Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Successfully blocked access to a potentially malicious website


Recommended Posts

For about 1 week, have been getting frequent (every few minutes) pop-up notification in system tray from Malware Bytes, "Malware bytes has successfully blocked access to a potentially malicious website: various IPs"

Port: various

Type: outgoing

Process: explorer.exe

 

This occurs even when no browser is running.

I don't have any peer-to-peer or Skype running, that I am aware of.

Running MalwareBytes Pro, have not been able to stop process.

 

Here is attach.txt (DDS only created 1 log file, not sure why, I'm new to this).

Thanks.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2006 1:05:21 PM
System Uptime: 3/5/2014 8:15:48 AM (0 hours ago)
.
Motherboard: Gateway |  | WG43M
Processor: Intel® Core2 Quad CPU    Q8200  @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 344.491 GiB free.
D: is CDROM ()
E: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&1D01FCF&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&1D01FCF&0
Service: i8042prt
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Prem C310 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Prem C310 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 7510 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart 7510 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP658: 10/11/2013 3:35:30 PM - Windows Update
RP659: 10/14/2013 10:28:20 AM - Scheduled Checkpoint
RP660: 10/30/2013 8:31:04 PM - Scheduled Checkpoint
RP661: 11/4/2013 8:47:45 PM - Scheduled Checkpoint
RP662: 11/5/2013 8:09:32 PM - Scheduled Checkpoint
RP663: 11/12/2013 12:07:24 PM - Scheduled Checkpoint
RP664: 11/13/2013 4:48:49 PM - Windows Update
RP665: 11/14/2013 3:00:29 AM - Windows Update
RP666: 11/14/2013 7:30:08 PM - Scheduled Checkpoint
RP667: 11/24/2013 7:31:32 PM - Installed WeatherBug
RP668: 12/2/2013 8:09:00 PM - Removed Bing Bar
RP669: 12/9/2013 4:51:07 PM - Scheduled Checkpoint
RP670: 12/12/2013 3:00:27 AM - Windows Update
RP671: 12/14/2013 5:26:42 PM - Device Driver Package Install: Citrix Systems Inc.
RP672: 12/14/2013 5:54:16 PM - Windows Update
RP673: 12/17/2013 4:44:28 PM - Scheduled Checkpoint
RP674: 12/18/2013 6:32:50 AM - Scheduled Checkpoint
RP675: 12/21/2013 3:20:31 PM - Scheduled Checkpoint
RP676: 1/14/2014 6:13:35 PM - Scheduled Checkpoint
RP677: 1/15/2014 2:22:55 PM - Windows Update
RP678: 1/17/2014 7:16:47 AM - Scheduled Checkpoint
RP679: 1/18/2014 9:46:39 AM - Removed WeatherBug
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hi there,

please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

 

 

 

Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Thanks for the help. Here are the log files. Apparently TDS Killer Log is too long, I'll try attaching that one.

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014
Ran by Topher (administrator) on OFFICE-PC on 05-03-2014 11:54:38
Running from C:\Users\Topher\Downloads
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Ziff Davis Media, Inc.) C:\Program Files (x86)\WinTidy\WinTidy.exe
(Creative) C:\Windows\CNYHKey.exe
(IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
(Akamai Technologies, Inc.) C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe
() C:\Windows\MHotKey.exe
(Chicony) C:\Windows\ModLedKey.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7212576 2009-03-10] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LchDrvKey] - C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] - C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [45056 2009-02-26] (IOI)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [747712 2013-11-22] ()
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Google Update] - "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3433930461-3178264376-1025918575-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series.lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinTidy.lnk
ShortcutTarget: WinTidy.lnk -> C:\Program Files (x86)\WinTidy\WinTidy.exe (Ziff Davis Media, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://connect.bch.org/Citrix/AccessPlatform/site/default.aspx
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=sumamsd1103&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyC0FtA0CyB0DtD0A0EtCzztN0D0Tzu0SyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=977953915&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe64.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe32.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {04B6290C-97B8-49A1-B0A3-1312254F7C54} https://clinicalportal.luhcares.org/portal/applets/SharedSession.dll
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {EB29B81A-7351-4890-8BCE-58127C3545F9} https://clinicalportal.luhcares.org/portal/applets/mckntauth.ocx
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe64.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe32.dll No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default
FF user.js: detected! => C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\user.js
FF SearchEngineOrder.1: Mysearchdial
FF Homepage: hotmail.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Topher\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Topher\AppData\Local\Roblox\Versions\version-88f213c9d8fd49a1\\NPRobloxProxy.dll ( Roblox Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll (DNAML Pty Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\searchplugins\Mysearchdial.xml
FF Extension: Garmin Communicator - C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-02-12]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-12]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-01-30]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\

Chrome:
=======


CHR DefaultSearchProvider:       "name": "Mysearchdial"
CHR Extension: (Google Docs) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-16]
CHR Extension: (Google Drive) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-16]
CHR Extension: (YouTube) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-16]
CHR Extension: (TrendMicro BEP Extension) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-10-16]
CHR Extension: (Google Search) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-16]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR Extension: (Gmail) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-16]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx [2013-10-16]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Jenny\AppData\Local\mysearchdial-speeddial.crx [2013-10-16]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx [2013-10-16]

