Random audio

[jebbab25]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088  BrowserJavaVersion: 10.45.2
Run by James at 13:02:22 on 2014-01-05
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1791.152 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Windows\System32\FCA\Syslogin.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\FCA\FCACheck.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: InfoAtoms: {103089DA-0F31-4A8B-843F-7D24A7FE8345} -
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} -
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\18.7.1.3\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger] "c:\program files\strongvault online backup\ClientMessenger.exe"
uRun: [FCACheck] c:\windows\system32\fca\FCACheck.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [shopAtHomeWatcher] c:\users\family\appdata\roaming\shopathome\shopathomehelper\ShopAtHomeWatcher.exe
mRun: [FamilyCyberAlert] c:\windows\system32\fca\Syslogin.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\deskpins.lnk - c:\program files\deskpins\DeskPins.exe
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll





TCP: NameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{09A2A843-6100-4754-B010-9B16E65C5F3E} : DHCPNameServer = 24.116.0.53 24.116.2.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-3 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\bashdefs\20131203.001\BHDrvx86.sys [2013-12-3 1098968]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\ipsdefs\20140103.001\IDSvix86.sys [2014-1-3 394456]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-3 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1207010.003\symtdiv.sys [2012-4-3 331384]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-7-25 18944]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-5 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-5 701512]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-22 108120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-5 22856]
.
=============== Created Last 30 ================
.
2014-01-05 16:52:18 -------- d-----w- c:\users\james\appdata\roaming\Malwarebytes
2014-01-05 16:51:45 -------- d-----w- c:\programdata\Malwarebytes
2014-01-05 16:51:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-05 16:51:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-04 22:34:38 -------- d-----w- c:\users\james\appdata\roaming\Tific
.
==================== Find3M  ====================
.
2013-12-11 06:32:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 06:32:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 13:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 13:07:03.18 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/27/2011 9:34:25 PM
System Uptime: 1/5/2014 12:48:55 PM (1 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD |  | GF615M-P31  (MS-7597)
Processor: AMD Athlon II X2 255 Processor | CPU1 | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 128.011 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 3.625 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 466 GiB total, 214.807 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
3DVIA player 5.0.0.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 7.0
Adobe Photoshop Lightroom 3.2
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
aiofw
aioocr
aioprnt
aioscnnr
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Angry Birds Star Wars
Any Video Converter 3.2.7
Apple Application Support
Apple Software Update
center
Creo Elements/Direct Modeling Express 4.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeskPins (remove only)
eMusic Download Manager 5.0.1
eMusic Download Manager v5.0.2
FlipShare
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Help_CTR
helptut
helpug
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iLivid
InfoAtoms [uninstall]
Java 7 Update 45
Java Auto Updater
Java 6 Update 29
KODAK All-in-One Printer Software
ksdip
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Nikon Message Center
Nikon Transfer
Norton AntiVirus
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
PhotoshopdotcomInspirationBrowser
Picture Control Utility
QuickTime
Realtek Ethernet Controller Driver For Windows Vista
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SFR
Soft Data Fax Modem with SmartCP
swMSM
Uninstall Helper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
ViewNX
VUDU To Go
YTD Video Downloader 4.6
Zac Browser Gold
.
==== End Of File ===========================
 

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Let me see those two logs in next reply...

 

Kevin

[jebbab25]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by Family (ATTENTION: The logged in user is not administrator) on HOME-PC on 05-01-2014 13:49:52
Running from C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ7IB4ZX
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(InfoWorks Technology Company) C:\Windows\System32\FCA\Syslogin.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(InfoWorks Technology Company) C:\Windows\System32\FCA\FCACheck.exe
() C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ7IB4ZX\FRST[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe [1306624 2008-07-18] (Eastman Kodak Company)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [shopAtHomeWatcher] - C:\Users\Family\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM\...\Run: [FamilyCyberAlert] - C:\Windows\System32\FCA\Syslogin.exe [1723888 2012-10-13] (InfoWorks Technology Company)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\runonceex: [] - [x]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [FCACheck] - C:\Windows\System32\FCA\FCACheck.exe [36336 2012-10-11] (InfoWorks Technology Company)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk
ShortcutTarget: DeskPins.lnk -> C:\Program Files\DeskPins\DeskPins.exe (Elias Fotinis)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3272718&CUI=UN28566819883162170
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3272718&CUI=UN28566819883162170
SearchScopes: HKCU - DefaultScope {BC836AB3-D9D7-4226-B649-B5761E620339} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TLUS&apn_uid=043F8209-B1FB-49CC-948B-3029138F552B&apn_sauid=3FECF83F-6787-41CC-9D66-86516AE4ED0D&
SearchScopes: HKCU - {BC836AB3-D9D7-4226-B649-B5761E620339} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll No File
BHO: Coupon Companion Plugin - {11111111-1111-1111-1111-110211181104} - C:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll No File
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50

