jebbab25 Posted January 5, 2014 ID:773949 Share Posted January 5, 2014 DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.45.2Run by James at 13:02:22 on 2014-01-05Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1791.152 [GMT -6:00].AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\SLsvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\WUDFHost.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Flip Video\FlipShare\FlipShareService.exeC:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exeC:\Program Files\Kodak\printer\center\KodakSvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\DRIVERS\xaudio.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\DllHost.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exeC:\Windows\System32\FCA\Syslogin.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\FCA\FCACheck.exeC:\Program Files\DeskPins\DeskPins.exeC:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\system32\taskeng.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroup.============== Pseudo HJT Report ===============.uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: InfoAtoms: {103089DA-0F31-4A8B-843F-7D24A7FE8345} -BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} -BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\18.7.1.3\ips\ipsbho.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [Messenger] "c:\program files\strongvault online backup\ClientMessenger.exe"uRun: [FCACheck] c:\windows\system32\fca\FCACheck.exemRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [shopAtHomeWatcher] c:\users\family\appdata\roaming\shopathome\shopathomehelper\ShopAtHomeWatcher.exemRun: [FamilyCyberAlert] c:\windows\system32\fca\Syslogin.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\deskpins.lnk - c:\program files\deskpins\DeskPins.exeStartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exemPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllTCP: NameServer = 24.116.0.53 24.116.2.50TCP: Interfaces\{09A2A843-6100-4754-B010-9B16E65C5F3E} : DHCPNameServer = 24.116.0.53 24.116.2.50Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLLLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-3 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-3 744568]R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\bashdefs\20131203.001\BHDrvx86.sys [2013-12-3 1098968]R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\ipsdefs\20140103.001\IDSvix86.sys [2014-1-3 394456]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-3 136312]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1207010.003\symtdiv.sys [2012-4-3 331384]R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-7-25 18944]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-5 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-5 701512]R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-22 108120]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-5 22856].=============== Created Last 30 ================.2014-01-05 16:52:18 -------- d-----w- c:\users\james\appdata\roaming\Malwarebytes2014-01-05 16:51:45 -------- d-----w- c:\programdata\Malwarebytes2014-01-05 16:51:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-01-05 16:51:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-01-04 22:34:38 -------- d-----w- c:\users\james\appdata\roaming\Tific.==================== Find3M ====================.2013-12-11 06:32:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-12-11 06:32:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-10-08 13:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll.============= FINISH: 13:07:03.18 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 8/27/2011 9:34:25 PMSystem Uptime: 1/5/2014 12:48:55 PM (1 hours ago).Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | GF615M-P31 (MS-7597)Processor: AMD Athlon II X2 255 Processor | CPU1 | 3100/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 287 GiB total, 128.011 GiB free.D: is FIXED (NTFS) - 11 GiB total, 3.625 GiB free.E: is CDROM ()F: is FIXED (FAT32) - 466 GiB total, 214.807 GiB free.G: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================.3DVIA player 5.0.0.20Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Photoshop Elements 7.0Adobe Photoshop Lightroom 3.2Adobe Photoshop.com Inspiration BrowserAdobe Reader X (10.1.8)Adobe Shockwave Player 11.6aiofwaioocraioprntaioscnnrAmazon MP3 Downloader 1.0.15Amazon MP3 UploaderAngry Birds Star WarsAny Video Converter 3.2.7Apple Application SupportApple Software UpdatecenterCreo Elements/Direct Modeling Express 4.0Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDeskPins (remove only)eMusic Download Manager 5.0.1eMusic Download Manager v5.0.2FlipShareGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHelp_CTRhelptuthelpugHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)iLividInfoAtoms [uninstall]Java 7 Update 45Java Auto UpdaterJava 6 Update 29KODAK All-in-One Printer SoftwareksdipMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 3.5 SP1Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Visual C++ 2005 RedistributableMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)netbrdgNikon Message CenterNikon TransferNorton AntiVirusNVIDIA Control Panel 307.83NVIDIA Display Control PanelNVIDIA DriversNVIDIA Graphics Driver 307.83NVIDIA Install ApplicationNVIDIA Update 1.10.8NVIDIA Update ComponentsPhotoshopdotcomInspirationBrowserPicture Control UtilityQuickTimeRealtek Ethernet Controller Driver For Windows VistaSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2837597) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionSFRSoft Data Fax Modem with SmartCPswMSMUninstall HelperUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionViewNXVUDU To GoYTD Video Downloader 4.6Zac Browser Gold.==== End Of File =========================== Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2014 ID:773957 Share Posted January 5, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Let me see those two logs in next reply... Kevin Link to post Share on other sites More sharing options...