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

S1 Beep; No ImagePath
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
S3 PolarUSB; C:\Windows\SysWOW64\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 11:54 - 2014-03-05 11:54 - 00024742 _____ () C:\Users\Topher\Downloads\FRST.txt
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\FRST
2014-03-05 11:53 - 2014-03-05 11:53 - 02157056 _____ (Farbar) C:\Users\Topher\Downloads\FRST64.exe
2014-03-05 11:50 - 2014-03-05 11:50 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Topher\Downloads\tdsskiller.exe
2014-03-05 08:47 - 2014-03-05 08:47 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.scr
2014-03-05 08:39 - 2014-03-05 08:47 - 00002685 _____ () C:\Users\Topher\Desktop\attach.txt
2014-03-05 08:34 - 2014-03-05 08:34 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.com
2014-03-05 07:44 - 2014-03-05 07:44 - 00017910 _____ () C:\ComboFix.txt
2014-03-05 07:08 - 2014-03-05 07:08 - 05186850 ____R (Swearware) C:\Users\Topher\Downloads\ComboFix.exe
2014-03-04 19:46 - 2014-03-05 07:44 - 00000000 ____D () C:\Qoobox
2014-03-04 19:46 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-04 19:46 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-04 19:46 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-04 19:46 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-04 19:46 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-04 19:46 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-04 19:46 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-04 19:46 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-04 19:40 - 2014-03-04 19:40 - 03819008 _____ () C:\Users\Topher\Downloads\RogueKiller.exe
2014-03-04 19:38 - 2014-03-04 19:38 - 00667952 _____ ( ) C:\Users\Topher\Downloads\ZipSetup.exe
2014-03-04 19:36 - 2014-03-05 06:27 - 00000000 ____D () C:\Windows\ERDNT
2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Jenny\Desktop\ERUNT.lnk
2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-03-04 19:35 - 2014-03-04 19:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-04 19:33 - 2014-03-04 19:33 - 00791393 _____ (Lars Hederer ) C:\Users\Topher\Downloads\erunt-setup.exe
2014-03-04 19:31 - 2014-03-04 19:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Topher\Downloads\rkill.exe
2014-03-04 19:19 - 2014-03-04 19:20 - 00001166 _____ () C:\Users\Public\Desktop\Trend Micro Titanium Internet Security Installer.lnk
2014-03-04 19:16 - 2014-03-04 19:17 - 131182568 _____ (Trend Micro Inc.) C:\Users\Topher\Downloads\TrendMicro-TTi_6.0_MR_Full.exe
2014-03-04 03:06 - 2014-02-05 02:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-04 03:06 - 2014-02-05 02:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-04 03:06 - 2014-02-05 02:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-04 03:06 - 2014-02-05 02:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-04 03:06 - 2014-02-05 02:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-04 03:06 - 2014-02-05 02:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-04 03:06 - 2014-02-05 01:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-04 03:06 - 2014-02-05 01:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-04 03:06 - 2014-02-05 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-04 03:06 - 2014-02-05 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-04 03:06 - 2014-02-05 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-04 03:06 - 2014-02-05 01:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-04 03:05 - 2014-02-05 03:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-04 03:05 - 2014-02-05 03:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-04 03:05 - 2014-02-05 03:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-04 03:05 - 2014-02-05 02:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-04 03:05 - 2014-02-05 02:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-04 03:05 - 2014-02-05 02:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-04 03:05 - 2014-02-05 02:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-04 03:05 - 2014-02-05 02:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-04 03:05 - 2014-02-05 02:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-04 03:05 - 2014-02-05 02:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-04 03:05 - 2014-02-05 01:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-04 03:05 - 2014-02-05 01:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-04 03:05 - 2014-02-05 01:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-04 03:05 - 2014-02-05 01:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-04 03:05 - 2014-02-05 01:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-04 03:05 - 2014-02-05 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-04 03:05 - 2014-02-05 01:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-04 03:05 - 2014-02-05 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-04 03:05 - 2014-02-05 01:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-04 03:05 - 2014-02-05 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-04 01:40 - 2013-12-04 21:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-04 01:40 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-03 21:35 - 2014-03-03 21:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-03 21:34 - 2014-03-04 01:26 - 00000000 ____D () C:\Users\Topher\Downloads\mbar
2014-02-28 19:00 - 2014-02-28 19:00 - 00000340 _____ () C:\Windows\SysWOW64\out.bin
2014-02-26 18:57 - 2014-02-26 18:57 - 00012326 _____ () C:\Users\Jenny\AppData\Local\msnxdmad
2014-02-26 18:56 - 2014-02-26 18:56 - 00068161 _____ () C:\Users\Jenny\AppData\Local\jhxuixou
2014-02-26 18:54 - 2014-02-26 18:54 - 00000000 _____ () C:\Users\Jenny\AppData\Roaming\SharedSettings.ccs
2014-02-19 14:19 - 2014-02-19 14:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 15:46 - 2014-02-16 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\New Folder
2014-02-07 19:49 - 2014-03-05 11:54 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-02-07 19:49 - 2014-03-04 19:54 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-02-07 19:49 - 2014-02-07 19:49 - 00003958 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA
2014-02-07 19:49 - 2014-02-07 19:49 - 00003562 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core
2014-02-07 19:49 - 2014-02-07 19:49 - 00000000 ____D () C:\Program Files (x86)\GUM1272.tmp
2014-02-04 10:45 - 2014-02-04 10:45 - 00277712 _____ () C:\Windows\Minidump\Mini020414-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-05 11:54 - 2014-03-05 11:54 - 00024742 _____ () C:\Users\Topher\Downloads\FRST.txt
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\FRST
2014-03-05 11:54 - 2014-02-07 19:49 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-03-05 11:53 - 2014-03-05 11:53 - 02157056 _____ (Farbar) C:\Users\Topher\Downloads\FRST64.exe
2014-03-05 11:50 - 2014-03-05 11:50 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Topher\Downloads\tdsskiller.exe
2014-03-05 11:48 - 2012-04-11 07:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 11:46 - 2010-02-04 15:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 11:46 - 2006-10-10 12:04 - 01304758 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 11:45 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 11:45 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 08:47 - 2014-03-05 08:47 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.scr
2014-03-05 08:47 - 2014-03-05 08:39 - 00002685 _____ () C:\Users\Topher\Desktop\attach.txt
2014-03-05 08:34 - 2014-03-05 08:34 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.com
2014-03-05 08:21 - 2006-11-02 05:46 - 00713714 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-05 08:16 - 2013-07-27 07:00 - 00458304 _____ () C:\Windows\PFRO.log