Chrome:
=======


CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (3DVIA player) - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Angry Birds) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Deal Slider ) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0
CHR Extension: (3D Bowling Game (Powered by WebGL)) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmldjnckdhpglpbpihecefhjbdajncjm\1.326.17.3033_0
CHR Extension: (Google Wallet) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Downhill Jam) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjegjjfdamcmjikplaghiloojkpmdfm\2.3.1_0
CHR Extension: (MixiDJ) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.22.5.510_0
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hhbgpoakplhahbklhkcfbpicgjcaoglk] - C:\Program Files\InfoAtoms\Chrome\InfoAtoms.crx
CHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\James\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 KodakSvc; C:\Program Files\Kodak\printer\center\KodakSvc.exe [18944 2008-07-25] (Eastman Kodak Company)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20131203.001\BHDrvx86.sys [1098968 2013-12-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-20] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20140103.001\IDSvix86.sys [394456 2013-12-11] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\VirusDefs\20140104.006\NAVENG.SYS [93272 2014-01-04] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\VirusDefs\20140104.006\NAVEX15.SYS [1612376 2014-01-04] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NAV\1207010.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1207010.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAV\1207010.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1207010.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-08-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1207010.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1207010.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
R1 HMFAxCore23f14cc2704814471a284145846ada24; HMFAxCore23f14cc2704814471a284145846ada24.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MSICDSetup; \??\E:\CDriver.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-05 13:49 - 2014-01-05 13:49 - 00000000 ____D C:\FRST
2014-01-05 13:09 - 2014-01-05 13:09 - 00005166 _____ C:\Users\James\Desktop\attach.txt
2014-01-05 13:09 - 2014-01-05 13:07 - 00010370 _____ C:\Users\James\Desktop\dds.txt
2014-01-05 12:21 - 2014-01-05 12:21 - 00762568 _____ C:\Users\James\AppData\Local\census.cache
2014-01-05 12:20 - 2014-01-05 12:20 - 00169771 _____ C:\Users\James\AppData\Local\ars.cache
2014-01-05 11:41 - 2014-01-05 11:41 - 00000036 _____ C:\Users\James\AppData\Local\housecall.guid.cache
2014-01-05 10:52 - 2014-01-05 10:52 - 00000000 ____D C:\Users\James\AppData\Roaming\Malwarebytes
2014-01-05 10:51 - 2014-01-05 10:51 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-05 10:51 - 2014-01-05 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-05 10:51 - 2014-01-05 10:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-05 10:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ____D C:\Users\James\AppData\Roaming\Tific
2014-01-04 10:18 - 2014-01-04 10:18 - 00028672 _____ C:\Windows\system32\ylauj.jhl
2014-01-04 10:08 - 2014-01-05 13:48 - 00000085 _____ C:\Windows\system32\xazike.ogd
2014-01-04 10:08 - 2014-01-04 10:18 - 00000099 _____ C:\Windows\system32\hqezab.gdz
2014-01-04 10:08 - 2014-01-04 10:08 - 00000064 _____ C:\Windows\system32\qlyxmz.swl
2014-01-04 09:52 - 2014-01-04 09:52 - 00101213 ____S C:\Windows\system32\yskv.xlm
2014-01-03 19:54 - 2014-01-03 19:54 - 00000000 ____D C:\Users\Family\Documents\01-03-2014
2013-12-23 19:14 - 2013-12-23 19:14 - 00002003 _____ C:\Users\Family\Desktop\Chrome App Launcher.lnk
2013-12-23 19:14 - 2013-12-23 19:14 - 00000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