jebbab25 Posted January 5, 2014 Author ID:773962 Share Posted January 5, 2014 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014Ran by Family (ATTENTION: The logged in user is not administrator) on HOME-PC on 05-01-2014 13:49:52Running from C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ7IB4ZXMicrosoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal==================== Processes (Whitelisted) ===================(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe(InfoWorks Technology Company) C:\Windows\System32\FCA\Syslogin.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(InfoWorks Technology Company) C:\Windows\System32\FCA\FCACheck.exe() C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Farbar) C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ7IB4ZX\FRST[1].exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe [1306624 2008-07-18] (Eastman Kodak Company)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)HKLM\...\Run: [shopAtHomeWatcher] - C:\Users\Family\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exeHKLM\...\Run: [FamilyCyberAlert] - C:\Windows\System32\FCA\Syslogin.exe [1723888 2012-10-13] (InfoWorks Technology Company)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM\...\runonceex: [] - [x]HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-20] (Microsoft Corporation)HKCU\...\Run: [FCACheck] - C:\Windows\System32\FCA\FCACheck.exe [36336 2012-10-11] (InfoWorks Technology Company)HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Family\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnkShortcutTarget: DeskPins.lnk -> C:\Program Files\DeskPins\DeskPins.exe (Elias Fotinis)Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnkShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)==================== Internet (Whitelisted) ====================SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3272718&CUI=UN28566819883162170SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3272718&CUI=UN28566819883162170SearchScopes: HKCU - DefaultScope {BC836AB3-D9D7-4226-B649-B5761E620339} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TLUS&apn_uid=043F8209-B1FB-49CC-948B-3029138F552B&apn_sauid=3FECF83F-6787-41CC-9D66-86516AE4ED0D&SearchScopes: HKCU - {BC836AB3-D9D7-4226-B649-B5761E620339} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll No FileBHO: Coupon Companion Plugin - {11111111-1111-1111-1111-110211181104} - C:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll No FileBHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50Chrome:=======CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (3DVIA player) - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Extension: (Angry Birds) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Deal Slider ) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0CHR Extension: (3D Bowling Game (Powered by WebGL)) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmldjnckdhpglpbpihecefhjbdajncjm\1.326.17.3033_0CHR Extension: (Google Wallet) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR Extension: (Downhill Jam) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjegjjfdamcmjikplaghiloojkpmdfm\2.3.1_0CHR Extension: (MixiDJ) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb\10.22.5.510_0CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0CHR HKLM\...\Chrome\Extension: [hhbgpoakplhahbklhkcfbpicgjcaoglk] - C:\Program Files\InfoAtoms\Chrome\InfoAtoms.crxCHR HKLM\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\James\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crxCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION========================== Services (Whitelisted) =================R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)R2 KodakSvc; C:\Program Files\Kodak\printer\center\KodakSvc.exe [18944 2008-07-25] (Eastman Kodak Company)R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 NAV; C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20131203.001\BHDrvx86.sys [1098968 2013-12-03] (Symantec Corporation)R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-20] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-20] (Symantec Corporation)R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20140103.001\IDSvix86.sys [394456 2013-12-11] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\VirusDefs\20140104.006\NAVENG.SYS [93272 2014-01-04] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\VirusDefs\20140104.006\NAVEX15.SYS [1612376 2014-01-04] (Symantec Corporation)R1 SRTSP; C:\Windows\System32\Drivers\NAV\1207010.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NAV\1207010.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\NAV\1207010.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\NAV\1207010.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-08-27] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NAV\1207010.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1207010.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)R1 HMFAxCore23f14cc2704814471a284145846ada24; HMFAxCore23f14cc2704814471a284145846ada24.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 MSICDSetup; \??\E:\CDriver.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-01-05 13:49 - 2014-01-05 13:49 - 00000000 ____D C:\FRST2014-01-05 13:09 - 2014-01-05 13:09 - 00005166 _____ C:\Users\James\Desktop\attach.txt2014-01-05 13:09 - 2014-01-05 13:07 - 00010370 _____ C:\Users\James\Desktop\dds.txt2014-01-05 12:21 - 2014-01-05 12:21 - 00762568 _____ C:\Users\James\AppData\Local\census.cache2014-01-05 12:20 - 2014-01-05 12:20 - 00169771 _____ C:\Users\James\AppData\Local\ars.cache2014-01-05 11:41 - 2014-01-05 11:41 - 00000036 _____ C:\Users\James\AppData\Local\housecall.guid.cache2014-01-05 10:52 - 2014-01-05 10:52 - 00000000 ____D C:\Users\James\AppData\Roaming\Malwarebytes2014-01-05 10:51 - 2014-01-05 10:51 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-01-05 10:51 - 2014-01-05 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes2014-01-05 10:51 - 2014-01-05 10:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2014-01-05 10:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ____D C:\Users\James\AppData\Roaming\Tific2014-01-04 10:18 - 2014-01-04 10:18 - 00028672 _____ C:\Windows\system32\ylauj.jhl2014-01-04 