2014-03-05 08:16 - 2010-02-04 15:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 08:16 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-05 08:15 - 2006-11-02 08:42 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-05 07:44 - 2014-03-05 07:44 - 00017910 _____ () C:\ComboFix.txt
2014-03-05 07:44 - 2014-03-04 19:46 - 00000000 ____D () C:\Qoobox
2014-03-05 07:40 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-05 07:37 - 2013-08-09 08:18 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-05 07:08 - 2014-03-05 07:08 - 05186850 ____R (Swearware) C:\Users\Topher\Downloads\ComboFix.exe
2014-03-05 06:27 - 2014-03-04 19:36 - 00000000 ____D () C:\Windows\ERDNT
2014-03-04 20:54 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default
2014-03-04 20:32 - 2009-09-13 15:58 - 00000000 ____D () C:\Users\Jenny
2014-03-04 19:54 - 2014-02-07 19:49 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-03-04 19:40 - 2014-03-04 19:40 - 03819008 _____ () C:\Users\Topher\Downloads\RogueKiller.exe
2014-03-04 19:38 - 2014-03-04 19:38 - 00667952 _____ ( ) C:\Users\Topher\Downloads\ZipSetup.exe
2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Jenny\Desktop\ERUNT.lnk
2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-03-04 19:35 - 2014-03-04 19:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-04 19:35 - 2009-09-13 15:43 - 00000000 ___RD () C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-04 19:33 - 2014-03-04 19:33 - 00791393 _____ (Lars Hederer ) C:\Users\Topher\Downloads\erunt-setup.exe
2014-03-04 19:31 - 2014-03-04 19:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Topher\Downloads\rkill.exe
2014-03-04 19:20 - 2014-03-04 19:19 - 00001166 _____ () C:\Users\Public\Desktop\Trend Micro Titanium Internet Security Installer.lnk
2014-03-04 19:18 - 2013-07-26 14:49 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-04 19:18 - 2010-07-30 15:21 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-03-04 19:17 - 2014-03-04 19:16 - 131182568 _____ (Trend Micro Inc.) C:\Users\Topher\Downloads\TrendMicro-TTi_6.0_MR_Full.exe
2014-03-04 19:08 - 2013-07-27 07:11 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-04 03:08 - 2013-08-14 16:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-04 03:07 - 2006-11-02 05:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-04 01:30 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\nap
2014-03-04 01:26 - 2014-03-03 21:34 - 00000000 ____D () C:\Users\Topher\Downloads\mbar
2014-03-03 21:35 - 2014-03-03 21:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-02 09:25 - 2013-11-02 14:41 - 00000000 ____D () C:\Users\Jenny\AppData\Local\CutePDF Writer
2014-02-28 19:00 - 2014-02-28 19:00 - 00000340 _____ () C:\Windows\SysWOW64\out.bin
2014-02-26 18:57 - 2014-02-26 18:57 - 00012326 _____ () C:\Users\Jenny\AppData\Local\msnxdmad
2014-02-26 18:56 - 2014-02-26 18:56 - 00068161 _____ () C:\Users\Jenny\AppData\Local\jhxuixou
2014-02-26 18:54 - 2014-02-26 18:54 - 00000000 _____ () C:\Users\Jenny\AppData\Roaming\SharedSettings.ccs
2014-02-25 17:03 - 2012-05-05 11:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 15:19 - 2012-04-11 07:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 15:19 - 2012-04-11 07:59 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 15:19 - 2011-06-06 06:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 12:38 - 2012-04-14 11:07 - 00000000 ____D () C:\Users\Topher\Documents\boulderendo
2014-02-19 14:20 - 2014-02-19 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-18 08:47 - 2009-09-20 15:09 - 00002651 _____ () C:\Users\Jenny\Desktop\Microsoft Word 2007.lnk
2014-02-16 16:19 - 2013-05-12 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\Decorating
2014-02-16 15:46 - 2014-02-16 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\New Folder
2014-02-13 12:37 - 2012-12-31 08:55 - 00000000 ____D () C:\Users\Jenny\Documents\Printables
2014-02-12 14:54 - 2010-02-04 15:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 14:54 - 2010-02-04 15:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-07 19:49 - 2014-02-07 19:49 - 00003958 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA
2014-02-07 19:49 - 2014-02-07 19:49 - 00003562 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core
2014-02-07 19:49 - 2014-02-07 19:49 - 00000000 ____D () C:\Program Files (x86)\GUM1272.tmp
2014-02-06 12:56 - 2014-02-01 09:55 - 00000000 ____D () C:\Users\Jenny\Documents\Ryan party printables
2014-02-05 14:55 - 2009-09-14 19:10 - 00000000 ____D () C:\Users\Topher\AppData\Local\Adobe
2014-02-05 14:51 - 2013-12-01 15:42 - 00000000 ____D () C:\Users\Jenny\AppData\Local\genienext
2014-02-05 03:19 - 2014-03-04 03:05 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 03:02 - 2014-03-04 03:05 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 03:00 - 2014-03-04 03:05 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 02:54 - 2014-03-04 03:05 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 02:54 - 2014-03-04 03:05 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 02:52 - 2014-03-04 03:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 02:52 - 2014-03-04 03:05 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 02:52 - 2014-03-04 03:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 02:51 - 2014-03-04 03:06 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 02:51 - 2014-03-04 03:06 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 02:51 - 2014-03-04 03:05 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 02:51 - 2014-03-04 03:05 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 02:51 - 2014-03-04 03:05 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 02:50 - 2014-03-04 03:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 02:50 - 2014-03-04 03:06 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 02:50 - 2014-03-04 03:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 01:58 - 2014-03-04 03:05 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 01:56 - 2014-03-04 03:05 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 01:53 - 2014-03-04 03:05 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 01:51 - 2014-03-04 03:05 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 01:50 - 2014-03-04 03:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 01:49 - 2014-03-04 03:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 01:49 - 2014-03-04 03:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 01:48 - 2014-03-04 03:06 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 01:48 - 2014-03-04 03:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 01:48 - 2014-03-04 03:06 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 01:48 - 2014-03-04 03:05 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 01:48 - 2014-03-04 03:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 01:47 - 2014-03-04 03:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 01:47 - 2014-03-04 03:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 01:47 - 2014-03-04 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 01:46 - 2014-03-04 03:06 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 12:46 - 2005-02-12 15:47 - 00000000 ____D () C:\Users\Jenny\Documents\Random
2014-02-04 12:44 - 2012-01-26 14:42 - 00000000 ____D () C:\Users\Jenny\Documents\Documents for iPhone
2014-02-04 12:42 - 2005-02-12 15:47 - 00000000 ____D () C:\Users\Jenny\Documents\Work - Summaries, Notes
2014-02-04 10:45 - 2014-02-04 10:45 - 00277712 _____ () C:\Windows\Minidump\Mini020414-01.dmp
2014-02-04 10:45 - 2013-05-12 19:36 - 512441477 _____ () C:\Windows\MEMORY.DMP
2014-02-04 10:45 - 2013-05-12 19:36 - 00000000 ____D () C:\Windows\Minidump