==================== One Month Modified Files and Folders =======

2014-01-05 13:49 - 2014-01-05 13:49 - 00000000 ____D C:\FRST
2014-01-05 13:48 - 2014-01-04 10:08 - 00000085 _____ C:\Windows\system32\xazike.ogd
2014-01-05 13:42 - 2008-01-20 19:35 - 01863158 _____ C:\Windows\WindowsUpdate.log
2014-01-05 13:38 - 2013-11-23 10:34 - 00000286 _____ C:\Windows\Tasks\bench-Updater removing.job
2014-01-05 13:38 - 2012-12-22 10:17 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 13:37 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 13:37 - 2006-11-02 06:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 13:37 - 2006-11-02 06:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 13:35 - 2006-11-02 07:01 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-05 13:34 - 2013-02-18 08:43 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps
2014-01-05 13:32 - 2013-07-12 21:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 13:27 - 2012-12-22 10:17 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 13:09 - 2014-01-05 13:09 - 00005166 _____ C:\Users\James\Desktop\attach.txt
2014-01-05 13:07 - 2014-01-05 13:09 - 00010370 _____ C:\Users\James\Desktop\dds.txt
2014-01-05 12:21 - 2014-01-05 12:21 - 00762568 _____ C:\Users\James\AppData\Local\census.cache
2014-01-05 12:20 - 2014-01-05 12:20 - 00169771 _____ C:\Users\James\AppData\Local\ars.cache
2014-01-05 12:00 - 2011-08-27 18:40 - 00001356 _____ C:\Users\James\AppData\Local\d3d9caps.dat
2014-01-05 11:41 - 2014-01-05 11:41 - 00000036 _____ C:\Users\James\AppData\Local\housecall.guid.cache
2014-01-05 11:25 - 2008-01-20 20:47 - 00055238 _____ C:\Windows\PFRO.log
2014-01-05 10:54 - 2011-08-28 14:10 - 00153600 _____ C:\Users\Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-05 10:52 - 2014-01-05 10:52 - 00000000 ____D C:\Users\James\AppData\Roaming\Malwarebytes
2014-01-05 10:51 - 2014-01-05 10:51 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-05 10:51 - 2014-01-05 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-05 10:51 - 2014-01-05 10:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-05 10:34 - 2013-11-21 17:48 - 00000332 _____ C:\Windows\Tasks\bench-sys.job
2014-01-05 02:36 - 2006-11-02 04:33 - 00708868 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 21:22 - 2011-08-28 13:45 - 00004608 _____ C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ____D C:\Users\James\AppData\Roaming\Tific
2014-01-04 11:39 - 2013-02-07 22:53 - 00000000 ____D C:\Windows\system32\FCA
2014-01-04 11:39 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\system32\spool
2014-01-04 11:39 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\registration
2014-01-04 10:18 - 2014-01-04 10:18 - 00028672 _____ C:\Windows\system32\ylauj.jhl
2014-01-04 10:18 - 2014-01-04 10:08 - 00000099 _____ C:\Windows\system32\hqezab.gdz
2014-01-04 10:08 - 2014-01-04 10:08 - 00000064 _____ C:\Windows\system32\qlyxmz.swl
2014-01-04 09:52 - 2014-01-04 09:52 - 00101213 ____S C:\Windows\system32\yskv.xlm
2014-01-04 09:50 - 2011-10-03 19:46 - 00000000 ____D C:\Users\Family\AppData\Local\CrashDumps
2014-01-03 21:33 - 2011-10-02 20:18 - 00000000 ____D C:\Users\Family\Documents\Resume
2014-01-03 19:54 - 2014-01-03 19:54 - 00000000 ____D C:\Users\Family\Documents\01-03-2014
2013-12-29 12:49 - 2011-08-28 11:50 - 00000400 _____ C:\Windows\Tasks\EasyShare Registration Task.job
2013-12-25 20:41 - 2006-11-02 06:52 - 00034600 _____ C:\Windows\setupact.log
2013-12-23 19:14 - 2013-12-23 19:14 - 00002003 _____ C:\Users\Family\Desktop\Chrome App Launcher.lnk
2013-12-23 19:14 - 2013-12-23 19:14 - 00000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-12-21 15:49 - 2011-08-28 13:54 - 00000000 ____D C:\Users\Family
2013-12-12 03:03 - 2011-09-08 21:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 00:32 - 2012-07-06 19:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 00:32 - 2011-08-27 22:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT

Some content of TEMP:
====================
C:\Users\Family\AppData\Local\Temp\tmpB534.exe
C:\Users\James\AppData\Local\Temp\7.6.20.1-EasyShrx.Dll
C:\Users\James\AppData\Local\Temp\7.8.50.2-EasyShrx.Dll
C:\Users\James\AppData\Local\Temp\8A70.tmpcrt.dll
C:\Users\James\AppData\Local\Temp\8ACF.tmpcrt.dll
C:\Users\James\AppData\Local\Temp\ApnStub.exe
C:\Users\James\AppData\Local\Temp\BF98.tmpcrt.dll
C:\Users\James\AppData\Local\Temp\C276.tmpcrt.dll
C:\Users\James\AppData\Local\Temp\checktbexist.exe
C:\Users\James\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\James\AppData\Local\Temp\htmlayout.dll
C:\Users\James\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\James\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\James\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\James\AppData\Local\Temp\Strongvault.exe
C:\Users\James\AppData\Local\Temp\tbMixi.dll
C:\Users\James\AppData\Local\Temp\uninstall815535349.exe
C:\Users\James\AppData\Local\Temp\uninstall815547580.exe
C:\Users\James\AppData\Local\Temp\uninstall815548064.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-08-28 02:23] - [2009-03-02 22:39] - 0551424 ____A (Microsoft Corporation) 86D59D766DF856F4325284405A98D2FF