10:08 - 2014-01-05 13:48 - 00000085 _____ C:\Windows\system32\xazike.ogd2014-01-04 10:08 - 2014-01-04 10:18 - 00000099 _____ C:\Windows\system32\hqezab.gdz2014-01-04 10:08 - 2014-01-04 10:08 - 00000064 _____ C:\Windows\system32\qlyxmz.swl2014-01-04 09:52 - 2014-01-04 09:52 - 00101213 ____S C:\Windows\system32\yskv.xlm2014-01-03 19:54 - 2014-01-03 19:54 - 00000000 ____D C:\Users\Family\Documents\01-03-20142013-12-23 19:14 - 2013-12-23 19:14 - 00002003 _____ C:\Users\Family\Desktop\Chrome App Launcher.lnk2013-12-23 19:14 - 2013-12-23 19:14 - 00000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome==================== One Month Modified Files and Folders =======2014-01-05 13:49 - 2014-01-05 13:49 - 00000000 ____D C:\FRST2014-01-05 13:48 - 2014-01-04 10:08 - 00000085 _____ C:\Windows\system32\xazike.ogd2014-01-05 13:42 - 2008-01-20 19:35 - 01863158 _____ C:\Windows\WindowsUpdate.log2014-01-05 13:38 - 2013-11-23 10:34 - 00000286 _____ C:\Windows\Tasks\bench-Updater removing.job2014-01-05 13:38 - 2012-12-22 10:17 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-01-05 13:37 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT2014-01-05 13:37 - 2006-11-02 06:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-01-05 13:37 - 2006-11-02 06:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-01-05 13:35 - 2006-11-02 07:01 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT2014-01-05 13:34 - 2013-02-18 08:43 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps2014-01-05 13:32 - 2013-07-12 21:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2014-01-05 13:27 - 2012-12-22 10:17 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-01-05 13:09 - 2014-01-05 13:09 - 00005166 _____ C:\Users\James\Desktop\attach.txt2014-01-05 13:07 - 2014-01-05 13:09 - 00010370 _____ C:\Users\James\Desktop\dds.txt2014-01-05 12:21 - 2014-01-05 12:21 - 00762568 _____ C:\Users\James\AppData\Local\census.cache2014-01-05 12:20 - 2014-01-05 12:20 - 00169771 _____ C:\Users\James\AppData\Local\ars.cache2014-01-05 12:00 - 2011-08-27 18:40 - 00001356 _____ C:\Users\James\AppData\Local\d3d9caps.dat2014-01-05 11:41 - 2014-01-05 11:41 - 00000036 _____ C:\Users\James\AppData\Local\housecall.guid.cache2014-01-05 11:25 - 2008-01-20 20:47 - 00055238 _____ C:\Windows\PFRO.log2014-01-05 10:54 - 2011-08-28 14:10 - 00153600 _____ C:\Users\Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-01-05 10:52 - 2014-01-05 10:52 - 00000000 ____D C:\Users\James\AppData\Roaming\Malwarebytes2014-01-05 10:51 - 2014-01-05 10:51 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-01-05 10:51 - 2014-01-05 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes2014-01-05 10:51 - 2014-01-05 10:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2014-01-05 10:34 - 2013-11-21 17:48 - 00000332 _____ C:\Windows\Tasks\bench-sys.job2014-01-05 02:36 - 2006-11-02 04:33 - 00708868 _____ C:\Windows\system32\PerfStringBackup.INI2014-01-04 21:22 - 2011-08-28 13:45 - 00004608 _____ C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ____D C:\Users\James\AppData\Roaming\Tific2014-01-04 11:39 - 2013-02-07 22:53 - 00000000 ____D C:\Windows\system32\FCA2014-01-04 11:39 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\system32\spool2014-01-04 11:39 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\registration2014-01-04 10:18 - 2014-01-04 10:18 - 00028672 _____ C:\Windows\system32\ylauj.jhl2014-01-04 10:18 - 2014-01-04 10:08 - 00000099 _____ C:\Windows\system32\hqezab.gdz2014-01-04 10:08 - 2014-01-04 10:08 - 00000064 _____ C:\Windows\system32\qlyxmz.swl2014-01-04 09:52 - 2014-01-04 09:52 - 00101213 ____S C:\Windows\system32\yskv.xlm2014-01-04 09:50 - 2011-10-03 19:46 - 00000000 ____D C:\Users\Family\AppData\Local\CrashDumps2014-01-03 21:33 - 2011-10-02 20:18 - 00000000 ____D C:\Users\Family\Documents\Resume2014-01-03 19:54 - 2014-01-03 19:54 - 00000000 ____D C:\Users\Family\Documents\01-03-20142013-12-29 12:49 - 2011-08-28 11:50 - 00000400 _____ C:\Windows\Tasks\EasyShare Registration Task.job2013-12-25 20:41 - 2006-11-02 06:52 - 00034600 _____ C:\Windows\setupact.log2013-12-23 19:14 - 2013-12-23 19:14 - 00002003 _____ C:\Users\Family\Desktop\Chrome App Launcher.lnk2013-12-23 19:14 - 2013-12-23 19:14 - 00000000 ____D C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome2013-12-21 15:49 - 2011-08-28 13:54 - 00000000 ____D C:\Users\Family2013-12-12 03:03 - 2011-09-08 21:31 - 00000000 ____D C:\ProgramData\Microsoft Help2013-12-11 00:32 - 2012-07-06 19:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2013-12-11 00:32 - 2011-08-27 22:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cplFiles to move or delete:====================C:\ProgramData\PKP_DLdu.DATC:\ProgramData\PKP_DLdw.DATSome content of TEMP:====================C:\Users\Family\AppData\Local\Temp\tmpB534.exeC:\Users\James\AppData\Local\Temp\7.6.20.1-EasyShrx.DllC:\Users\James\AppData\Local\Temp\7.8.50.2-EasyShrx.DllC:\Users\James\AppData\Local\Temp\8A70.tmpcrt.dllC:\Users\James\AppData\Local\Temp\8ACF.tmpcrt.dllC:\Users\James\AppData\Local\Temp\ApnStub.exeC:\Users\James\AppData\Local\Temp\BF98.tmpcrt.dllC:\Users\James\AppData\Local\Temp\C276.tmpcrt.dllC:\Users\James\AppData\Local\Temp\checktbexist.exeC:\Users\James\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exeC:\Users\James\AppData\Local\Temp\htmlayout.dllC:\Users\James\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\James\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\James\AppData\Local\Temp\mconduitinstaller.exeC:\Users\James\AppData\Local\Temp\Strongvault.exeC:\Users\James\AppData\Local\Temp\tbMixi.dllC:\Users\James\AppData\Local\Temp\uninstall815535349.exeC:\Users\James\AppData\Local\Temp\uninstall815547580.exeC:\Users\James\AppData\Local\Temp\uninstall815548064.exe==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll[2011-08-28 02:23] - [2009-03-02 22:39] - 0551424 ____A (Microsoft Corporation) 86D59D766DF856F4325284405A98D2FFC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-01-2014Ran by Family at 2014-01-05 13:51:07Running from C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZ7IB4ZXBoot Mode: Normal============================================================================== Security Center ========================AV: Norton AntiVirus (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton AntiVirus (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}==================== Installed Programs ======================3DVIA player 5.0.0.20 (Version: 5.0.20 - 3DVIA)Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated)Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) HiddenAdobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Photoshop Elements 7.0 (Version: 7.0 - Adobe Systems Incorporated)Adobe Photoshop Elements 7.0 (Version: 7.0.0.3 - Adobe Systems Incorporated) HiddenAdobe Photoshop Lightroom 3.2 (Version: 3.2.1 - Adobe)Adobe Photoshop.com Inspiration Browser (Version: 2.61 - Adobe Systems Incorporated)Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (Version: 11.6.8.638 - Adobe Systems, Inc.)aiofw (Version: 2.04.0000.0000 - Eastman Kodak Company) Hiddenaioocr (Version: 1.00.0000 - kodak) Hiddenaioprnt (Version: 2.04.0000.0000 - Eastman Kodak Company) Hiddenaioscnnr (Version: 2.04.0000.0000 - Eastman Kodak Company) HiddenAmazon MP3 Downloader 1.0.15 (Version: 1.0.15 - Amazon Services LLC)Amazon MP3 Downloader 1.0.18 (Version: 1.0.18 - Amazon Services LLC)Amazon MP3 Uploader (Version: 1.0.5 - Amazon Services LLC)Amazon MP3 Uploader (Version: 1.0.5 - Amazon Services LLC) HiddenAngry Birds Star Wars (Version: 1.1.0 - Rovio)Any Video Converter 3.2.7 (Version: - Any-Video-Converter.com)Apple Application Support (Version: 2.1.5 - Apple Inc.)Apple Software Update (Version: 2.1.3.127 - Apple Inc.)center (Version: 2.04.0000.0000 - Eastman Kodak Company) HiddenCreo Elements/Direct Modeling Express 4.0 (Version: 40.0.10020 - Parametric Technology GmbH)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)DeskPins (remove only) (Version: - )eMusic Download Manager 5.0.1 (Version: - )eMusic Download Manager v5.0.2 (Version: 5.0.2 - eMusic.com Inc.)FlipShare (Version: 5.12.3.0 - Flip Video)Google Chrome (Version: 31.0.1650.63 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)Google Update Helper (Version: 1.3.22.3 - Google Inc.) HiddenHelp_CTR (Version: 2.04.0000.000 - Eastman Kodak Company) Hiddenhelptut (Version: 2.00.0000.0000 - kodak) Hiddenhelpug (Version: 2.04.0000.0000 - kodak) HiddeniLivid (Version: 1.92 - Bandoo Media Inc) <==== ATTENTIONInfoAtoms [uninstall] (Version: 1.5.0.0 - InfoAtoms)Java 7 Update 45 (Version: 7.0.450 - Oracle)Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 29 (Version: 6.0.290 - Oracle)KODAK All-in-One Printer Software (Version: - Eastman Kodak Company)ksdip (Version: 2.00.0000.0000 - Eastman Kodak Company) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook Connector (Version: 14.0.6106.5001 - Microsoft Corporation)Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)netbrdg (Version: 7.00.0000.0003 - EASTMAN KODAK Company) HiddenNikon Message Center (Version: 0.92.000 - Nikon)Nikon Transfer (Version: 1.0.2 - Nikon)Norton AntiVirus (Version: 18.7.1.3 - Symantec Corporation)NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) HiddenNVIDIA Display Control Panel (Version: 6.14.11.9713 - NVIDIA Corporation)NVIDIA Drivers (Version: 1.10.57.35 - NVIDIA Corporation)NVIDIA Graphics Driver 307.83 (Version: 307.83 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) HiddenNVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) HiddenPhotoshopdotcomInspirationBrowser (Version: 0.0.0 - Adobe Systems Incorporated) HiddenPicture Control Utility (Version: 1.0.3 - Nikon)QuickTime (Version: 7.71.80.42 - Apple Inc.)Realtek Ethernet Controller Driver For Windows Vista (Version: 6.241.623.2010 - Realtek)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) HiddenSFR (Version: 7.00.0000.0004 - Eastman Kodak Company) HiddenSoft Data Fax Modem with SmartCP (Version: - )swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenUninstall Helper (Version: 2.0.1.0 - InstallX, LLC)Uninstall Helper (Version: 2.0.1.0 - InstallX, LLC) HiddenUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version: - Microsoft)ViewNX (Version: 1.0.3 - Nikon)VUDU To Go (Version: 1.0.0 - Vudu)VUDU To Go (Version: 1.0.0 - Vudu) HiddenYTD Video Downloader 4.6 (Version: 4.6 - GreenTree Applications SRL)Zac Browser Gold (Version: 1.1.2 - People CD Inc.)Zac Browser Gold (Version: 1.1.2 - People CD Inc.) Hidden==================== Restore Points =========================Could not list Restore Points. Check WMI.==================== Hosts content: ==========================2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost==================== Scheduled Tasks (whitelisted) =============Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?Task: C:\Windows\Tasks\bench-sys.job => ?Task: C:\Windows\Tasks\bench-Updater removing.job => ?Task: C:\Windows\Tasks\EasyShare Registration Task.job => ?Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?==================== Loaded Modules (whitelisted) =============2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2013-02-07 22:53 - 2008-10-30 12:05 - 00049152 _____ () C:\Windows\System32\FCA\Infokbl.DLL2013-02-07 22:53 - 2009-01-04 14:54 - 00057344 _____ () C:\Windows\System32\FCA\InfoUtil.dll==================== Alternate Data Streams (whitelisted) ============================= Safe Mode (whitelisted) ======================================= Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (01/05/2014 01:38:44 PM) (Source: Application Error) (User: )Description: Faulting application taskeng.exe, version 6.0.6001.18551, time stamp 0x4cd35598, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x0000a11d,process id 0xc50, application start time 0xtaskeng.exe0.Error: (01/05/2014 01:37:59 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/05/2014 01:34:59 PM) (Source: Software Licensing Service) (User: )Description: License Activation Scheduler (SLUINotify.dll) failed with the following error code:0x800401E4Error: (01/05/2014 01:34:39 PM) (Source: Application Error) (User: )Description: Faulting application Syslogin.exe, version 5.0.0.3, time stamp 0x50795698, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x079649f8,process id 0xf5c, application start time 0xSyslogin.exe0.Error: (01/05/2014 00:50:07 PM) (Source: Application Error) (User: )Description: Faulting application taskeng.exe, version 6.0.6001.18551, time stamp 