Files to move or delete:
====================
C:\Users\Jenny\gotomypc_533.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-05 08:21

==================== End Of Log ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014
Ran by Topher at 2014-03-05 11:55:17
Running from C:\Users\Topher\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABIM Tutorial (HKLM-x32\...\{9F050422-7445-40AF-BAD0-12F7FDC23D5E}) (Version: 2.12.5.77 - Pearson VUE)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Canon MP Navigator 2.0 (HKLM-x32\...\MP Navigator 2.0) (Version:  - )
Canon MP500 (HKLM\...\{BA4DF4C3-196E-4128-969A-00996B5A46F8}) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325a - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.0.2325a - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Documents To Go Desktop for iPhone (HKLM-x32\...\DTGDesktop) (Version: 2.0000.006 - DataViz, Inc.)
Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.300 - Nuance Communications Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Evernote v. 4.5.4 (HKLM-x32\...\{2A07AA78-79DB-11E1-8313-984BE15F174E}) (Version: 4.5.4.6498 - Evernote Corp.)
FileMaker Pro 10 (HKLM-x32\...\{96F5D143-C950-465D-A8BE-C3D4D9CB3C1F}) (Version: 10.0.3.0 - FileMaker, Inc.)
FlexiLayouts 2 PRO Editor (HKLM-x32\...\com.extend.csslayoutspro) (Version: 2.1.140 - Extend Studio S.R.L.)
FlexiLayouts 2 PRO Editor (x32 Version: 2.1.140 - Extend Studio S.R.L.) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.52 - WildTangent)
Gateway Photo Frame 4.2.3.6 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.6 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3006 - Acer Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{7B286FFB-7F98-4337-9903-A2103AAAAE5E}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{24E01F02-4261-42B8-9BD9-80E5E6D64952}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{2543D658-38B1-4286-BA75-12CA6103743D}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
LEGO Universe (HKLM-x32\...\NetDevil_LEGO_Universe_is1) (Version:  - LEGO Software)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Money Shared Libraries (x32 Version: 16.0.0.705 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation)
Polar IrDA USB Adapter (HKLM-x32\...\{7A6EC173-9388-4172-8F44-17FFEA8A53BC}) (Version: 1.03.0000 - )
Polar ProTrainer (HKLM-x32\...\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}) (Version: 5.20.130 - )
PowerAgent 7.4.5 (HKLM-x32\...\PowerAgent_is1) (Version:  - Saris Cycling Group)
PowerAgent 7.5.3.27 (HKLM\...\PowerAgent_is1) (Version:  - Saris Cycling Group, Inc.)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5807 - Realtek Semiconductor Corp.)
ROBLOX Player for Topher (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Safari (HKLM-x32\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrainingPeaks Device Agent (HKLM-x32\...\{C1C5E1B5-14C1-49BB-8C92-42F028544CA6}) (Version: 3.0.88.1 - TrainingPeaks)
TrainingPeaks WKO+ (HKLM-x32\...\{BCCDBCD1-3614-4df9-8796-320188288606}) (Version: 3.00.048 - TrainingPeaks)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 10.20.200 - Nuance Communications Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
WinTidy 1.0.11 (HKLM-x32\...\PC Magazine's WinTidy_is1) (Version: 1.0.11 - Ziff Davis Media, Inc.)

==================== Restore Points  =========================

11-10-2013 21:35:30 Windows Update
14-10-2013 16:28:20 Scheduled Checkpoint
31-10-2013 02:31:04 Scheduled Checkpoint
05-11-2013 03:47:45 Scheduled Checkpoint
06-11-2013 03:09:32 Scheduled Checkpoint
12-11-2013 19:07:24 Scheduled Checkpoint
13-11-2013 23:48:49 Windows Update
14-11-2013 10:00:29 Windows Update
15-11-2013 02:30:08 Scheduled Checkpoint
25-11-2013 02:31:32 Installed WeatherBug
03-12-2013 03:09:00 Removed Bing Bar
09-12-2013 23:51:07 Scheduled Checkpoint
12-12-2013 10:00:27 Windows Update
15-12-2013 00:26:42 Device Driver Package Install: Citrix Systems Inc.
15-12-2013 00:54:16 Windows Update
17-12-2013 23:44:28 Scheduled Checkpoint
18-12-2013 13:32:50 Scheduled Checkpoint
21-12-2013 22:20:31 Scheduled Checkpoint
15-01-2014 01:13:35 Scheduled Checkpoint
15-01-2014 21:22:55 Windows Update
17-01-2014 14:16:47 Scheduled Checkpoint
18-01-2014 16:46:39 Removed WeatherBug

==================== Hosts content: ==========================

2006-11-02 05:34 - 2014-03-05 07:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04AE77BA-0E2A-48B2-AD8F-B23E00575863} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {350F3B72-6350-4AC4-B52E-1F272DFA277F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04] (Google Inc.)
Task: {5E1D1306-3C68-46D5-820D-71FB84A9AE4B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {6D72F9F4-373C-4354-93C6-A7646EADCAC1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {6E87849F-780D-4743-A7DF-98B3C0ED828D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04] (Google Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {840DAB68-0770-4829-91D7-3A28321B74E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9494C612-558A-4BBB-832C-AF44A1911056} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9A7DF967-F80A-4C3F-98BA-28BB2BFED9C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {BD325C4D-1EB9-49CA-98C3-E97DC9359D11} - System32\Tasks\AdobeAAMUpdater-1.0-Office-PC-Jenny => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {E0B3DFFF-49A2-48BF-9A7F-AA4EC3205733} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-02-25] (Acer)
Task: {E56789B0-9980-4C7E-92B0-D6EB465BBCB5} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FE729E00-D28E-4133-BFB4-9E6F73061300} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {FF888BC1-B274-4C48-81B2-15DFB52CF973} - System32\Tasks\AdobeAAMUpdater-1.0-Office-PC-Topher => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-02 14:25 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2009-04-02 01:22 - 2008-05-30 10:50 - 00581120 _____ () C:\Windows\MHotKey.exe
2013-12-01 15:42 - 2013-11-22 04:25 - 00747712 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-26 13:11 - 2009-02-26 13:11 - 00031744 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
2009-02-26 13:11 - 2009-02-26 13:11 - 00025088 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
2008-08-27 16:32 - 2008-08-27 16:32 - 00619816 ____N () C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
2008-06-09 09:55 - 2008-06-09 09:55 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-02-19 14:19 - 2014-02-19 14:20 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-21 15:19 - 2014-02-21 15:19 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Citrix XenApp.lnk => C:\Windows\pss\Citrix XenApp.lnk.CommonStartup

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2014 08:17:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 06:28:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 07:13:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 07:02:39 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{7CD9BD50-DA2C-4246-8247-84C8FBCD7932}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/04/2014 07:02:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (03/05/2014 08:17:48 AM) (Source: Service Control Manager) (User: )
Description: Beep
SRTSP
SRTSPX

Error: (03/05/2014 08:17:48 AM) (Source: Service Control Manager) (User: )
Description: Norton Internet Security%%3

Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/05/2014 08:15:51 AM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (04/26/2012 10:03:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/26/2012 09:45:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/26/2012 09:45:42 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-03-05 11:55:12.395
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-05 11:55:12.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-05 11:55:11.740
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-05 11:55:11.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-05 11:55:11.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-05 11:55:10.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-05 11:55:10.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-05 11:55:10.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-05 08:47:49.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-05 08:47:49.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 4060.26 MB
Available physical RAM: 1954.54 MB
Total Pagefile: 8317.26 MB
Available Pagefile: 5938.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:583.17 GB) (Free:344.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: CD6556B4)

Partition: GPT Partition Type.

==================== End Of Log ============================

TDSSKiller_Log.txt

Link to post
Share on other sites

Yes, there is a bookit running as I suspected. Let's get rid of it!


Start TDSSKiller.exe again with administrator privileges.

  • Set the parameters like in the first scan and click on Start scan.
  • This time select for the threat Rootkit.Boot.Cidox.b (and only for that) the option Cure (or Delete).
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.
Link to post
Share on other sites

Hi,

have the IP-blocks from Malwarebytes on explorer.exe now stopped or are thre still there?


Step 1

Please download this attached fixlist.txt and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
 

 


Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.
Link to post
Share on other sites

Hi.

The IP blocks do seem to have stopped. Have not seen one for some time now.

 

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02
Ran by Topher at 2014-03-05 15:47:17 Run:1
Running from C:\Users\Topher\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [747712 2013-11-22] ()
C:\Program Files (x86)\Mobogenie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=977953915&ir=
FF SearchEngineOrder.1: Mysearchdial
FF SearchPlugin: C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\searchplugins\Mysearchdial.xml
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Jenny\AppData\Local\mysearchdial-speeddial.crx [2013-10-16]
2014-02-05 14:51 - 2013-12-01 15:42 - 00000000 ____D () C:\Users\Jenny\AppData\Local\genienext
2014-02-26 18:57 - 2014-02-26 18:57 - 00012326 _____ () C:\Users\Jenny\AppData\Local\msnxdmad
2014-02-26 18:56 - 2014-02-26 18:56 - 00068161 _____ () C:\Users\Jenny\AppData\Local\jhxuixou
*****************

[3776] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.
C:\Program Files (x86)\Mobogenie => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\searchplugins\Mysearchdial.xml => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
"C:\Users\Jenny\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
C:\Users\Jenny\AppData\Local\genienext => Moved successfully.
C:\Users\Jenny\AppData\Local\msnxdmad => Moved successfully.
C:\Users\Jenny\AppData\Local\jhxuixou => Moved successfully.

==== End of Fixlog ====

 

ESET LOG

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=71595b09d27a01459780a9d25e75693a
# engine=17331
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-06 01:02:40
# local_time=2014-03-05 06:02:40 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 0 230666466 0 0
# scanned=284282
# found=16
# cleaned=0
# scan_time=7925
sh=A9AEC3C8D76F80698570FCC2778C7D9980C8F568 ft=1 fh=af6f7e000a8b6dd1 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\Mobogenie05-03-2014_15-47-17\DaemonProcess.exe"
sh=8A396520C9A9167A15FF8C3F83AEBF0FEA4EAEAE ft=1 fh=4bede89b32e23741 vn="a variant of Win32/PCCleaners potentially unwanted application" ac=I fn="C:\Program Files (x86)\PC Cleaners\PCCleaners.exe"
sh=0BC242AB15E4055E13D38DFEB8BC58635704FA14 ft=1 fh=ff147e3afb8fd20c vn="a variant of Win32/Kryptik.BVKP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jenny\AppData\Local\pircnfgj.exe.vir"
sh=886BFFF2B74E4D2920C8BFE0371583F44014E396 ft=1 fh=ff147e3a4750056b vn="a variant of Win32/Kryptik.BVKP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jenny\AppData\Local\scdkhqif.exe.vir"
sh=A184BD791493EC1AACA5D3CA610FAA3D2574D84C ft=1 fh=ff147e3afb8fd20c vn="a variant of Win32/Kryptik.BVKP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jenny\AppData\Local\vnkbqdoh.exe.vir"
sh=09B82F25F3484255E03729CBDF18649A4FA61A31 ft=1 fh=23fabdab809eb845 vn="a variant of Win32/Kryptik.BVKP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jenny\AppData\Local\wtutfnrd.exe.vir"
sh=B9D616B1B3BB834316D0927CF6C71433C1A976A1 ft=1 fh=ff147e3ab0aab30a vn="Win32/TrojanDownloader.Zortob.F trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jenny\AppData\Local\xwhshpiu.exe.vir"
sh=E63586F44A17C40E2088022D6771602878DAA7D9 ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BE trojan" ac=I fn="C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\ahibjmdpkeijhnebmagakmheblenaekf\3.0.7\background.js"
sh=6271F3749AEF096B1B565D5A5821745181753D11 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.RAJ trojan" ac=I fn="C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\48cc4fd3-5af53086"
sh=6271F3749AEF096B1B565D5A5821745181753D11 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.RAJ trojan" ac=I fn="C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\48cc4fd3-5cd4c775"
sh=028AE124A6D7E71AC36409B25DD52D6BE34D475E ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\1a118297-329a8aef"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\Jenny\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Font Installer Packages\uninstaller.exe"
sh=7505E1FCF4961A4CB45890DF87749DF616FF85A2 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B potentially unwanted application" ac=I fn="C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\tq6p3c0r.default\extensions\firefox@mybuzzsearch.com.xpi"
sh=4C96F4A6AC5836E6EF3746E58C0551CE803F3EBE ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BE trojan" ac=I fn="C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\tq6p3c0r.default\extensions\{3F9C8107-89A4-417D-C060-AC741B4D04A5}\components\SystemSecurityCryptography.js"
sh=D792999D32739844062335B44BA591F78E82D7BA ft=1 fh=371466adb3877be5 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Jenny\Downloads\CuteWriter.exe"
sh=A4A12ABE37CC060514E75290AABC0C107C11C2CD ft=1 fh=c71c00118375eaad vn="a variant of Win32/InstallCore.KJ potentially unwanted application" ac=I fn="C:\Users\Topher\Downloads\ZipSetup.exe"
 

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02
Ran by Topher (administrator) on OFFICE-PC on 05-03-2014 20:00:02
Running from C:\Users\Topher\Downloads
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\MHotKey.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Creative) C:\Windows\CNYHKey.exe
(IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
(Ziff Davis Media, Inc.) C:\Program Files (x86)\WinTidy\WinTidy.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
(Akamai Technologies, Inc.) C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe
(Chicony) C:\Windows\ModLedKey.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7212576 2009-03-10] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LchDrvKey] - C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] - C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [45056 2009-02-26] (IOI)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Google Update] - "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3433930461-3178264376-1025918575-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Topher\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
ShortcutTarget: Dragon NaturallySpeaking.lnk -> C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series.lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinTidy.lnk
ShortcutTarget: WinTidy.lnk -> C:\Program Files (x86)\WinTidy\WinTidy.exe (Ziff Davis Media, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://connect.bch.org/Citrix/AccessPlatform/site/default.aspx
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe64.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe32.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {04B6290C-97B8-49A1-B0A3-1312254F7C54} https://clinicalportal.luhcares.org/portal/applets/SharedSession.dll
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {EB29B81A-7351-4890-8BCE-58127C3545F9} https://clinicalportal.luhcares.org/portal/applets/mckntauth.ocx
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe64.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe32.dll No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default
FF user.js: detected! => C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\user.js
FF Homepage: hotmail.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Topher\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Topher\AppData\Local\Roblox\Versions\version-88f213c9d8fd49a1\\NPRobloxProxy.dll ( Roblox Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll (DNAML Pty Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Extension: Garmin Communicator - C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-02-12]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Topher\AppData\Roaming\Mozilla\Firefox\Profiles\skstnv3c.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-12]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-01-30]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\

Chrome:
=======


CHR DefaultSearchProvider:       "name": "Mysearchdial"
CHR Extension: (Google Docs) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-16]
CHR Extension: (Google Drive) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-16]
CHR Extension: (YouTube) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-16]
CHR Extension: (TrendMicro BEP Extension) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-10-16]
CHR Extension: (Google Search) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-16]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR Extension: (Gmail) - C:\Users\Topher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-16]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx [2013-10-16]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx [2013-10-16]

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

S1 Beep; No ImagePath
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
S3 PolarUSB; C:\Windows\SysWOW64\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 20:00 - 2014-03-05 20:00 - 00020444 _____ () C:\Users\Topher\Downloads\FRST.txt
2014-03-05 15:48 - 2014-03-05 15:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-05 15:47 - 2014-03-05 15:47 - 02347384 _____ (ESET) C:\Users\Topher\Downloads\esetsmartinstaller_enu.exe
2014-03-05 15:47 - 2014-03-05 15:47 - 00000000 ____D () C:\Users\Topher\Downloads\FRST-OlderVersion
2014-03-05 14:13 - 2014-03-05 14:13 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-05 12:09 - 2014-03-05 12:09 - 00000000 ____D () C:\Users\Topher\AppData\Local\CrashDumps
2014-03-05 11:55 - 2014-03-05 11:55 - 00042696 _____ () C:\Users\Topher\Desktop\Addition.txt
2014-03-05 11:54 - 2014-03-05 20:00 - 00000000 ____D () C:\FRST
2014-03-05 11:54 - 2014-03-05 11:55 - 00044358 _____ () C:\Users\Topher\Desktop\FRST.txt
2014-03-05 11:53 - 2014-03-05 15:47 - 02156544 _____ (Farbar) C:\Users\Topher\Downloads\FRST64.exe
2014-03-05 11:50 - 2014-03-05 11:50 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Topher\Downloads\tdsskiller.exe
2014-03-05 08:47 - 2014-03-05 08:47 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.scr
2014-03-05 08:39 - 2014-03-05 08:47 - 00002685 _____ () C:\Users\Topher\Desktop\attach.txt
2014-03-05 08:34 - 2014-03-05 08:34 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.com
2014-03-05 07:44 - 2014-03-05 07:44 - 00017910 _____ () C:\ComboFix.txt
2014-03-05 07:08 - 2014-03-05 07:08 - 05186850 ____R (Swearware) C:\Users\Topher\Downloads\ComboFix.exe
2014-03-04 19:46 - 2014-03-05 07:44 - 00000000 ____D () C:\Qoobox
2014-03-04 19:46 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-04 19:46 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-04 19:46 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-04 19:46 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-04 19:46 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-04 19:46 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-04 19:46 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-04 19:46 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-04 19:40 - 2014-03-04 19:40 - 03819008 _____ () C:\Users\Topher\Downloads\RogueKiller.exe
2014-03-04 19:38 - 2014-03-04 19:38 - 00667952 _____ ( ) C:\Users\Topher\Downloads\ZipSetup.exe
2014-03-04 19:36 - 2014-03-05 06:27 - 00000000 ____D () C:\Windows\ERDNT
2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Jenny\Desktop\ERUNT.lnk
2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-03-04 19:35 - 2014-03-04 19:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-04 19:33 - 2014-03-04 19:33 - 00791393 _____ (Lars Hederer ) C:\Users\Topher\Downloads\erunt-setup.exe
2014-03-04 19:31 - 2014-03-04 19:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Topher\Downloads\rkill.exe
2014-03-04 19:19 - 2014-03-04 19:20 - 00001166 _____ () C:\Users\Public\Desktop\Trend Micro Titanium Internet Security Installer.lnk
2014-03-04 19:16 - 2014-03-04 19:17 - 131182568 _____ (Trend Micro Inc.) C:\Users\Topher\Downloads\TrendMicro-TTi_6.0_MR_Full.exe
2014-03-04 03:06 - 2014-02-05 02:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-04 03:06 - 2014-02-05 02:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-04 03:06 - 2014-02-05 02:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-04 03:06 - 2014-02-05 02:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-04 03:06 - 2014-02-05 02:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-04 03:06 - 2014-02-05 02:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-04 03:06 - 2014-02-05 01:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-04 03:06 - 2014-02-05 01:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-04 03:06 - 2014-02-05 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-04 03:06 - 2014-02-05 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-04 03:06 - 2014-02-05 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-04 03:06 - 2014-02-05 01:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-04 03:05 - 2014-02-05 03:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-04 03:05 - 2014-02-05 03:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-04 03:05 - 2014-02-05 03:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-04 03:05 - 2014-02-05 02:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-04 03:05 - 2014-02-05 02:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-04 03:05 - 2014-02-05 02:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-04 03:05 - 2014-02-05 02:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-04 03:05 - 2014-02-05 02:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-04 03:05 - 2014-02-05 02:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-04 03:05 - 2014-02-05 02:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-04 03:05 - 2014-02-05 01:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-04 03:05 - 2014-02-05 01:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-04 03:05 - 2014-02-05 01:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-04 03:05 - 2014-02-05 01:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-04 03:05 - 2014-02-05 01:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-04 03:05 - 2014-02-05 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-04 03:05 - 2014-02-05 01:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-04 03:05 - 2014-02-05 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-04 03:05 - 2014-02-05 01:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-04 03:05 - 2014-02-05 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-04 01:40 - 2013-12-04 21:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-04 01:40 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-03 21:35 - 2014-03-03 21:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-03 21:34 - 2014-03-04 01:26 - 00000000 ____D () C:\Users\Topher\Downloads\mbar
2014-02-28 19:00 - 2014-02-28 19:00 - 00000340 _____ () C:\Windows\SysWOW64\out.bin
2014-02-26 18:54 - 2014-02-26 18:54 - 00000000 _____ () C:\Users\Jenny\AppData\Roaming\SharedSettings.ccs
2014-02-19 14:19 - 2014-02-19 14:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 15:46 - 2014-02-16 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\New Folder
2014-02-07 19:49 - 2014-03-05 19:56 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-02-07 19:49 - 2014-03-05 19:56 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-02-07 19:49 - 2014-02-07 19:49 - 00003958 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA
2014-02-07 19:49 - 2014-02-07 19:49 - 00003562 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core
2014-02-07 19:49 - 2014-02-07 19:49 - 00000000 ____D () C:\Program Files (x86)\GUM1272.tmp
2014-02-04 10:45 - 2014-02-04 10:45 - 00277712 _____ () C:\Windows\Minidump\Mini020414-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-05 20:00 - 2014-03-05 20:00 - 00020444 _____ () C:\Users\Topher\Downloads\FRST.txt
2014-03-05 20:00 - 2014-03-05 11:54 - 00000000 ____D () C:\FRST
2014-03-05 19:59 - 2010-02-04 15:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 19:56 - 2014-02-07 19:49 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-03-05 19:56 - 2014-02-07 19:49 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-03-05 19:56 - 2012-04-11 07:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 19:56 - 2006-10-10 12:04 - 01330357 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 18:14 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 18:14 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 15:48 - 2014-03-05 15:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-05 15:47 - 2014-03-05 15:47 - 02347384 _____ (ESET) C:\Users\Topher\Downloads\esetsmartinstaller_enu.exe
2014-03-05 15:47 - 2014-03-05 15:47 - 00000000 ____D () C:\Users\Topher\Downloads\FRST-OlderVersion
2014-03-05 15:47 - 2014-03-05 11:53 - 02156544 _____ (Farbar) C:\Users\Topher\Downloads\FRST64.exe
2014-03-05 15:43 - 2010-02-04 15:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 14:21 - 2006-11-02 05:46 - 00713714 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-05 14:14 - 2006-11-02 08:42 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-05 14:14 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-05 14:13 - 2014-03-05 14:13 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-05 12:09 - 2014-03-05 12:09 - 00000000 ____D () C:\Users\Topher\AppData\Local\CrashDumps
2014-03-05 11:55 - 2014-03-05 11:55 - 00042696 _____ () C:\Users\Topher\Desktop\Addition.txt
2014-03-05 11:55 - 2014-03-05 11:54 - 00044358 _____ () C:\Users\Topher\Desktop\FRST.txt
2014-03-05 11:50 - 2014-03-05 11:50 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Topher\Downloads\tdsskiller.exe
2014-03-05 08:47 - 2014-03-05 08:47 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.scr
2014-03-05 08:47 - 2014-03-05 08:39 - 00002685 _____ () C:\Users\Topher\Desktop\attach.txt
2014-03-05 08:34 - 2014-03-05 08:34 - 00688992 ____R (Swearware) C:\Users\Topher\Downloads\dds.com
2014-03-05 08:16 - 2013-07-27 07:00 - 00458304 _____ () C:\Windows\PFRO.log
2014-03-05 07:44 - 2014-03-05 07:44 - 00017910 _____ () C:\ComboFix.txt
2014-03-05 07:44 - 2014-03-04 19:46 - 00000000 ____D () C:\Qoobox
2014-03-05 07:40 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-05 07:37 - 2013-08-09 08:18 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-05 07:08 - 2014-03-05 07:08 - 05186850 ____R (Swearware) C:\Users\Topher\Downloads\ComboFix.exe
2014-03-05 06:27 - 2014-03-04 19:36 - 00000000 ____D () C:\Windows\ERDNT
2014-03-04 20:54 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default
2014-03-04 20:32 - 2009-09-13 15:58 - 00000000 ____D () C:\Users\Jenny
2014-03-04 19:40 - 2014-03-04 19:40 - 03819008 _____ () C:\Users\Topher\Downloads\RogueKiller.exe
2014-03-04 19:38 - 2014-03-04 19:38 - 00667952 _____ ( ) C:\Users\Topher\Downloads\ZipSetup.exe
2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Jenny\Desktop\ERUNT.lnk
2014-03-04 19:35 - 2014-03-04 19:35 - 00000746 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-03-04 19:35 - 2014-03-04 19:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-04 19:35 - 2009-09-13 15:43 - 00000000 ___RD () C:\Users\Topher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-04 19:33 - 2014-03-04 19:33 - 00791393 _____ (Lars Hederer ) C:\Users\Topher\Downloads\erunt-setup.exe
2014-03-04 19:31 - 2014-03-04 19:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Topher\Downloads\rkill.exe
2014-03-04 19:20 - 2014-03-04 19:19 - 00001166 _____ () C:\Users\Public\Desktop\Trend Micro Titanium Internet Security Installer.lnk
2014-03-04 19:18 - 2013-07-26 14:49 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-04 19:18 - 2010-07-30 15:21 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-03-04 19:17 - 2014-03-04 19:16 - 131182568 _____ (Trend Micro Inc.) C:\Users\Topher\Downloads\TrendMicro-TTi_6.0_MR_Full.exe
2014-03-04 19:08 - 2013-07-27 07:11 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-04 03:08 - 2013-08-14 16:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-04 03:07 - 2006-11-02 05:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-04 01:30 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\nap
2014-03-04 01:26 - 2014-03-03 21:34 - 00000000 ____D () C:\Users\Topher\Downloads\mbar
2014-03-03 21:35 - 2014-03-03 21:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-02 09:25 - 2013-11-02 14:41 - 00000000 ____D () C:\Users\Jenny\AppData\Local\CutePDF Writer
2014-02-28 19:00 - 2014-02-28 19:00 - 00000340 _____ () C:\Windows\SysWOW64\out.bin
2014-02-26 18:54 - 2014-02-26 18:54 - 00000000 _____ () C:\Users\Jenny\AppData\Roaming\SharedSettings.ccs
2014-02-25 17:03 - 2012-05-05 11:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 15:19 - 2012-04-11 07:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 15:19 - 2012-04-11 07:59 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 15:19 - 2011-06-06 06:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 12:38 - 2012-04-14 11:07 - 00000000 ____D () C:\Users\Topher\Documents\boulderendo
2014-02-19 14:20 - 2014-02-19 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-18 08:47 - 2009-09-20 15:09 - 00002651 _____ () C:\Users\Jenny\Desktop\Microsoft Word 2007.lnk
2014-02-16 16:19 - 2013-05-12 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\Decorating
2014-02-16 15:46 - 2014-02-16 15:46 - 00000000 ____D () C:\Users\Jenny\Documents\New Folder
2014-02-13 12:37 - 2012-12-31 08:55 - 00000000 ____D () C:\Users\Jenny\Documents\Printables
2014-02-12 14:54 - 2010-02-04 15:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 14:54 - 2010-02-04 15:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-07 19:49 - 2014-02-07 19:49 - 00003958 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18UA
2014-02-07 19:49 - 2014-02-07 19:49 - 00003562 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-18Core
2014-02-07 19:49 - 2014-02-07 19:49 - 00000000 ____D () C:\Program Files (x86)\GUM1272.tmp
2014-02-06 12:56 - 2014-02-01 09:55 - 00000000 ____D () C:\Users\Jenny\Documents\Ryan party printables
2014-02-05 14:55 - 2009-09-14 19:10 - 00000000 ____D () C:\Users\Topher\AppData\Local\Adobe
2014-02-05 03:19 - 2014-03-04 03:05 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 03:02 - 2014-03-04 03:05 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 03:00 - 2014-03-04 03:05 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 02:54 - 2014-03-04 03:05 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 02:54 - 2014-03-04 03:05 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 02:52 - 2014-03-04 03:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 02:52 - 2014-03-04 03:05 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 02:52 - 2014-03-04 03:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 02:51 - 2014-03-04 03:06 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 02:51 - 2014-03-04 03:06 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 02:51 - 2014-03-04 03:05 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 02:51 - 2014-03-04 03:05 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 02:51 - 2014-03-04 03:05 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 02:50 - 2014-03-04 03:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 02:50 - 2014-03-04 03:06 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 02:50 - 2014-03-04 03:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 01:58 - 2014-03-04 03:05 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 01:56 - 2014-03-04 03:05 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 01:53 - 2014-03-04 03:05 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 01:51 - 2014-03-04 03:05 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 01:50 - 2014-03-04 03:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 01:49 - 2014-03-04 03:05 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 01:49 - 2014-03-04 03:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 01:48 - 2014-03-04 03:06 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 01:48 - 2014-03-04 03:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 01:48 - 2014-03-04 03:06 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 01:48 - 2014-03-04 03:05 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 01:48 - 2014-03-04 03:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 01:47 - 2014-03-04 03:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 01:47 - 2014-03-04 03:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 01:47 - 2014-03-04 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 01:46 - 2014-03-04 03:06 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 12:46 - 2005-02-12 15:47 - 00000000 ____D () C:\Users\Jenny\Documents\Random
2014-02-04 12:44 - 2012-01-26 14:42 - 00000000 ____D () C:\Users\Jenny\Documents\Documents for iPhone
2014-02-04 12:42 - 2005-02-12 15:47 - 00000000 ____D () C:\Users\Jenny\Documents\Work - Summaries, Notes
2014-02-04 10:45 - 2014-02-04 10:45 - 00277712 _____ () C:\Windows\Minidump\Mini020414-01.dmp
2014-02-04 10:45 - 2013-05-12 19:36 - 512441477 _____ () C:\Windows\MEMORY.DMP
2014-02-04 10:45 - 2013-05-12 19:36 - 00000000 ____D () C:\Windows\Minidump

Files to move or delete:
====================
C:\Users\Jenny\gotomypc_533.exe


Some content of TEMP:
====================
C:\Users\Topher\AppData\Local\temp\{D54EAD61-F722-4BAE-97B4-4D1E114713C4}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-05 14:21

==================== End Of Log ============================

Link to post
Share on other sites

This is looking good, no more active malware has been found.

I don't see a running anti-virus program on your computer. I highly recommend that you download and install one anti-virus software (e.g. avast or MSE).
 
 
Step 1

Please download this attached fixlist.txt and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • It don't need the log.

 

 

 

 

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:




Adobe Reader 9.5.5
Java™ 6 Update 29




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

Thanks so much. I will definitely buy you a virtual beer!

 

Just so you don't think I am a complete moron, we do have a subscription to Trend Micro. It stopped working during this process (before I contacted this forum) and I uninstailled it, planning to reinstall it. Then, lo and behold, it won't install with MBAM installed. I did not want to uninstall MBAM as it was actually working to block all that outbound traffic! So, I've just tried to stay off the internet on this computer, other than checking this forum. I will uninstall MBAM now, reinstall Trend Micro, then promptly put MBAM back!

 

Take care.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.