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-01-2014
Ran by Family at 2014-01-05 13:51:07
Running from C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ7IB4ZX
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton AntiVirus (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

3DVIA player 5.0.0.20 (Version: 5.0.20 - 3DVIA)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 3.2 (Version: 3.2.1 - Adobe)
Adobe Photoshop.com Inspiration Browser (Version: 2.61 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638 - Adobe Systems, Inc.)
aiofw (Version: 2.04.0000.0000 - Eastman Kodak Company) Hidden
aioocr (Version: 1.00.0000 - kodak) Hidden
aioprnt (Version: 2.04.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (Version: 2.04.0000.0000 - Eastman Kodak Company) Hidden
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (Version: 1.0.18 - Amazon Services LLC)
Amazon MP3 Uploader (Version: 1.0.5 - Amazon Services LLC)
Amazon MP3 Uploader (Version: 1.0.5 - Amazon Services LLC) Hidden
Angry Birds Star Wars (Version: 1.1.0 - Rovio)
Any Video Converter 3.2.7 (Version:  - Any-Video-Converter.com)
Apple Application Support (Version: 2.1.5 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
center (Version: 2.04.0000.0000 - Eastman Kodak Company) Hidden
Creo Elements/Direct Modeling Express 4.0 (Version: 40.0.10020 - Parametric Technology GmbH)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
DeskPins (remove only) (Version:  - )
eMusic Download Manager 5.0.1 (Version:  - )
eMusic Download Manager v5.0.2 (Version: 5.0.2 - eMusic.com Inc.)
FlipShare (Version: 5.12.3.0 - Flip Video)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Help_CTR (Version: 2.04.0000.000 - Eastman Kodak Company) Hidden
helptut (Version: 2.00.0000.0000 - kodak) Hidden
helpug (Version: 2.04.0000.0000 - kodak) Hidden
iLivid (Version: 1.92 - Bandoo Media Inc) <==== ATTENTION
InfoAtoms [uninstall] (Version: 1.5.0.0 - InfoAtoms)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 29 (Version: 6.0.290 - Oracle)
KODAK All-in-One Printer Software (Version:  - Eastman Kodak Company)
ksdip (Version: 2.00.0000.0000 - Eastman Kodak Company) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (Version: 14.0.6106.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) Hidden
Nikon Message Center (Version: 0.92.000 - Nikon)
Nikon Transfer (Version: 1.0.2 - Nikon)
Norton AntiVirus (Version: 18.7.1.3 - Symantec Corporation)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
PhotoshopdotcomInspirationBrowser (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (Version: 1.0.3 - Nikon)
QuickTime (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista (Version: 6.241.623.2010 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) Hidden
Soft Data Fax Modem with SmartCP (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Uninstall Helper (Version: 2.0.1.0 - InstallX, LLC)
Uninstall Helper (Version: 2.0.1.0 - InstallX, LLC) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
ViewNX (Version: 1.0.3 - Nikon)
VUDU To Go (Version: 1.0.0 - Vudu)
VUDU To Go (Version: 1.0.0 - Vudu) Hidden
YTD Video Downloader 4.6 (Version: 4.6 - GreenTree Applications SRL)
Zac Browser Gold (Version: 1.1.2 - People CD Inc.)
Zac Browser Gold (Version: 1.1.2 - People CD Inc.) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.

==================== Hosts content: ==========================

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\bench-sys.job => ?
Task: C:\Windows\Tasks\bench-Updater removing.job => ?
Task: C:\Windows\Tasks\EasyShare Registration Task.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-07 22:53 - 2008-10-30 12:05 - 00049152 _____ () C:\Windows\System32\FCA\Infokbl.DLL
2013-02-07 22:53 - 2009-01-04 14:54 - 00057344 _____ () C:\Windows\System32\FCA\InfoUtil.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2014 01:38:44 PM) (Source: Application Error) (User: )
Description: Faulting application taskeng.exe, version 6.0.6001.18551, time stamp 0x4cd35598, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x0000a11d,
process id 0xc50, application start time 0xtaskeng.exe0.