0x4cd35598, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x0000a11d,process id 0xa80, application start time 0xtaskeng.exe0.Error: (01/05/2014 00:49:52 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/05/2014 00:43:27 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/05/2014 00:42:37 PM) (Source: EventSystem) (User: )Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043cError: (01/05/2014 00:37:06 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/05/2014 00:36:49 PM) (Source: Application Error) (User: )Description: Faulting application taskeng.exe, version 6.0.6001.18551, time stamp 0x4cd35598, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x0000a11d,process id 0x3d8, application start time 0xtaskeng.exe0.System errors:=============Error: (01/05/2014 01:37:35 PM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberosError: (01/05/2014 01:34:59 PM) (Source: Service Control Manager) (User: )Description: SL UI Notification Service2147746276 (0x800401E4)Error: (01/05/2014 01:33:57 PM) (Source: Service Control Manager) (User: )Description: 2Reboot the machineDCOM Server Process Launcher%%1190Error: (01/05/2014 01:33:56 PM) (Source: Service Control Manager) (User: )Description: Plug and Play1600002Reboot the machineError: (01/05/2014 01:33:56 PM) (Source: Service Control Manager) (User: )Description: DCOM Server Process Launcher1600002Reboot the machineError: (01/05/2014 00:49:41 PM) (Source: HTTP) (User: )Description: \Device\Http\ReqQueueKerberosError: (01/05/2014 00:43:28 PM) (Source: Service Control Manager) (User: )Description: BHDrvx86eeCtrlIDSVix86spldrSRTSPSRTSPXSymIRONSYMTDIvWanarpv6Error: (01/05/2014 00:43:28 PM) (Source: Service Control Manager) (User: )Description: Computer BrowserServer%%1068Error: (01/05/2014 00:42:39 PM) (Source: DCOM) (User: )Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}Error: (01/05/2014 00:42:37 PM) (Source: DCOM) (User: )Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}Microsoft Office Sessions:=========================Error: (01/05/2014 01:38:44 PM) (Source: Application Error)(User: )Description: taskeng.exe6.0.6001.185514cd35598msvcrt.dll7.0.6001.180004791a727c00000050000a11dc5001cf0a4dbdfec9e1Error: (01/05/2014 01:37:59 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/05/2014 01:34:59 PM) (Source: Software Licensing Service)(User: )Description: 0x800401E4Error: (01/05/2014 01:34:39 PM) (Source: Application Error)(User: )Description: Syslogin.exe5.0.0.350795698unknown0.0.0.000000000c0000005079649f8f5c01cf0a4701d997aeError: (01/05/2014 00:50:07 PM) (Source: Application Error)(User: )Description: taskeng.exe6.0.6001.185514cd35598msvcrt.dll7.0.6001.180004791a727c00000050000a11da8001cf0a46ea7eb5eeError: (01/05/2014 00:49:52 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/05/2014 00:43:27 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/05/2014 00:42:37 PM) (Source: EventSystem)(User: )Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043cError: (01/05/2014 00:37:06 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/05/2014 00:36:49 PM) (Source: Application Error)(User: )Description: taskeng.exe6.0.6001.185514cd35598msvcrt.dll7.0.6001.180004791a727c00000050000a11d3d801cf0a45184c7cc8CodeIntegrity Errors:=================================== Date: 2014-01-05 13:50:01.243 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-05 13:50:01.168 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-05 13:50:01.065 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-05 13:50:00.987 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-05 13:50:00.917 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-05 13:50:00.849 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-05 13:50:00.785 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-05 13:50:00.724 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2014-01-05 13:50:00.612 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2014-01-05 13:50:00.552 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Percentage of memory in use: 84%Total physical RAM: 1790.5 MBAvailable physical RAM: 275.38 MBTotal Pagefile: 3829.05 MBAvailable Pagefile: 2148.23 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1894.68 MB==================== Drives ================================Drive c: () (Fixed) (Total:287.24 GB) (Free:128.12 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:10.85 GB) (Free:3.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (My Book) (Fixed) (Total:465.64 GB) (Free:214.81 GB) FAT32==================== MBR & Partition Table ====================================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2014 ID:774005 Share Posted January 5, 2014 Run FRST one more time,Type the following in the edit box after "Search:".rpcss.dllClick Search button and post the log (Search.txt) it makes to your reply. Link to post Share on other sites More sharing options...
jebbab25 Posted January 5, 2014 Author ID:774019 Share Posted January 5, 2014 Farbar Recovery Scan Tool (x86) Version: 04-01-2014Ran by James at 2014-01-05 15:55:18Running from C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP1P0RJVBoot Mode: Normal================== Search: "rpcss.dll" ===================C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll[2011-08-28 02:23] - [2009-03-02 22:32] - 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll[2011-08-28 02:23] - [2009-03-02 22:39] - 0551424 ____A () D41D8CD98F00B204E9800998ECF8427EC:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll[2008-01-20 20:24] - [2008-01-20 20:24] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113CC:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll[2011-08-28 02:23] - [2009-03-02 22:17] - 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5EC:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll[2011-08-28 02:23] - [2009-03-02 22:19] - 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CEC:\Windows\System32\rpcss.dll[2011-08-28 02:23] - [2009-03-02 22:39] - 0551424 ____A (Microsoft Corporation) 86D59D766DF856F4325284405A98D2FFC:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll[2011-08-31 17:43] - [2009-04-11 00:28] - 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9=== End Of Search === Link to post Share on other sites More sharing options...
