
2013-08-16 18:24 - 2013-08-16 18:24 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoulseekQt
2013-08-16 18:23 - 2013-08-16 18:23 - 07811497 _____ C:\Users\Sherri\Desktop\SoulseekQt-2013-8-3.exe
2013-08-14 20:40 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-14 20:40 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-14 20:40 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-14 20:40 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-14 20:40 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-14 20:40 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-14 20:40 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-14 20:40 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-14 20:40 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-14 20:40 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-14 20:40 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-14 20:40 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 20:39 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-14 20:39 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-14 20:39 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-14 20:39 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-14 20:39 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-14 03:04 - 2013-08-14 03:07 - 00000000 ____D C:\windows\system32\MRT
2013-08-13 19:40 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-13 19:40 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-13 19:40 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-13 19:40 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-13 19:40 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-13 19:40 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-13 19:40 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-13 19:40 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-13 19:40 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-13 19:40 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-13 19:39 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-13 19:39 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-13 19:39 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-13 19:39 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-13 19:39 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-08-13 19:39 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-13 19:39 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-08-13 19:39 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-08-13 19:39 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-08-13 19:39 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-13 19:39 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-08-13 19:39 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-08-13 19:39 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-08-13 19:39 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-08-13 19:39 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-08-13 19:39 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-13 19:39 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-08 21:50 - 2013-08-08 21:50 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\LolClient
2013-08-07 00:34 - 2013-08-07 00:34 - 00002762 _____ C:\windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012