Error: (01/05/2014 01:37:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 01:34:59 PM) (Source: Software Licensing Service) (User: )
Description: License Activation Scheduler (SLUINotify.dll) failed with the following error code:
0x800401E4

Error: (01/05/2014 01:34:39 PM) (Source: Application Error) (User: )
Description: Faulting application Syslogin.exe, version 5.0.0.3, time stamp 0x50795698, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x079649f8,
process id 0xf5c, application start time 0xSyslogin.exe0.

Error: (01/05/2014 00:50:07 PM) (Source: Application Error) (User: )
Description: Faulting application taskeng.exe, version 6.0.6001.18551, time stamp 0x4cd35598, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x0000a11d,
process id 0xa80, application start time 0xtaskeng.exe0.

Error: (01/05/2014 00:49:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 00:43:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 00:42:37 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/05/2014 00:37:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 00:36:49 PM) (Source: Application Error) (User: )
Description: Faulting application taskeng.exe, version 6.0.6001.18551, time stamp 0x4cd35598, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x0000a11d,
process id 0x3d8, application start time 0xtaskeng.exe0.

System errors:
=============
Error: (01/05/2014 01:37:35 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (01/05/2014 01:34:59 PM) (Source: Service Control Manager) (User: )
Description: SL UI Notification Service2147746276 (0x800401E4)

Error: (01/05/2014 01:33:57 PM) (Source: Service Control Manager) (User: )
Description: 2Reboot the machineDCOM Server Process Launcher%%1190

Error: (01/05/2014 01:33:56 PM) (Source: Service Control Manager) (User: )
Description: Plug and Play1600002Reboot the machine

Error: (01/05/2014 01:33:56 PM) (Source: Service Control Manager) (User: )
Description: DCOM Server Process Launcher1600002Reboot the machine

Error: (01/05/2014 00:49:41 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (01/05/2014 00:43:28 PM) (Source: Service Control Manager) (User: )
Description: BHDrvx86
eeCtrl
IDSVix86
spldr
SRTSP
SRTSPX
SymIRON
SYMTDIv
Wanarpv6

Error: (01/05/2014 00:43:28 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (01/05/2014 00:42:39 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/05/2014 00:42:37 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (01/05/2014 01:38:44 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6001.185514cd35598msvcrt.dll7.0.6001.180004791a727c00000050000a11dc5001cf0a4dbdfec9e1

Error: (01/05/2014 01:37:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 01:34:59 PM) (Source: Software Licensing Service)(User: )
Description: 0x800401E4

Error: (01/05/2014 01:34:39 PM) (Source: Application Error)(User: )
Description: Syslogin.exe5.0.0.350795698unknown0.0.0.000000000c0000005079649f8f5c01cf0a4701d997ae

Error: (01/05/2014 00:50:07 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6001.185514cd35598msvcrt.dll7.0.6001.180004791a727c00000050000a11da8001cf0a46ea7eb5ee

Error: (01/05/2014 00:49:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 00:43:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 00:42:37 PM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/05/2014 00:37:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 00:36:49 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.0.6001.185514cd35598msvcrt.dll7.0.6001.180004791a727c00000050000a11d3d801cf0a45184c7cc8

CodeIntegrity Errors:
===================================
  Date: 2014-01-05 13:50:01.243
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 13:50:01.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 13:50:01.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 13:50:00.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 13:50:00.917
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 13:50:00.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 13:50:00.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 13:50:00.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 13:50:00.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-05 13:50:00.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 84%
Total physical RAM: 1790.5 MB
Available physical RAM: 275.38 MB
Total Pagefile: 3829.05 MB
Available Pagefile: 2148.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.24 GB) (Free:128.12 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:10.85 GB) (Free:3.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (My Book) (Fixed) (Total:465.64 GB) (Free:214.81 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================

[kevinf80]

Run FRST one more time,

Type the following in the edit box after "Search:".

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.
 

[jebbab25]

Farbar Recovery Scan Tool (x86) Version: 04-01-2014
Ran by James at 2014-01-05 15:55:18
Running from C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP1P0RJV
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2011-08-28 02:23] - [2009-03-02 22:32] - 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2011-08-28 02:23] - [2009-03-02 22:39] - 0551424 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2008-01-20 20:24] - [2008-01-20 20:24] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2011-08-28 02:23] - [2009-03-02 22:17] - 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5E

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2011-08-28 02:23] - [2009-03-02 22:19] - 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CE

C:\Windows\System32\rpcss.dll
[2011-08-28 02:23] - [2009-03-02 22:39] - 0551424 ____A (Microsoft Corporation) 86D59D766DF856F4325284405A98D2FF

C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2011-08-31 17:43] - [2009-04-11 00:28] - 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9

=== End Of Search ===

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs, also let me know if any remaining issues or concerns...

 

Kevin

 

 

 

fixlist.txt

[jebbab25]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-01-2014
Ran by James at 2014-01-05 16:30:59 Run:1
Running from C:\Users\James\Documents
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...566819883162170
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...566819883162170
SearchScopes: HKCU - DefaultScope {BC836AB3-D9D7-4226-B649-B5761E620339} URL = http://websearch.sho...&q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...66-86516AE4ED0D&
SearchScopes: HKCU - {BC836AB3-D9D7-4226-B649-B5761E620339} URL = http://websearch.sho...&q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll No File
BHO: Coupon Companion Plugin - {11111111-1111-1111-1111-110211181104} - C:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} -  No File
2014-01-04 10:18 - 2014-01-04 10:18 - 00028672 _____ C:\Windows\system32\ylauj.jhl
2014-01-04 10:08 - 2014-01-05 13:48 - 00000085 _____ C:\Windows\system32\xazike.ogd
2014-01-04 10:08 - 2014-01-04 10:18 - 00000099 _____ C:\Windows\system32\hqezab.gdz
2014-01-04 10:08 - 2014-01-04 10:08 - 00000064 _____ C:\Windows\system32\qlyxmz.swl
2014-01-04 09:52 - 2014-01-04 09:52 - 00101213 ____S C:\Windows\system32\yskv.xlm
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\Users\Family\AppData\Local\Temp\tmpB534.exe
C:\Users\James\AppData\Local\Temp\7.6.20.1-EasyShrx.Dll
C:\Users\James\AppData\Local\Temp\7.8.50.2-EasyShrx.Dll
C:\Users\James\AppData\Local\Temp\8A70.tmpcrt.dll
C:\Users\James\AppData\Local\Temp\8ACF.tmpcrt.dll
C:\Users\James\AppData\Local\Temp\ApnStub.exe
C:\Users\James\AppData\Local\Temp\BF98.tmpcrt.dll
C:\Users\James\AppData\Local\Temp\C276.tmpcrt.dll
C:\Users\James\AppData\Local\Temp\checktbexist.exe
C:\Users\James\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\James\AppData\Local\Temp\htmlayout.dll
C:\Users\James\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\James\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\James\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\James\AppData\Local\Temp\Strongvault.exe
C:\Users\James\AppData\Local\Temp\tbMixi.dll
C:\Users\James\AppData\Local\Temp\uninstall815535349.exe
C:\Users\James\AppData\Local\Temp\uninstall815547580.exe
C:\Users\James\AppData\Local\Temp\uninstall815548064.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\bench-sys.job => ?
Task: C:\Windows\Tasks\bench-Updater removing.job => ?
Task: C:\Windows\Tasks\EasyShare Registration Task.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll C:\Windows\System32\rpcss.dll
End

 

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC836AB3-D9D7-4226-B649-B5761E620339} => Key not found.
HKCR\Wow6432Node\CLSID\{BC836AB3-D9D7-4226-B649-B5761E620339} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{103089DA-0F31-4A8B-843F-7D24A7FE8345} => Key deleted successfully.
HKCR\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110211181104} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Value not found.
HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Key not found.
C:\Windows\system32\ylauj.jhl => Moved successfully.
C:\Windows\system32\xazike.ogd => Moved successfully.
Could not move "C:\Windows\system32\hqezab.gdz" => Scheduled to move on reboot.
C:\Windows\system32\qlyxmz.swl => Moved successfully.
Could not move "C:\Windows\system32\yskv.xlm" => Scheduled to move on reboot.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\ProgramData\PKP_DLdw.DAT => Moved successfully.
C:\Users\Family\AppData\Local\Temp\tmpB534.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\7.6.20.1-EasyShrx.Dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\7.8.50.2-EasyShrx.Dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\8A70.tmpcrt.dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\8ACF.tmpcrt.dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\BF98.tmpcrt.dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\C276.tmpcrt.dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\checktbexist.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\mconduitinstaller.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\Strongvault.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\tbMixi.dll => Moved successfully.
C:\Users\James\AppData\Local\Temp\uninstall815535349.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\uninstall815547580.exe => Moved successfully.
C:\Users\James\AppData\Local\Temp\uninstall815548064.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\bench-sys.job => Moved successfully.
C:\Windows\Tasks\bench-Updater removing.job => Moved successfully.
C:\Windows\Tasks\EasyShare Registration Task.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-05 16:33:32)<=

C:\Windows\system32\hqezab.gdz => Moved successfully.
C:\Windows\system32\yskv.xlm => Moved successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.05.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
James :: HOME-PC [administrator]

Protection: Enabled

1/5/2014 4:39:16 PM
mbam-log-2014-01-05 (16-39-16).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 446158
Time elapsed: 1 hour(s), 26 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.Optional.InfoAtoms) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.Optional.InfoAtoms) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E4607B39-174A-44BA-AB08-8892366ECA13} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4607B39-174A-44BA-AB08-8892366ECA13} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021804.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021804.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021804.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021804.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\James\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\Bench\Updater (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.
C:\Program Files\Bench\Updater\1.7.0.0 (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.

Files Detected: 28
C:\FRST\Quarantine\checktbexist.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\uninstall815535349.exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.
C:\Program Files\Bench\Updater\1.7.0.0\Updater.exe (PUP.Optional.Adwareplugin) -> Quarantined and deleted successfully.
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Program Files\iLivid\uninstall.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Family\AppData\Local\Temp\is135653842\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Family\AppData\Local\Temp\is135653842\SaveTheChildren_20120320.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Users\Family\Downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Family\Downloads\iLividSetupV1 (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Family\Downloads\iLividSetupV1 (2).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Family\Downloads\iLividSetupV1 (3).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Family\Downloads\iLividSetupV1.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\dlm1E13.tmp\YTDSetup.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\CT3272718.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\dtime.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\ct3272718\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\Bench\Updater\products.xml (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.
C:\Program Files\Bench\Updater\Updater.exe (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.

(end)

 

 

No issues currently. Thank you so much for your help, Kevin.

[kevinf80]

Yes is new infection, one of the forum experts (B-boy/StyLe/) point me in the right direction... We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report in next reply

 

Finally....

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those two logs in next reply,

 

Thanks,

 

Kevin

 

[jebbab25]

ESET found these threats.

 

C:\FRST\Quarantine\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\FRST\Quarantine\tbMixi.dll a variant of Win32/Toolbar.Conduit.B application
C:\FRST\Quarantine\uninstall815547580.exe a variant of Win32/YourFileDownloader.B application
C:\Program Files\FK_Monitor\service.exe Win32/KeyLogger.Gratis.A application
C:\Program Files\W3i\UninstallHelper\UninstallHelper.exe probably a variant of Win32/InstallIQ.A application
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application
C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM9NH77S\cbsidlm-cbsi145-YTD_Video_Downloader-SEO-10647340[1].exe a variant of Win32/CNETInstaller.B application
C:\Users\Family\AppData\Local\Temp\ICReinstall\cnet_avc-free_exe[1].exe a variant of Win32/InstallCore.D application
C:\Users\Family\AppData\Local\Temp\is1598539481\263474564_Setup.DAT Win32/OpenCandy application
C:\Users\Family\Downloads\avc-free.exe Win32/OpenCandy application
C:\Users\James\Downloads\Keyloggerzip\setup.exe Win32/KeyLogger.Gratis.A application
C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D application
F:\My Documents\Family Backup\Documents\Downloads\thehat.exe a variant of Win32/Toolbar.Conduit.B application
F:\My Documents\Family Backup\Downloads\any-video-converter-free.exe Win32/OpenCandy application
F:\My Documents\Family Backup\Downloads\avc-free (1).exe Win32/OpenCandy application
F:\My Documents\Family Backup\Downloads\avc-free.exe Win32/OpenCandy application
F:\Home PC as of 1_4_14\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM9NH77S\cbsidlm-cbsi145-YTD_Video_Downloader-SEO-10647340[1].exe a variant of Win32/CNETInstaller.B application
F:\Home PC as of 1_4_14\Family\AppData\Local\Temp\ICReinstall\cnet_avc-free_exe[1].exe a variant of Win32/InstallCore.D application
F:\Home PC as of 1_4_14\Family\AppData\Local\Temp\is135653842\MyBabylonTB.exe Win32/Toolbar.Babylon application
F:\Home PC as of 1_4_14\Family\AppData\Local\Temp\is1598539481\263474564_Setup.DAT Win32/OpenCandy application
F:\Home PC as of 1_4_14\Family\Downloads\avc-free.exe Win32/OpenCandy application
F:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite application
F:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (2).exe Win32/Toolbar.SearchSuite application
F:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (3).exe Win32/Toolbar.SearchSuite application
F:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
F:\Home PC as of 1_4_14\Family\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ.A application
F:\Home PC as of 1_4_14\James\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application
F:\Home PC as of 1_4_14\James\AppData\Local\Temp\tbMixi.dll a variant of Win32/Toolbar.Conduit.B application
F:\Home PC as of 1_4_14\James\AppData\Local\Temp\uninstall815535349.exe a variant of Win32/ExpressDownloader.H application
F:\Home PC as of 1_4_14\James\AppData\Local\Temp\uninstall815547580.exe a variant of Win32/YourFileDownloader.B application
F:\Home PC as of 1_4_14\James\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application
F:\Home PC as of 1_4_14\James\AppData\Local\Temp\ct3272718\ieLogic.exe multiple threats
F:\Home PC as of 1_4_14\James\AppData\Local\Temp\dlm1E13.tmp\YTDSetup.exe multiple threats
F:\Home PC as of 1_4_14\James\Downloads\Keyloggerzip\setup.exe Win32/KeyLogger.Gratis.A application

 

 Results of screen317's Security Check version 0.99.78 
 Windows Vista Service Pack 1 x86 (UAC is enabled) 
 Out of date service pack!!
 Internet Explorer 8 Out of date!
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton AntiVirus  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 29 
 Java 7 Update 45 
 Adobe Flash Player  11.9.900.170 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Google Chrome 31.0.1650.57 
 Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Norton AntiVirus Engine 18.7.1.3 ccSvcHst.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

[kevinf80]

Uninstall the two following programs via Programs and Features:

FK_Monitor
W3i

Next,

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files
  
  

  :FilesC:\ProgramData\APNC:\Users\All Users\APNC:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM9NH77S\cbsidlm-cbsi145-YTD_Video_Downloader-SEO-10647340[1].exeC:\Users\Family\AppData\Local\Temp\ICReinstall\cnet_avc-free_exe[1].exeC:\Users\Family\AppData\Local\Temp\is1598539481\263474564_Setup.DATC:\Users\Family\Downloads\avc-free.exeC:\Users\James\Downloads\Keyloggerzip\setup.exeC:\Windows\System32\Adobe\Shockwave 11\gt.exeF:\My Documents\Family Backup\Documents\Downloads\thehat.exenF:\My Documents\Family Backup\Downloads\any-video-converter-free.exeF:\My Documents\Family Backup\Downloads\avc-free (1).exeF:\My Documents\Family Backup\Downloads\avc-free.exeF:\Home PC as of 1_4_14\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM9NH77S\cbsidlm-cbsi145-YTD_Video_Downloader-SEO-10647340[1].exeF:\Home PC as of 1_4_14\Family\AppData\Local\Temp\ICReinstall\cnet_avc-free_exe[1].exeF:\Home PC as of 1_4_14\Family\AppData\Local\Temp\is135653842\MyBabylonTB.exeF:\Home PC as of 1_4_14\Family\AppData\Local\Temp\is1598539481\263474564_Setup.DATF:\Home PC as of 1_4_14\Family\Downloads\avc-free.exeF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (1).exeF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (2).exeF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (3).exeF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1.exeF:\Home PC as of 1_4_14\Family\Downloads\movie_player_1280.exeF:\Home PC as of 1_4_14\James\AppData\Local\Temp\ApnStub.exeF:\Home PC as of 1_4_14\James\AppData\Local\Temp\tbMixi.dllF:\Home PC as of 1_4_14\James\AppData\Local\Temp\uninstall815535349.exeF:\Home PC as of 1_4_14\James\AppData\Local\Temp\uninstall815547580.exeF:\Home PC as of 1_4_14\James\AppData\Local\Temp\BabylonToolbaF:\Home PC as of 1_4_14\James\AppData\Local\Temp\ct3272718\ieLogic.exeF:\Home PC as of 1_4_14\James\AppData\Local\Temp\dlm1E13.tmp\YTDSetup.exeF:\Home PC as of 1_4_14\James\Downloads\Keyloggerzip:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

I see the operating system has not been updated to service pack 2 (SP2). That update is crucial and should be done asap to keep the system safe. Go to the following link for advice/help with SP2 installation:

 

http://windows.microsoft.com/en-gb/windows-vista/learn-how-to-install-windows-vista-service-pack-2-sp2

 

Post log from OTM, also let me know if the other steps complete. Give update on any remaining issues or concerns...

 

Thanks,

 

Kevin

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!