kevinf80 Posted January 5, 2014 ID:774036 Share Posted January 5, 2014 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Full scanMake sure that everything is checked, and click Remove Selected on any found items. Post the produced logs, also let me know if any remaining issues or concerns... Kevin fixlist.txt Link to post Share on other sites More sharing options...
jebbab25 Posted January 6, 2014 Author ID:774109 Share Posted January 6, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-01-2014Ran by James at 2014-01-05 16:30:59 Run:1Running from C:\Users\James\DocumentsBoot Mode: Normal==============================================Content of fixlist:*****************StartSearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...566819883162170SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...566819883162170SearchScopes: HKCU - DefaultScope {BC836AB3-D9D7-4226-B649-B5761E620339} URL = http://websearch.sho...&q={searchTerms}SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...66-86516AE4ED0D&SearchScopes: HKCU - {BC836AB3-D9D7-4226-B649-B5761E620339} URL = http://websearch.sho...&q={searchTerms}BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll No FileBHO: Coupon Companion Plugin - {11111111-1111-1111-1111-110211181104} - C:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File2014-01-04 10:18 - 2014-01-04 10:18 - 00028672 _____ C:\Windows\system32\ylauj.jhl2014-01-04 10:08 - 2014-01-05 13:48 - 00000085 _____ C:\Windows\system32\xazike.ogd2014-01-04 10:08 - 2014-01-04 10:18 - 00000099 _____ C:\Windows\system32\hqezab.gdz2014-01-04 10:08 - 2014-01-04 10:08 - 00000064 _____ C:\Windows\system32\qlyxmz.swl2014-01-04 09:52 - 2014-01-04 09:52 - 00101213 ____S C:\Windows\system32\yskv.xlmC:\ProgramData\PKP_DLdu.DATC:\ProgramData\PKP_DLdw.DATC:\Users\Family\AppData\Local\Temp\tmpB534.exeC:\Users\James\AppData\Local\Temp\7.6.20.1-EasyShrx.DllC:\Users\James\AppData\Local\Temp\7.8.50.2-EasyShrx.DllC:\Users\James\AppData\Local\Temp\8A70.tmpcrt.dllC:\Users\James\AppData\Local\Temp\8ACF.tmpcrt.dllC:\Users\James\AppData\Local\Temp\ApnStub.exeC:\Users\James\AppData\Local\Temp\BF98.tmpcrt.dllC:\Users\James\AppData\Local\Temp\C276.tmpcrt.dllC:\Users\James\AppData\Local\Temp\checktbexist.exeC:\Users\James\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exeC:\Users\James\AppData\Local\Temp\htmlayout.dllC:\Users\James\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\James\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\James\AppData\Local\Temp\mconduitinstaller.exeC:\Users\James\AppData\Local\Temp\Strongvault.exeC:\Users\James\AppData\Local\Temp\tbMixi.dllC:\Users\James\AppData\Local\Temp\uninstall815535349.exeC:\Users\James\AppData\Local\Temp\uninstall815547580.exeC:\Users\James\AppData\Local\Temp\uninstall815548064.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?Task: C:\Windows\Tasks\bench-sys.job => ?Task: C:\Windows\Tasks\bench-Updater removing.job => ?Task: C:\Windows\Tasks\EasyShare Registration Task.job => ?Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll C:\Windows\System32\rpcss.dllEnd *****************HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC836AB3-D9D7-4226-B649-B5761E620339} => Key not found.HKCR\Wow6432Node\CLSID\{BC836AB3-D9D7-4226-B649-B5761E620339} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{103089DA-0F31-4A8B-843F-7D24A7FE8345} => Key deleted successfully.HKCR\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104} => Key deleted successfully.HKCR\CLSID\{11111111-1111-1111-1111-110211181104} => Key deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Value not found.HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Key not found.C:\Windows\system32\ylauj.jhl => Moved successfully.C:\Windows\system32\xazike.ogd => Moved successfully.Could not move "C:\Windows\system32\hqezab.gdz" => Scheduled to move on reboot.C:\Windows\system32\qlyxmz.swl => Moved successfully.Could not move "C:\Windows\system32\yskv.xlm" => Scheduled to move on reboot.C:\ProgramData\PKP_DLdu.DAT => Moved successfully.C:\ProgramData\PKP_DLdw.DAT => Moved successfully.C:\Users\Family\AppData\Local\Temp\tmpB534.exe => Moved successfully.C:\Users\James\AppData\Local\Temp\7.6.20.1-EasyShrx.Dll => Moved successfully.C:\Users\James\AppData\Local\Temp\7.8.50.2-EasyShrx.Dll => Moved successfully.C:\Users\James\AppData\Local\Temp\8A70.tmpcrt.dll => Moved successfully.C:\Users\James\AppData\Local\Temp\8ACF.tmpcrt.dll => Moved successfully.C:\Users\James\AppData\Local\Temp\ApnStub.exe => Moved successfully.C:\Users\James\AppData\Local\Temp\BF98.tmpcrt.dll => Moved successfully.C:\Users\James\AppData\Local\Temp\C276.tmpcrt.dll => Moved successfully.C:\Users\James\AppData\Local\Temp\checktbexist.exe => Moved successfully.C:\Users\James\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe => Moved successfully.C:\Users\James\AppData\Local\Temp\htmlayout.dll => Moved successfully.C:\Users\James\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.C:\Users\James\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.C:\Users\James\AppData\Local\Temp\mconduitinstaller.exe => Moved successfully.C:\Users\James\AppData\Local\Temp\Strongvault.exe => Moved successfully.C:\Users\James\AppData\Local\Temp\tbMixi.dll => Moved successfully.C:\Users\James\AppData\Local\Temp\uninstall815535349.exe => Moved successfully.C:\Users\James\AppData\Local\Temp\uninstall815547580.exe => Moved successfully.C:\Users\James\AppData\Local\Temp\uninstall815548064.exe => Moved successfully.C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.C:\Windows\Tasks\bench-sys.job => Moved successfully.C:\Windows\Tasks\bench-Updater removing.job => Moved successfully.C:\Windows\Tasks\EasyShare Registration Task.job => Moved successfully.C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.C:\Windows\System32\rpcss.dll => Moved successfully.C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-05 16:33:32)<=C:\Windows\system32\hqezab.gdz => Moved successfully.C:\Windows\system32\yskv.xlm => Moved successfully.