==================== One Month Modified Files and Folders =======

2013-09-05 19:28 - 2013-09-05 19:11 - 00000000 ____D C:\Users\test\Desktop\frst
2013-09-05 19:26 - 2012-12-17 17:43 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-05 19:26 - 2012-02-09 23:37 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA.job
2013-09-05 19:26 - 2009-09-18 07:09 - 01499193 _____ C:\windows\WindowsUpdate.log
2013-09-05 19:25 - 2012-12-17 17:43 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 19:21 - 2013-04-19 18:24 - 00000340 _____ C:\windows\Tasks\HP Photo Creations Communicator.job
2013-09-05 19:18 - 2013-03-25 16:36 - 00000000 ____D C:\ProgramData\Sendori
2013-09-05 19:16 - 2013-07-29 16:09 - 00002296 _____ C:\windows\setupact.log
2013-09-05 19:16 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-05 19:15 - 2013-07-29 16:09 - 00074770 _____ C:\windows\PFRO.log
2013-09-05 19:13 - 2013-09-05 15:56 - 00000000 ____D C:\FRST
2013-09-05 19:08 - 2013-08-29 03:03 - 00000000 ____D C:\Users\test\AppData\Roaming\mIRC
2013-09-05 18:46 - 2013-09-05 18:46 - 00000000 ____D C:\Users\test\AppData\Roaming\HpUpdate
2013-09-05 18:35 - 2013-07-28 03:30 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA.job
2013-09-05 18:34 - 2013-09-05 18:34 - 00000000 ____D C:\Users\test\AppData\Local\Macromedia
2013-09-05 18:34 - 2012-11-21 07:27 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 18:17 - 2013-07-26 21:37 - 00000000 ____D C:\Program Files (x86)\mIRC
2013-09-05 15:47 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 15:47 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 15:43 - 2013-07-28 16:43 - 00000000 ____D C:\ProgramData\MFAData
2013-09-05 15:37 - 2009-10-23 23:17 - 00000000 ____D C:\Users\Sherri
2013-09-05 15:37 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-05 15:36 - 2013-09-05 15:12 - 00000000 ____D C:\ProgramData\nspDDVn3
2013-09-05 15:36 - 2013-08-24 17:29 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-05 15:36 - 2013-08-24 17:24 - 00000000 ____D C:\Users\test
2013-09-05 15:36 - 2013-07-26 21:37 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\mIRC
2013-09-05 15:36 - 2013-05-22 20:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-05 15:36 - 2009-10-23 23:19 - 00000000 ___RD C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-05 15:36 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2013-09-05 15:35 - 2013-08-02 01:17 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-09-05 15:35 - 2009-09-02 23:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-04 01:13 - 2013-08-16 18:32 - 00000000 ____D C:\Users\Sherri\AppData\Local\SoulseekQt
2013-09-03 03:35 - 2013-07-28 03:30 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core.job
2013-09-02 23:26 - 2012-02-09 23:37 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core.job
2013-08-31 13:48 - 2009-10-23 23:29 - 00000000 ____D C:\Users\Sherri\AppData\Local\Google
2013-08-31 03:12 - 2009-09-18 07:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-08-31 01:37 - 2013-08-29 22:05 - 00001938 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-31 01:36 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2013-08-30 18:58 - 2013-08-30 18:58 - 00000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2013-08-30 18:58 - 2013-08-30 18:58 - 00000000 ____D C:\Users\test\AppData\Local\Mozilla
2013-08-30 18:18 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2013-08-29 22:50 - 2013-08-29 22:50 - 00041018 _____ C:\windows\system32\.crusader
2013-08-29 22:50 - 2013-08-29 22:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 22:05 - 2013-08-29 22:05 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-29 22:04 - 2013-08-29 22:04 - 09879648 _____ (SurfRight B.V.) C:\Users\Sherri\Desktop\HitmanPro_x64.exe
2013-08-29 21:58 - 2013-04-05 08:33 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
2013-08-29 21:58 - 2013-03-24 23:34 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-08-29 21:58 - 2013-03-24 23:33 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\SearchProtect
2013-08-29 21:56 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Roaming\SearchProtect
2013-08-29 21:56 - 2013-04-05 08:32 - 00000000 ____D C:\ProgramData\Datamngr
2013-08-29 21:56 - 2013-03-24 23:36 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-08-29 21:56 - 2011-05-22 00:51 - 00000000 ____D C:\Program Files (x86)\Yontoo Layers
2013-08-29 18:00 - 2013-08-29 18:00 - 00001154 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 18:00 - 2013-08-29 18:00 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\Malwarebytes
2013-08-29 18:00 - 2013-08-29 01:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 17:49 - 2013-04-05 08:37 - 00001447 _____ C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2013-08-29 17:49 - 2013-04-05 08:35 - 00001129 _____ C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
2013-08-29 17:26 - 2013-08-24 17:26 - 00000000 ____D C:\Users\test\AppData\Roaming\AVG2013
2013-08-29 17:26 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Roaming\ArcSoft
2013-08-29 17:26 - 2013-08-16 18:24 - 00000000 ____D C:\Program Files (x86)\SoulseekQt
2013-08-29 17:26 - 2013-05-22 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-29 17:26 - 2013-03-24 23:34 - 00000000 ____D C:\Program Files (x86)\MixiDJ_V1
2013-08-29 17:26 - 2010-01-07 02:32 - 00000000 ____D C:\Program Files\Zune
2013-08-29 17:26 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-29 17:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-29 17:25 - 2013-08-24 17:29 - 00000000 ____D C:\Riot Games
2013-08-29 17:25 - 2013-08-24 17:28 - 00000000 ____D C:\Users\test\AppData\Roaming\Riot Games
2013-08-29 17:25 - 2013-08-24 17:27 - 00000000 ____D C:\Users\test\AppData\Local\Google
2013-08-29 17:25 - 2013-08-24 17:26 - 00000000 ____D C:\Users\test\AppData\Local\TOSHIBA
2013-08-29 17:25 - 2013-08-23 15:52 - 00000000 ____D C:\Users\Sherri\.swt
2013-08-29 17:25 - 2013-08-22 20:51 - 00000000 ____D C:\Users\Sherri\AppData\Local\Microsoft Games
2013-08-29 05:20 - 2013-08-29 05:20 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore
2013-08-29 02:01 - 2013-08-29 00:26 - 00000000 ____D C:\Users\test\AppData\Local\Microsoft Games
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes
2013-08-29 01:38 - 2013-08-29 01:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-28 20:08 - 2013-08-28 20:08 - 00000000 ____D C:\Users\test\AppData\Roaming\AVG
2013-08-28 19:44 - 2013-08-28 19:14 - 00000000 ____D C:\ProgramData\pubax
2013-08-28 19:42 - 2013-08-28 19:14 - 00000000 ____D C:\ProgramData\vhyf
2013-08-24 17:59 - 2013-08-24 17:29 - 00000000 ____D C:\Users\test\AppData\Local\PMB Files
2013-08-24 17:40 - 2013-08-24 17:39 - 00005120 _____ C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-24 17:32 - 2013-08-24 17:32 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia
2013-08-24 17:29 - 2013-08-24 17:29 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-08-24 17:29 - 2013-08-24 06:15 - 00000000 __SHD C:\AI_RecycleBin
2013-08-24 17:29 - 2013-08-02 01:18 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2013-08-24 17:28 - 2013-08-24 17:28 - 32229024 _____ (Riot Games) C:\Users\test\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2013-08-24 17:27 - 2013-08-24 17:25 - 00002300 _____ C:\Users\test\Desktop\Google Chrome.lnk
2013-08-24 17:26 - 2013-08-24 17:26 - 00000000 ____D C:\Users\test\AppData\Local\ArcSoft
2013-08-24 17:25 - 2013-08-24 17:25 - 00095672 _____ C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Roaming\Adobe
2013-08-24 17:25 - 2013-08-24 17:25 - 00000000 ____D C:\Users\test\AppData\Local\Avg2013
2013-08-24 17:24 - 2013-08-24 17:24 - 00000258 __RSH C:\Users\test\ntuser.pol
2013-08-24 17:24 - 2013-08-24 17:24 - 00000020 ___SH C:\Users\test\ntuser.ini
2013-08-24 16:59 - 2009-10-23 23:33 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-08-24 05:59 - 2012-08-12 21:42 - 00000000 ____D C:\Users\Sherri\Desktop\Dani
2013-08-24 05:43 - 2013-08-24 05:43 - 00003142 _____ C:\windows\System32\Tasks\{704AEEA8-0174-469B-A0F0-871D2FB77502}
2013-08-23 16:56 - 2009-09-02 23:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-23 15:55 - 2013-08-23 15:55 - 00000000 ___SD C:\Users\Sherri\Documents\My Pando Packages
2013-08-23 14:56 - 2009-07-14 01:13 - 00793204 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-22 22:14 - 2013-03-24 23:33 - 00000000 _____ C:\END
2013-08-22 20:28 - 2009-10-28 00:11 - 00000000 ____D C:\windows\System32\Tasks\Games
2013-08-21 01:21 - 2013-04-05 05:21 - 00000000 ____D C:\Users\Sherri\.gimp-2.8
2013-08-20 15:34 - 2012-11-21 07:27 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 15:34 - 2012-11-21 07:27 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 15:34 - 2011-05-16 09:54 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 16:04 - 2012-06-22 12:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 14:05 - 2013-08-18 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 18:34 - 2012-06-13 19:18 - 00000000 ____D C:\SMRTNTKY
2013-08-16 18:24 - 2013-08-16 18:24 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoulseekQt
2013-08-16 18:23 - 2013-08-16 18:23 - 07811497 _____ C:\Users\Sherri\Desktop\SoulseekQt-2013-8-3.exe
2013-08-14 03:43 - 2009-07-14 01:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-08-14 03:09 - 2009-09-18 07:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 03:07 - 2013-08-14 03:04 - 00000000 ____D C:\windows\system32\MRT
2013-08-14 03:04 - 2009-12-03 23:57 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-13 18:49 - 2013-03-24 23:36 - 00000258 __RSH C:\Users\Sherri\ntuser.pol
2013-08-08 21:50 - 2013-08-08 21:50 - 00000000 ____D C:\Users\Sherri\AppData\Roaming\LolClient
2013-08-07 16:03 - 2012-03-09 00:56 - 00773050 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-08-07 00:34 - 2013-08-07 00:34 - 00002762 _____ C:\windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012

Files to move or delete:
====================
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\Setup.exe
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupEngine.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupUi.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\SetupUtility.exe
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\sqmapi.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\3082\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\3076\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\2070\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\2052\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1055\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1053\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1049\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1046\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1045\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1044\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1043\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1042\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1041\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1040\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1038\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1037\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1036\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1035\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1033\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1032\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1031\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1030\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1029\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1028\SetupResources.dll
C:\Users\Sherri\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\1025\SetupResources.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 18:32

==================== End Of Log ============================

Link to post
Share on other sites

Nothing showing, delete these 3 folders:
You may have to enable hidden files to see them:
http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

C:\ProgramData\nspDDVn3
C:\ProgramData\pubax
C:\ProgramData\vhyf

------------------------------------------------

Then............

Download, install and run CCleaner free to clean out temp files.
Here's a Tutorial if needed.
You may want to un-check cookies.

Last.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.
 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

combo fix log:

 

 

ComboFix 13-09-04.04 - Sherri 09/05/2013  22:22:01.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3964.2177 [GMT -4:00]
Running from: c:\users\Sherri\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\search_ie.ico
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\abstraction.js
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\application.js
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
c:\users\Sherri\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
c:\users\Sherri\Documents\~WRL0003.tmp
c:\users\Sherri\Documents\~WRL0005.tmp
c:\users\Sherri\Documents\~WRL0006.tmp
c:\users\Sherri\Documents\~WRL0457.tmp
c:\users\test\AppData\Roaming\SearchProtect\ffprotect\abstraction.js
c:\users\test\AppData\Roaming\SearchProtect\ffprotect\application.js
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-06 to 2013-09-06  )))))))))))))))))))))))))))))))
.
.
2013-09-06 02:36 . 2013-09-06 02:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-06 01:18 . 2013-09-06 01:18    --------    d-----w-    c:\program files\CCleaner
2013-09-05 19:57 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6228103-7B06-454B-8450-027CD4FF0A51}\mpengine.dll
2013-09-05 19:56 . 2013-09-05 23:13    --------    d-----w-    C:\FRST
2013-09-05 19:37 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-30 02:05 . 2013-08-30 02:05    --------    d-----w-    c:\program files\HitmanPro
2013-08-30 02:03 . 2013-08-30 02:50    --------    d-----w-    c:\programdata\HitmanPro
2013-08-29 22:00 . 2013-08-29 22:00    --------    d-----w-    c:\users\Sherri\AppData\Roaming\Malwarebytes
2013-08-29 22:00 . 2013-04-04 18:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-29 05:38 . 2013-08-29 05:38    --------    d-----w-    c:\programdata\Malwarebytes
2013-08-29 05:38 . 2013-08-29 22:00    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-24 21:29 . 2013-08-29 21:25    --------    d-----w-    C:\Riot Games
2013-08-24 21:29 . 2013-09-05 19:36    --------    d-----w-    c:\programdata\PMB Files
2013-08-24 21:24 . 2013-09-05 19:36    --------    d-----w-    c:\users\test
2013-08-24 10:15 . 2013-08-24 21:29    --------    d-----w-    C:\AI_RecycleBin
2013-08-23 19:52 . 2013-08-29 21:25    --------    d-----w-    c:\users\Sherri\.swt
2013-08-23 00:51 . 2013-08-29 21:25    --------    d-----w-    c:\users\Sherri\AppData\Local\Microsoft Games
2013-08-22 19:48 . 2013-08-22 19:43    941720    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F46D6F7-051C-4D5F-B9D2-042F126805ED}\gapaengine.dll
2013-08-16 22:35 . 2013-08-26 03:25    --------    d-----w-    C:\soulseek-downloads
2013-08-16 22:32 . 2013-09-04 05:13    --------    d-----w-    c:\users\Sherri\AppData\Local\SoulseekQt
2013-08-16 22:24 . 2013-08-29 21:26    --------    d-----w-    c:\program files (x86)\SoulseekQt
2013-08-15 00:39 . 2013-07-26 05:13    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-08-15 00:39 . 2013-07-26 05:12    19239424    ----a-w-    c:\windows\system32\mshtml.dll
2013-08-15 00:39 . 2013-07-26 05:12    15405056    ----a-w-    c:\windows\system32\ieframe.dll
2013-08-14 21:08 . 2013-08-14 21:08    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-14 21:08 . 2013-08-14 21:08    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-08-14 07:04 . 2013-08-14 07:07    --------    d-----w-    c:\windows\system32\MRT
2013-08-13 23:40 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-13 23:40 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-13 23:40 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-13 23:40 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-13 23:40 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-13 23:40 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-13 23:40 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-13 23:40 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-13 23:40 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-13 23:40 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-09 01:50 . 2013-08-09 01:50    --------    d-----w-    c:\users\Sherri\AppData\Roaming\LolClient
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 19:34 . 2012-11-21 11:27    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 19:34 . 2011-05-16 13:54    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-14 07:04 . 2009-12-04 03:57    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-07-18 22:15 . 2013-07-06 16:16    941720    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-13 23:39    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-07 23:05 . 2013-07-07 23:05    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-07 23:05 . 2013-07-07 23:05    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-07-07 23:05 . 2013-07-07 23:05    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-07-07 23:05 . 2013-07-07 23:05    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-07-07 23:05 . 2013-07-07 23:05    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-07-07 23:05 . 2013-07-07 23:05    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-07-07 23:05 . 2013-07-07 23:05    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-07-07 23:05 . 2013-07-07 23:05    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-07-07 23:05 . 2013-07-07 23:05    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-07-07 23:05 . 2013-07-07 23:05    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-07-07 23:05 . 2013-07-07 23:05    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-07-07 23:05 . 2013-07-07 23:05    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-07 23:05 . 2013-07-07 23:05    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-07-07 23:05 . 2013-07-07 23:05    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-07-07 23:05 . 2013-07-07 23:05    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-07-07 23:05 . 2013-07-07 23:05    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-07-07 23:05 . 2013-07-07 23:05    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-07-07 23:05 . 2013-07-07 23:05    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-07-07 23:05 . 2013-07-07 23:05    441856    ----a-w-    c:\windows\system32\html.iec
2013-07-07 23:05 . 2013-07-07 23:05    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-07-07 23:05 . 2013-07-07 23:05    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-07-07 23:05 . 2013-07-07 23:05    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-07-07 23:05 . 2013-07-07 23:05    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-07-07 23:05 . 2013-07-07 23:05    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-07-07 23:05 . 2013-07-07 23:05    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-07-07 23:05 . 2013-07-07 23:05    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-07-07 23:05 . 2013-07-07 23:05    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-07-07 23:05 . 2013-07-07 23:05    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-07-07 23:05 . 2013-07-07 23:05    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-07-07 23:05 . 2013-07-07 23:05    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-07-07 23:05 . 2013-07-07 23:05    235008    ----a-w-    c:\windows\system32\url.dll
2013-07-07 23:05 . 2013-07-07 23:05    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-07 23:05 . 2013-07-07 23:05    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-07-07 23:05 . 2013-07-07 23:05    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-07-07 23:05 . 2013-07-07 23:05    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-07 23:05 . 2013-07-07 23:05    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-07 23:05 . 2013-07-07 23:05    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-07-07 23:05 . 2013-07-07 23:05    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-07-07 23:05 . 2013-07-07 23:05    149504    ----a-w-    c:\windows\system32\occache.dll
2013-07-07 23:05 . 2013-07-07 23:05    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-07-07 23:05 . 2013-07-07 23:05    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-07-07 23:05 . 2013-07-07 23:05    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-07-07 23:05 . 2013-07-07 23:05    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-07-07 23:05 . 2013-07-07 23:05    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-07-07 23:05 . 2013-07-07 23:05    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-07-07 23:05 . 2013-07-07 23:05    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-07-07 23:05 . 2013-07-07 23:05    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-07-07 23:05 . 2013-07-07 23:05    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-07-07 23:05 . 2013-07-07 23:05    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-07-07 23:02 . 2013-07-07 23:02    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-07-07 23:02 . 2013-07-07 23:02    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-07 23:02 . 2013-07-07 23:02    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-07-07 23:02 . 2013-07-07 23:02    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-07-07 23:02 . 2013-07-07 23:02    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-07-07 23:02 . 2013-07-07 23:02    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-07-07 23:02 . 2013-07-07 23:02    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-07-07 23:02 . 2013-07-07 23:02    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-07-07 23:02 . 2013-07-07 23:02    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-07-07 23:02 . 2013-07-07 23:02    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-07-07 23:02 . 2013-07-07 23:02    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-07-07 23:02 . 2013-07-07 23:02    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-07-07 23:02 . 2013-07-07 23:02    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-07-07 23:02 . 2013-07-07 23:02    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2013-07-07 23:02 . 2013-07-07 23:02    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2013-07-07 23:02 . 2013-07-07 23:02    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-07-07 23:02 . 2013-07-07 23:02    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-07-07 23:02 . 2013-07-07 23:02    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-07-07 23:02 . 2013-07-07 23:02    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-07-07 23:02 . 2013-07-07 23:02    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-07-07 23:02 . 2013-07-07 23:02    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-07-07 23:02 . 2013-07-07 23:02    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-07-07 23:02 . 2013-07-07 23:02    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-07-07 23:02 . 2013-07-07 23:02    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-07-07 23:02 . 2013-07-07 23:02    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-07-07 23:02 . 2013-07-07 23:02    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-07-07 23:02 . 2013-07-07 23:02    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-07-07 23:02 . 2013-07-07 23:02    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-07-07 23:02 . 2013-07-07 23:02    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn10\yt.dll" [2013-08-07 1561880]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-07-23 06:46    1451680    ----a-w-    c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{67097627-fd8e-4f6b-af4b-ecb65e50112e}]
2013-04-14 12:35    231712    ----a-w-    c:\program files (x86)\MixiDJ_V1\prxtbMix0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{67097627-fd8e-4f6b-af4b-ecb65e50112e}"= "c:\program files (x86)\MixiDJ_V1\prxtbMix0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{67097627-fd8e-4f6b-af4b-ecb65e50112e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"MusicManager"="c:\users\Sherri\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-06-20 7345664]
"HP Photosmart 5520 series (NET)"="c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Facebook Update"="c:\users\Sherri\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-28 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN32M151FV0602;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15    264048    ----a-w-    c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-31 15:25    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 19:34]
.
2013-09-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core.job
- c:\users\Sherri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28 07:29]
.
2013-09-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA.job
- c:\users\Sherri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28 07:29]
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 21:43]
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 21:43]
.
2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core.job
- c:\users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 03:37]
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA.job
- c:\users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 03:37]
.
2013-09-06 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-04-19 22:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\

FF - prefs.js: browser.search.selectedEngine - Google


FF - ExtSQL: 2013-09-02 15:44; {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}; c:\users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E8861423-0DAB-459E-A8D5-DB264E69E70C} - c:\program files (x86)\OApps\SelectionLinks.dll
Toolbar-Locked - (no file)
Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-DefaultTab - c:\users\Sherri\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-eMusic Promotion - c:\users\Sherri\AppData\Local\Temp\nsz77BB.tmp\eMusic\Uninst-eMusic-promotion.exe
AddRemove-InternetHelper3 Firefox Toolbar - c:\users\Sherri\AppData\Roaming\Conduit\Uninstaller\CT3277370\CT3277370.firefox.uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
   71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b9,e1,
   ef,a6,de,34,09,fa,9d,f8,59,8a,63,c9,f6
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
   25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
   36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
   33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,b5,8d,b2,de,4b,d6,40,ad,c7,64,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,b5,8d,b2,de,4b,d6,40,ad,c7,64,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-05  22:41:57
ComboFix-quarantined-files.txt  2013-09-06 02:41
.
Pre-Run: 401,561,522,176 bytes free
Post-Run: 401,186,312,192 bytes free
.
- - End Of File - - CAED7F2BAE4AF55CCFD3F66C6E644D68
5B5E648D12FCADC244C1EC30318E1EB9
 

Link to post
Share on other sites

Looks Good.....

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Link to post
Share on other sites

Nothing popped up so I clicked on report and got this..

And btw. At about 6 am this morning malware bytes randomly quarantined a ransomware file and I removed it, it was a sendori setup.exe file. I'm hoping that that was what was giving me a problem, I don't know how I could have gotten another one, all I was on was netflix. But my computer is still being super slow on startup which scares me that it's going to start with that screen. lol

 

 

RogueKiller V8.6.9 _x64_ [sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sherri [Admin rights]
Mode : Scan -- Date : 09/06/2013 20:12:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA.job : C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core.job : C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001Core : C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2957177768-920838209-864878691-1001UA : C:\Users\Sherri\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5055GSX +++++
--- User ---
[MBR] 616ccb5c8d03af813b6f66288efce3ae
[bSP] c91e89d55e94a91a95d9e51eb853596c : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464503 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954376192 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09062013_201240.txt >>
 

Link to post
Share on other sites

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Adwcleaner:

 

# AdwCleaner v3.003 - Report created 07/09/2013 at 17:44:42
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sherri - SHERRI-PC
# Running from : C:\Users\Sherri\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Search Results Toolbar
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Winamp Toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo Layers
Folder Deleted : C:\Program Files (x86)\MixiDJ_V1
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Sherri\AppData\Local\cre
Folder Deleted : C:\Users\Sherri\AppData\Local\Ilivid
Folder Deleted : C:\Users\Sherri\AppData\Local\PackageAware
Folder Deleted : C:\Users\Sherri\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Sherri\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Sherri\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Sherri\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Sherri\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Sherri\AppData\LocalLow\MixiDJ_V1
Folder Deleted : C:\Users\Sherri\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\WinampToolbarData
Folder Deleted : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
Folder Deleted : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj
Folder Deleted : C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj
[!] Folder Deleted : C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj
[!] Folder Deleted : C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj
[!] Folder Deleted : C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj
[!] Folder Deleted : C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\Sherri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Askcom.xml
File Deleted : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\searchplugins\search-here.xml
File Deleted : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3285873
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292584
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67097627-FD8E-4F6B-AF4B-ECB65E50112E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A2AFD7B-F171-41FD-922E-687B2720AAA7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67097627-FD8E-4F6B-AF4B-ECB65E50112E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A2AFD7B-F171-41FD-922E-687B2720AAA7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2A2AFD7B-F171-41FD-922E-687B2720AAA7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{321A92AC-93FD-4767-A506-986A362BB9FF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2367A93F-7CC6-47A3-8FB7-FFCC0B9B8DC2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{67097627-FD8E-4F6B-AF4B-ECB65E50112E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{67097627-FD8E-4F6B-AF4B-ECB65E50112E}]
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKCU\Software\MixiDJ_V1
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Winamp Toolbar
Key Deleted : HKLM\Software\MixiDJ_V1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V1 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Sherri\AppData\Roaming\Mozilla\Firefox\Profiles\m8uhglgt.default\prefs.js ]

Line Deleted : user_pref("CT3277370_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364845325444,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3292584_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364845325910,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3277370");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V1 Customized Web Search");

Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);


[ File : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\f8vbmlfa.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Sherri\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup
Deleted : search_url
Deleted : keyword

[ File : C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18891 octets] - [07/09/2013 17:36:53]
AdwCleaner[s0].txt - [18277 octets] - [07/09/2013 17:44:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [18338 octets] ##########
 

 

 

malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Sherri :: SHERRI-PC [administrator]

Protection: Enabled

9/7/2013 5:52:37 PM
mbam-log-2013-09-07 (17-52-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249524
Time elapsed: 9 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

It seems to be running better.

Link to post
Share on other sites

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Here you go.. sorry it's taking me so long to respond

 

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 AVG PC TuneUp   
 AVG PC TuneUp Language Pack (en-US)
 JavaFX 2.0.2    
 Java 7 Update 17  
 Java version out of Date!
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (23.0.1)
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 17 <-----please update, should be Update 25

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

---------------------------------

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.