==== End of Fixlog ==== Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.01.05.04Windows Vista Service Pack 1 x86 NTFSInternet Explorer 8.0.6001.19088James :: HOME-PC [administrator]Protection: Enabled1/5/2014 4:39:16 PMmbam-log-2014-01-05 (16-39-16).txtScan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 446158Time elapsed: 1 hour(s), 26 minute(s), 31 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 12HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.Optional.InfoAtoms) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.Optional.InfoAtoms) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E4607B39-174A-44BA-AB08-8892366ECA13} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4607B39-174A-44BA-AB08-8892366ECA13} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.HKCR\CrossriderApp0021804.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.HKCR\CrossriderApp0021804.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.HKCR\CrossriderApp0021804.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.HKCR\CrossriderApp0021804.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 4C:\Users\James\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files\Bench\Updater (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.C:\Program Files\Bench\Updater\1.7.0.0 (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.Files Detected: 28C:\FRST\Quarantine\checktbexist.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\FRST\Quarantine\uninstall815535349.exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.C:\Program Files\Bench\Updater\1.7.0.0\Updater.exe (PUP.Optional.Adwareplugin) -> Quarantined and deleted successfully.C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.C:\Program Files\iLivid\uninstall.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.C:\Users\Family\AppData\Local\Temp\is135653842\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Users\Family\AppData\Local\Temp\is135653842\SaveTheChildren_20120320.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.C:\Users\Family\Downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.C:\Users\Family\Downloads\iLividSetupV1 (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.C:\Users\Family\Downloads\iLividSetupV1 (2).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.C:\Users\Family\Downloads\iLividSetupV1 (3).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.C:\Users\Family\Downloads\iLividSetupV1.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\dlm1E13.tmp\YTDSetup.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\CT3272718.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\dtime.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\James\AppData\Local\Temp\ct3272718\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files\Bench\Updater\products.xml (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.C:\Program Files\Bench\Updater\Updater.exe (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.(end) No issues currently. Thank you so much for your help, Kevin. Link to post Share on other sites More sharing options...
kevinf80 Posted January 6, 2014 ID:774113 Share Posted January 6, 2014 Yes is new infection, one of the forum experts (B-boy/StyLe/) point me in the right direction... We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report in next reply Finally.... Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exeSave it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Post those two logs in next reply, Thanks, Kevin Link to post Share on other sites More sharing options...
jebbab25 Posted January 6, 2014 Author ID:774156 Share Posted January 6, 2014 ESET found these threats. C:\FRST\Quarantine\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask applicationC:\FRST\Quarantine\tbMixi.dll a variant of Win32/Toolbar.Conduit.B applicationC:\FRST\Quarantine\uninstall815547580.exe a variant of Win32/YourFileDownloader.B applicationC:\Program Files\FK_Monitor\service.exe Win32/KeyLogger.Gratis.A applicationC:\Program Files\W3i\UninstallHelper\UninstallHelper.exe probably a variant of Win32/InstallIQ.A applicationC:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B applicationC:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B applicationC:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM9NH77S\cbsidlm-cbsi145-YTD_Video_Downloader-SEO-10647340[1].exe a variant of Win32/CNETInstaller.B applicationC:\Users\Family\AppData\Local\Temp\ICReinstall\cnet_avc-free_exe[1].exe a variant of Win32/InstallCore.D applicationC:\Users\Family\AppData\Local\Temp\is1598539481\263474564_Setup.DAT Win32/OpenCandy applicationC:\Users\Family\Downloads\avc-free.exe Win32/OpenCandy applicationC:\Users\James\Downloads\Keyloggerzip\setup.exe Win32/KeyLogger.Gratis.A applicationC:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D applicationF:\My Documents\Family Backup\Documents\Downloads\thehat.exe a variant of Win32/Toolbar.Conduit.B applicationF:\My Documents\Family Backup\Downloads\any-video-converter-free.exe Win32/OpenCandy applicationF:\My Documents\Family Backup\Downloads\avc-free (1).exe Win32/OpenCandy applicationF:\My Documents\Family Backup\Downloads\avc-free.exe Win32/OpenCandy applicationF:\Home PC as of 1_4_14\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM9NH77S\cbsidlm-cbsi145-YTD_Video_Downloader-SEO-10647340[1].exe a variant of Win32/CNETInstaller.B applicationF:\Home PC as of 1_4_14\Family\AppData\Local\Temp\ICReinstall\cnet_avc-free_exe[1].exe a variant of Win32/InstallCore.D applicationF:\Home PC as of 1_4_14\Family\AppData\Local\Temp\is135653842\MyBabylonTB.exe Win32/Toolbar.Babylon applicationF:\Home PC as of 1_4_14\Family\AppData\Local\Temp\is1598539481\263474564_Setup.DAT Win32/OpenCandy applicationF:\Home PC as of 1_4_14\Family\Downloads\avc-free.exe Win32/OpenCandy applicationF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite applicationF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (2).exe Win32/Toolbar.SearchSuite applicationF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (3).exe Win32/Toolbar.SearchSuite applicationF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite applicationF:\Home PC as of 1_4_14\Family\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ.A applicationF:\Home PC as of 1_4_14\James\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask applicationF:\Home PC as of 1_4_14\James\AppData\Local\Temp\tbMixi.dll a variant of Win32/Toolbar.Conduit.B applicationF:\Home PC as of 1_4_14\James\AppData\Local\Temp\uninstall815535349.exe a variant of Win32/ExpressDownloader.H applicationF:\Home PC as of 1_4_14\James\AppData\Local\Temp\uninstall815547580.exe a variant of Win32/YourFileDownloader.B applicationF:\Home PC as of 1_4_14\James\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon applicationF:\Home PC as of 1_4_14\James\AppData\Local\Temp\ct3272718\ieLogic.exe multiple threatsF:\Home PC as of 1_4_14\James\AppData\Local\Temp\dlm1E13.tmp\YTDSetup.exe multiple threatsF:\Home PC as of 1_4_14\James\Downloads\Keyloggerzip\setup.exe Win32/KeyLogger.Gratis.A application Results of screen317's Security Check version 0.99.78 Windows Vista Service Pack 1 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton AntiVirus WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 29 Java 7 Update 45 Adobe Flash Player 11.9.900.170 Adobe Reader 10.1.8 Adobe Reader out of Date! Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Norton AntiVirus Engine 18.7.1.3 ccSvcHst.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 %````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
kevinf80 Posted January 6, 2014 ID:774212 Share Posted January 6, 2014 Uninstall the two following programs via Programs and Features:FK_MonitorW3iNext,Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)http://oldtimer.geekstogo.com/OTM.exe.http://www.itxassociates.com/OT-Tools/OTM.comhttp://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files:FilesC:\ProgramData\APNC:\Users\All Users\APNC:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM9NH77S\cbsidlm-cbsi145-YTD_Video_Downloader-SEO-10647340[1].exeC:\Users\Family\AppData\Local\Temp\ICReinstall\cnet_avc-free_exe[1].exeC:\Users\Family\AppData\Local\Temp\is1598539481\263474564_Setup.DATC:\Users\Family\Downloads\avc-free.exeC:\Users\James\Downloads\Keyloggerzip\setup.exeC:\Windows\System32\Adobe\Shockwave 11\gt.exeF:\My Documents\Family Backup\Documents\Downloads\thehat.exenF:\My Documents\Family Backup\Downloads\any-video-converter-free.exeF:\My Documents\Family Backup\Downloads\avc-free (1).exeF:\My Documents\Family Backup\Downloads\avc-free.exeF:\Home PC as of 1_4_14\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM9NH77S\cbsidlm-cbsi145-YTD_Video_Downloader-SEO-10647340[1].exeF:\Home PC as of 1_4_14\Family\AppData\Local\Temp\ICReinstall\cnet_avc-free_exe[1].exeF:\Home PC as of 1_4_14\Family\AppData\Local\Temp\is135653842\MyBabylonTB.exeF:\Home PC as of 1_4_14\Family\AppData\Local\Temp\is1598539481\263474564_Setup.DATF:\Home PC as of 1_4_14\Family\Downloads\avc-free.exeF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (1).exeF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (2).exeF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1 (3).exeF:\Home PC as of 1_4_14\Family\Downloads\iLividSetupV1.exeF:\Home PC as of 1_4_14\Family\Downloads\movie_player_1280.exeF:\Home PC as of 1_4_14\James\AppData\Local\Temp\ApnStub.exeF:\Home PC as of 1_4_14\James\AppData\Local\Temp\tbMixi.dllF:\Home PC as of 1_4_14\James\AppData\Local\Temp\uninstall815535349.exeF:\Home PC as of 1_4_14\James\AppData\Local\Temp\uninstall815547580.exeF:\Home PC as of 1_4_14\James\AppData\Local\Temp\BabylonToolbaF:\Home PC as of 1_4_14\James\AppData\Local\Temp\ct3272718\ieLogic.exeF:\Home PC as of 1_4_14\James\AppData\Local\Temp\dlm1E13.tmp\YTDSetup.exeF:\Home PC as of 1_4_14\James\Downloads\Keyloggerzip:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMNote: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.If the machine reboots, the Results log can be found here:c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.logWhere mmddyyyy_hhmmss is the date of the tool run. Next, Adobe Reader is outdated...Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader Step 1 - Select your Operating System.Step 2 - Select your Langauge.Step 3 - Select latest version. Untick the option for any security scanner or toolbar if offered. Download and install. Having the latest updates ensures there are no security vulnerabilities in your system. Next, I see the operating system has not been updated to service pack 2 (SP2). That update is crucial and should be done asap to keep the system safe. Go to the following link for advice/help with SP2 installation: http://windows.microsoft.com/en-gb/windows-vista/learn-how-to-install-windows-vista-service-pack-2-sp2 Post log from OTM, also let me know if the other steps complete. Give update on any remaining issues or concerns... Thanks, Kevin Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 12, 2014 Root Admin ID:776899 Share Posted January 12, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts