Jump to content

Audio ads playing in background Please help!


Recommended Posts

Here are my logs

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014 01
Ran by Admin (administrator) on ADMIN-PC on 11-06-2014 15:32:21
Running from C:\Users\Admin\Desktop
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(O2Micro International) C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
() C:\Toshiba\IVP\ISM\pinger.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-10] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3402813050-4047483925-927164663-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-06-02] (Glarysoft Ltd)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =  http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x68C387DF3160CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =  http://home.microsoft.com/search/search.asp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =  http://www.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {461fc775-35b6-4d0b-9ff3-af280bfaba83} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR StartupUrls: "hxxp://iron-start.com/"
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-10]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-10]
CHR Extension: (Cinetonic) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eapnnlcfnfkfgijohljclicblfnjfekg [2014-06-10]
CHR Extension: (Print) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2014-06-10]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-10]
CHR Extension: (Click&Clean App) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Users\Admin\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ [2012-09-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-10]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-10] (AVAST Software)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [723968 2009-04-11] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 o2flash; C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 RpcSs; C:\Windows\System32\rpcss.dll [723968 2009-04-11] (Microsoft Corporation) [File not signed]
R2 slsvc; C:\Windows\SysWOW64\SLsvc.exe [0 2012-12-24] () [File not signed]
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2012-12-24] () [File not signed]
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-04-11] (TOSHIBA Corporation)
S2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2012-12-24] () [File not signed]
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 XAudioService; C:\Windows\SysWOW64\DRIVERS\xaudio64.exe [0 2012-12-24] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-06-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-10] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-06-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-10] ()
S1 Beep; No ImagePath
S0 BootDefragDriver; C:\Windows\SysWOW64\drivers\BootDefragDriver.sys [16640 2013-04-24] (<Glarysoft Ltd>)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-15] (Glarysoft Ltd)
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62040 2008-04-15] (O2Micro )
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2007-10-12] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ssrangdr; C:\Windows\System32\DRIVERS\ssrangdr.sys [4608 2009-01-20] (SupportSoft Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28808 2008-03-05] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [195584 2008-03-05] (Sierra Wireless Inc.)
S3 Tosrfcom; No ImagePath
S1 meofboht; \??\C:\Windows\system32\drivers\meofboht.sys [X]
S1 MpKsl4856fa72; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{45AA6195-6478-485C-8D42-DD786CABF017}\MpKsl4856fa72.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-11 15:32 - 2014-06-11 15:32 - 00016743 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-11 15:31 - 2014-06-11 15:32 - 00000000 ____D () C:\FRST
2014-06-11 15:28 - 2014-06-11 15:29 - 02081792 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-06-11 11:37 - 2014-06-11 11:37 - 00000296 _____ () C:\Windows\system32\spsys.log
2014-06-11 00:00 - 2014-06-11 00:00 - 00000000 ____D () C:\Users\Admin\AppData\Local\{161FF11B-290B-48AD-9C94-212BFF28C38B}
2014-06-10 22:46 - 2014-06-10 22:50 - 00002036 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-10 22:46 - 2014-06-10 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-10 14:31 - 2014-06-10 14:31 - 00001840 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-10 14:31 - 2014-06-10 14:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software
2014-06-10 14:31 - 2014-06-10 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-10 14:30 - 2014-06-10 14:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-10 14:29 - 2014-06-10 14:31 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-10 14:29 - 2014-06-10 14:31 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-10 14:29 - 2014-06-10 14:31 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-06-10 14:29 - 2014-06-10 14:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402428695708
2014-06-10 14:29 - 2014-06-10 14:29 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-10 14:29 - 2014-06-10 14:29 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-10 14:29 - 2014-06-10 14:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-10 14:29 - 2014-06-10 14:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-10 14:29 - 2014-06-10 14:29 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-06-10 14:29 - 2014-06-10 14:29 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1402428695708
2014-06-10 14:29 - 2014-06-10 14:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-10 14:29 - 2014-06-10 14:29 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-10 14:28 - 2014-06-10 14:28 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-10 14:27 - 2014-06-10 14:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-10 14:20 - 2014-06-10 14:20 - 00000000 ____D () C:\OETemp
2014-06-10 14:04 - 2014-06-11 15:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp
2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\AppData\AppData\Local\temp
2014-06-10 12:57 - 2014-06-11 11:40 - 00048709 ____N () C:\Windows\WindowsUpdate.log
2014-06-10 08:46 - 2014-06-10 08:48 - 00000000 ____D () C:\AdwCleaner
2014-06-10 08:31 - 2014-06-10 08:31 - 00000000 ____D () C:\Windows\ERUNT
2014-06-10 02:51 - 2014-06-10 02:51 - 00116160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-10 01:39 - 2014-06-10 01:40 - 00618580 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI02AF.txt
2014-06-10 01:39 - 2014-06-10 01:40 - 00015608 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI02AF.txt
2014-06-09 23:52 - 2014-06-10 08:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-09 23:44 - 2014-06-09 23:45 - 00617130 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI2A18.txt
2014-06-09 23:44 - 2014-06-09 23:45 - 00012448 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI2A18.txt
2014-06-09 15:44 - 2014-06-11 11:18 - 00037376 _____ () C:\Windows\system32\ierzr.yxm
2014-06-09 09:25 - 2014-06-11 11:38 - 00000538 _____ () C:\BackupLoader.ini
2014-06-09 09:25 - 2014-06-02 20:26 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-05-19 01:32 - 2014-05-19 01:34 - 03187305 _____ () C:\Windows\umcat_01.db
2014-05-18 21:31 - 2014-05-18 21:31 - 00615916 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0D56.txt
2014-05-18 21:31 - 2014-05-18 21:31 - 00012400 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0D56.txt
2014-05-16 08:19 - 2014-06-10 00:54 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp(174)
2014-05-16 08:10 - 2014-05-16 08:10 - 00000000 ____D () C:\$RECYCLE(70).BIN
2014-05-15 21:00 - 2014-05-15 21:01 - 00615938 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0B5D.txt
2014-05-15 21:00 - 2014-05-15 21:01 - 00012400 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0B5D.txt
2014-05-15 20:56 - 2014-05-15 20:57 - 00616716 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0846.txt
2014-05-15 20:56 - 2014-05-15 20:57 - 00012432 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0846.txt
2014-05-15 19:54 - 2014-05-15 19:56 - 00616324 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI596C.txt
2014-05-15 19:54 - 2014-05-15 19:56 - 00012416 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI596C.txt
2014-05-15 19:31 - 2014-05-07 09:19 - 05200039 ____R (Swearware) C:\Users\Admin\Documents\ComboFix.exe
2014-05-15 19:26 - 2014-05-15 19:26 - 00026734 _____ () C:\Users\Admin\Documents\cc_20140515_192633.reg
2014-05-15 19:04 - 2014-06-11 11:39 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-05-15 19:04 - 2014-06-10 03:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-15 19:04 - 2014-06-09 09:25 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-05-15 19:04 - 2014-06-09 09:25 - 00000942 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-15 19:04 - 2014-06-09 09:25 - 00000930 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-05-15 19:04 - 2014-05-15 19:04 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-15 19:03 - 2014-06-10 23:01 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-05-15 18:57 - 2014-05-15 18:58 - 00618418 _____ () C:\Windows\dd_vcredistMSI2D36.txt
2014-05-15 18:57 - 2014-05-15 18:58 - 00012408 _____ () C:\Windows\dd_vcredistUI2D36.txt
2014-05-15 18:34 - 2014-05-15 18:35 - 00617822 _____ () C:\Windows\dd_vcredistMSI1C1E.txt
2014-05-15 18:34 - 2014-05-15 18:35 - 00014332 _____ () C:\Windows\dd_vcredistUI1C1E.txt
2014-05-15 18:24 - 2014-05-15 18:25 - 00616772 _____ () C:\Windows\dd_vcredistMSI143C.txt
2014-05-15 18:24 - 2014-05-15 18:25 - 00014284 _____ () C:\Windows\dd_vcredistUI143C.txt
2014-05-15 17:33 - 2014-06-11 11:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 17:33 - 2014-06-10 03:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 17:33 - 2014-06-10 03:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 17:33 - 2014-06-09 23:40 - 00000952 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 17:33 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-15 17:24 - 2014-05-15 17:25 - 00616066 _____ () C:\Windows\dd_vcredistMSI65E7.txt
2014-05-15 17:24 - 2014-05-15 17:25 - 00012312 _____ () C:\Windows\dd_vcredistUI65E7.txt
2014-05-15 14:38 - 2014-05-15 14:38 - 00000000 ____D () C:\Windows\system32\config\HiveBackup
 
==================== One Month Modified Files and Folders =======
 
2014-06-11 15:32 - 2014-06-11 15:32 - 00016743 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-11 15:32 - 2014-06-11 15:31 - 00000000 ____D () C:\FRST
2014-06-11 15:32 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp
2014-06-11 15:29 - 2014-06-11 15:28 - 02081792 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-06-11 13:37 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 13:37 - 2006-11-02 10:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 11:49 - 2014-05-15 17:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 11:40 - 2014-06-10 12:57 - 00048709 ____N () C:\Windows\WindowsUpdate.log
2014-06-11 11:39 - 2014-05-15 19:04 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-06-11 11:38 - 2014-06-09 09:25 - 00000538 _____ () C:\BackupLoader.ini
2014-06-11 11:37 - 2014-06-11 11:37 - 00000296 _____ () C:\Windows\system32\spsys.log
2014-06-11 11:37 - 2014-05-05 19:06 - 00408608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-11 11:37 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-11 11:31 - 2014-05-07 09:24 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 11:23 - 2014-04-24 20:04 - 00000079 _____ () C:\Windows\system32\edsthc.ylh
2014-06-11 11:18 - 2014-06-09 15:44 - 00037376 _____ () C:\Windows\system32\ierzr.yxm
2014-06-11 11:18 - 2014-04-24 19:37 - 00000211 _____ () C:\Windows\system32\mxglci.geh
2014-06-11 10:52 - 2006-11-02 10:42 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-11 10:48 - 2013-12-10 22:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 10:48 - 2013-12-05 00:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 00:00 - 2014-06-11 00:00 - 00000000 ____D () C:\Users\Admin\AppData\Local\{161FF11B-290B-48AD-9C94-212BFF28C38B}
2014-06-10 23:01 - 2014-05-15 19:03 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-06-10 22:50 - 2014-06-10 22:46 - 00002036 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-10 22:46 - 2014-06-10 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-10 22:46 - 2009-06-15 10:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-06-10 22:45 - 2009-06-15 10:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-10 22:43 - 2013-12-10 22:48 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-10 22:43 - 2013-12-10 22:48 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-10 14:53 - 2014-04-28 20:33 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-10 14:36 - 2014-06-10 14:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-10 14:31 - 2014-06-10 14:31 - 00001840 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-10 14:31 - 2014-06-10 14:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software
2014-06-10 14:31 - 2014-06-10 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-10 14:31 - 2014-06-10 14:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-10 14:31 - 2014-06-10 14:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-10 14:31 - 2014-06-10 14:29 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-06-10 14:29 - 2014-06-10 14:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402428695708
2014-06-10 14:29 - 2014-06-10 14:29 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-10 14:29 - 2014-06-10 14:29 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-10 14:29 - 2014-06-10 14:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-10 14:29 - 2014-06-10 14:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-10 14:29 - 2014-06-10 14:29 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-06-10 14:29 - 2014-06-10 14:29 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys.1402428695708
2014-06-10 14:29 - 2014-06-10 14:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-10 14:29 - 2014-06-10 14:29 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-10 14:28 - 2014-06-10 14:28 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-10 14:27 - 2014-06-10 14:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-10 14:20 - 2014-06-10 14:20 - 00000000 ____D () C:\OETemp
2014-06-10 14:16 - 2012-09-04 12:08 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 14:04 - 2014-06-10 14:04 - 00000000 ____D () C:\Users\AppData\AppData\Local\temp
2014-06-10 13:56 - 2006-11-02 07:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-10 09:05 - 2014-04-29 19:39 - 00000000 ____D () C:\Users\Admin\Documents\RK_Quarantine
2014-06-10 08:54 - 2014-06-09 23:52 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-10 08:48 - 2014-06-10 08:46 - 00000000 ____D () C:\AdwCleaner
2014-06-10 08:31 - 2014-06-10 08:31 - 00000000 ____D () C:\Windows\ERUNT
2014-06-10 03:23 - 2006-11-02 07:46 - 00795200 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 03:17 - 2009-03-09 15:33 - 00000000 ____D () C:\Users\Admin
2014-06-10 03:16 - 2013-07-09 09:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DiskDefrag
2014-06-10 03:16 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-06-10 03:15 - 2006-11-02 07:33 - 92012544 _____ () C:\Windows\system32\config\software_previous
2014-06-10 03:15 - 2006-11-02 07:33 - 53477376 _____ () C:\Windows\system32\config\components_previous
2014-06-10 03:15 - 2006-11-02 07:33 - 22544384 _____ () C:\Windows\system32\config\system_previous
2014-06-10 03:15 - 2006-11-02 07:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-06-10 03:15 - 2006-11-02 07:33 - 00053248 _____ () C:\Windows\system32\config\sam_previous
2014-06-10 03:15 - 2006-11-02 07:33 - 00024576 _____ () C:\Windows\system32\config\security_previous
2014-06-10 03:08 - 2014-05-15 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-06-10 03:08 - 2014-05-15 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 03:08 - 2014-05-15 17:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 03:08 - 2014-04-25 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-10 03:08 - 2013-11-06 02:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-10 03:08 - 2013-08-12 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-10 03:08 - 2010-10-16 16:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Disk Cleaner
2014-06-10 03:08 - 2010-06-05 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-10 03:08 - 2009-02-24 04:05 - 00000000 ____D () C:\Windows\system32\nn-NO
2014-06-10 03:08 - 2009-02-24 03:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-10 03:08 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-06-10 03:08 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\spool
2014-06-10 03:08 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\registration
2014-06-10 02:51 - 2014-06-10 02:51 - 00116160 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-10 02:28 - 2011-10-01 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-06-10 01:40 - 2014-06-10 01:39 - 00618580 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI02AF.txt
2014-06-10 01:40 - 2014-06-10 01:39 - 00015608 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI02AF.txt
2014-06-10 01:38 - 2011-10-01 19:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-06-10 01:34 - 2013-07-10 11:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-10 01:28 - 2010-07-22 20:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\GlarySoft
2014-06-10 01:00 - 2011-10-01 19:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-10 00:54 - 2014-05-16 08:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp(174)
2014-06-10 00:18 - 2014-05-01 12:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-06-09 23:45 - 2014-06-09 23:44 - 00617130 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI2A18.txt
2014-06-09 23:45 - 2014-06-09 23:44 - 00012448 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI2A18.txt
2014-06-09 23:40 - 2014-05-15 17:33 - 00000952 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-09 09:25 - 2014-05-15 19:04 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-06-09 09:25 - 2014-05-15 19:04 - 00000942 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-06-09 09:25 - 2014-05-15 19:04 - 00000930 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-06-06 09:06 - 2014-04-24 19:38 - 00037888 _____ () C:\Windows\system32\ohayhgz.moe
2014-06-04 14:40 - 2009-03-10 11:35 - 00000000 ____D () C:\Users\Admin\Documents\SCA
2014-06-02 20:26 - 2014-06-09 09:25 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-05-19 07:17 - 2011-10-01 19:10 - 00946601 _____ () C:\Users\Admin\AppData\Local\census.cache
2014-05-19 07:17 - 2011-10-01 19:09 - 00160990 _____ () C:\Users\Admin\AppData\Local\ars.cache
2014-05-19 01:34 - 2014-05-19 01:32 - 03187305 _____ () C:\Windows\umcat_01.db
2014-05-18 21:31 - 2014-05-18 21:31 - 00615916 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0D56.txt
2014-05-18 21:31 - 2014-05-18 21:31 - 00012400 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0D56.txt
2014-05-18 20:42 - 2009-03-10 08:43 - 00001460 _____ () C:\Users\Admin\AppData\Local\d3d9caps64.dat
2014-05-16 08:10 - 2014-05-16 08:10 - 00000000 ____D () C:\$RECYCLE(70).BIN
2014-05-15 22:14 - 2014-05-02 07:37 - 00002974 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-05-15 21:01 - 2014-05-15 21:00 - 00615938 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0B5D.txt
2014-05-15 21:01 - 2014-05-15 21:00 - 00012400 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0B5D.txt
2014-05-15 20:57 - 2014-05-15 20:56 - 00616716 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI0846.txt
2014-05-15 20:57 - 2014-05-15 20:56 - 00012432 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI0846.txt
2014-05-15 19:56 - 2014-05-15 19:54 - 00616324 _____ () C:\Users\Admin\AppData\Local\dd_vcredistMSI596C.txt
2014-05-15 19:56 - 2014-05-15 19:54 - 00012416 _____ () C:\Users\Admin\AppData\Local\dd_vcredistUI596C.txt
2014-05-15 19:26 - 2014-05-15 19:26 - 00026734 _____ () C:\Users\Admin\Documents\cc_20140515_192633.reg
2014-05-15 19:09 - 2012-09-04 10:56 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 19:09 - 2011-08-14 18:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 19:07 - 2008-05-13 21:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-15 19:06 - 2012-09-05 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-05-15 19:04 - 2014-05-15 19:04 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-15 19:04 - 2013-06-15 20:08 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-05-15 18:58 - 2014-05-15 18:57 - 00618418 _____ () C:\Windows\dd_vcredistMSI2D36.txt
2014-05-15 18:58 - 2014-05-15 18:57 - 00012408 _____ () C:\Windows\dd_vcredistUI2D36.txt
2014-05-15 18:35 - 2014-05-15 18:34 - 00617822 _____ () C:\Windows\dd_vcredistMSI1C1E.txt
2014-05-15 18:35 - 2014-05-15 18:34 - 00014332 _____ () C:\Windows\dd_vcredistUI1C1E.txt
2014-05-15 18:25 - 2014-05-15 18:24 - 00616772 _____ () C:\Windows\dd_vcredistMSI143C.txt
2014-05-15 18:25 - 2014-05-15 18:24 - 00014284 _____ () C:\Windows\dd_vcredistUI143C.txt
2014-05-15 18:16 - 2006-11-02 07:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-15 17:33 - 2011-10-01 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 17:25 - 2014-05-15 17:24 - 00616066 _____ () C:\Windows\dd_vcredistMSI65E7.txt
2014-05-15 17:25 - 2014-05-15 17:24 - 00012312 _____ () C:\Windows\dd_vcredistUI65E7.txt
2014-05-15 14:38 - 2014-05-15 14:38 - 00000000 ____D () C:\Windows\system32\config\HiveBackup
2014-05-12 07:26 - 2014-05-15 17:33 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:26 - 2014-04-25 00:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2011-10-01 19:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\@
C:\Windows\assembly\tmp\cfg.ini
C:\Windows\assembly\tmp\lsflt7.ver
 
Files to move or delete:
====================
C:\Users\Admin\dxdllreg.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2009-05-30 06:43] - [2009-04-11 02:11] - 0723968 ____A (Microsoft Corporation) 7BA52C111735CEEE51B34776BAD82037
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-11 11:43
 
==================== End Of Log ============================
 
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014 01
Ran by Admin at 2014-06-11 15:33:34
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{914F7627-B645-9895-F723-BAEAAC865E75}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Atheros Client Utility (HKLM-x32\...\{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}) (Version: 7.7 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 7.7 - Atheros)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.07(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}) (Version: 2.2.10 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{99A4344A-C723-4661-A507-D9D939480358}) (Version: 1.0.16 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{CD344FA5-6657-47CD-940F-8727EED35595}) (Version: 1.1.3 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.10.0 - Conexant)
CyberLink PowerCinema for TOSHIBA (x32 Version: 6.0.1616 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Disk Cleaner (remove only) (HKLM-x32\...\DiskCleaner) (Version:  - )
DJ_SF_03_D4300_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DVD MovieFactory for TOSHIBA (HKLM-x32\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
Glary Utilities 5.1 (HKLM-x32\...\Glary Utilities 5) (Version: 5.1.0.4 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version: 7.73.00 - Conexant Systems)
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3 (HKLM\...\{387D9916-BD27-480f-8CF0-3228832BBAA2}) (Version: 10.0 - HP)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 6 Update 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{5254156F-AA77-499A-B7C1-D5581D44E788}) (Version: 10.57.4.3 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.20.8730.4 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro Flash Memory Card Reader Driver (x64) (HKLM\...\{AE64AAFB-8C9A-482A-B2A9-3A420A65D5D5}) (Version: 3.23 - O2Micro)
PANTECH USB Modem V2 (HKLM\...\{1C336D20-A089-4818-9C56-96AD81BF5A11}) (Version: 1.2.4151.1109 - PANTECH CO.,LTD)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (Version: 2.0.2.64 - TOSHIBA) Hidden
TOSHIBA Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.50 - WildTangent)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}) (Version:  - )
TOSHIBA Hardware Setup (Version: 3.00.01.00 - TOSHIBA) Hidden
TOSHIBA PowerCinema Helper (HKLM-x32\...\{FB356619-7ECE-42BC-A28A-541973E29F28}) (Version: 1.00 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b for x64 - TOSHIBA Corporation)
Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Software Upgrades (HKLM-x32\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}) (Version:  - )
TOSHIBA Supervisor Password (Version: 3.00.01.00 - TOSHIBA) Hidden
TOSHIBA Value Added Package (Version: 1.1.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.1.19.64 - TOSHIBA Corporation) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.3374 - Microsoft Corporation) Hidden
Windows Migration Assistant (HKLM-x32\...\{1A3A92EC-A218-4FEE-8A51-05BCD409A048}) (Version: 1.0.5.6 - Apple Inc.)
 
==================== Restore Points  =========================
 
10-06-2014 05:53:49 Restore Operation
10-06-2014 06:23:30 Windows Update
10-06-2014 06:46:00 Windows Update
10-06-2014 06:49:42 Windows Update
10-06-2014 06:51:14 Restore Operation
10-06-2014 06:58:17 Restore Operation
10-06-2014 07:43:33 Windows Update
10-06-2014 08:00:16 Windows Update
10-06-2014 08:02:15 Restore Operation
10-06-2014 08:31:25 Windows Update
10-06-2014 14:23:14 Windows Update
10-06-2014 17:47:49 Windows Update
10-06-2014 19:28:33 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2011-10-01 21:28 - 2014-06-10 13:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1599547B-2DFD-447C-9C99-2D19B14D5FF1} - System32\Tasks\{1751309A-64FC-429C-A36B-605FA662BC78} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {20628802-42FE-4C92-AA3C-D2384B240DE6} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {23E20C6F-F237-453F-BABF-C028928850E3} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {669C9A9A-35A6-487C-A26B-1FE07B216227} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-10] (AVAST Software)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9FFE3909-1161-4238-8C85-99A60DE81B0B} - System32\Tasks\{0BEA3C2E-45DC-4E95-96BC-CF2B230D9DDA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {A18CE602-5525-418F-BB1B-8149A7D135CB} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-06-02] (Glarysoft Ltd)
Task: {A469BF70-7163-4BC3-8E9C-E5BA2F6DDC00} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
Task: {C86DC14B-9C5A-4C07-AC90-E3870B09C261} - System32\Tasks\{23331D86-63C5-4A92-96A7-82ADD63FBD56} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {C9BAF018-A0E0-4CF3-ACCE-797944E2956C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {CA866663-2913-4256-ADE7-0ACF97769B29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F9D82AD6-CDDA-4854-9F61-BDCE4BD130E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)
Task: {FB6FF0F6-4ED0-47F5-A638-5ECF3A380C84} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-04 02:36 - 2012-07-04 02:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2008-05-13 21:22 - 2007-01-25 20:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
2008-05-13 21:22 - 2007-10-23 18:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2008-04-24 21:25 - 2008-04-24 21:25 - 00135680 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 07553024 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 21:25 - 2008-04-24 21:25 - 01032704 _____ () C:\Windows\system32\FaceRec.dll
2012-07-04 00:09 - 2012-07-04 00:09 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-11 10:49 - 2014-06-11 10:49 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061100\algo.dll
2014-06-10 14:29 - 2014-06-10 14:29 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-10 22:45 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-10 22:45 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-10 22:45 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml:OECustomProperty
AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: iTunesHelper => 
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => 
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2014 11:37:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2014 11:32:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = ComboFix created restore point; Hr = 0x8007043c).
 
Error: (06/11/2014 11:32:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c.
 
 
Operation:
   Instantiating VSS server
 
Error: (06/11/2014 11:32:01 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started during Safe Mode. 
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c]
 
 
Operation:
   Instantiating VSS server
 
Error: (06/11/2014 11:26:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47919291, faulting module ieframe.dll, version 9.0.8112.16545, time stamp 0x531a96d4, exception code 0xc0000005, fault offset 0x0000000000132807,
process id 0x8c0, application start time 0xsvchost.exe0.
 
Error: (06/11/2014 11:13:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2014 11:13:31 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (06/11/2014 11:04:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2014 11:03:38 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (06/11/2014 10:57:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (06/11/2014 11:37:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (06/11/2014 11:37:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: TOSHIBA Optical Disc Drive Service%%2
 
Error: (06/11/2014 11:37:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Apple Mobile Device%%1053
 
Error: (06/11/2014 11:37:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Apple Mobile Device
 
Error: (06/11/2014 11:32:01 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (06/11/2014 11:25:15 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (06/11/2014 11:13:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
Beep
spldr
Wanarpv6
 
Error: (06/11/2014 11:13:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068
 
Error: (06/11/2014 11:13:34 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (06/11/2014 11:13:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\system32\athihvs.dll21
 
 
Microsoft Office Sessions:
=========================
Error: (06/11/2014 11:37:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2014 11:32:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
 
Error: (06/11/2014 11:32:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c
 
Operation:
   Instantiating VSS server
 
Error: (06/11/2014 11:32:01 AM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x8007043c
 
Operation:
   Instantiating VSS server
 
Error: (06/11/2014 11:26:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.0.6001.1800047919291ieframe.dll9.0.8112.16545531a96d4c000000500000000001328078c001cf8590c8ff82a9
 
Error: (06/11/2014 11:13:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2014 11:13:31 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (06/11/2014 11:04:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/11/2014 11:03:38 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (06/11/2014 10:57:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-11 15:33:22.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 15:33:21.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 15:33:20.482
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 15:33:19.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 15:33:18.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 15:33:17.479
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 15:33:16.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 15:33:15.661
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 15:33:14.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-11 15:33:13.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 41%
Total physical RAM: 3837.41 MB
Available physical RAM: 2235.01 MB
Total Pagefile: 7887.35 MB
Available Pagefile: 6184.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (SQ004732V03) (Fixed) (Total:288.67 GB) (Free:198.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 445C445B)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

   

 

 

Run FRST one more time:

 

Type the following in the edit box after "Search:".

 

rpcss.dll

 

Click Search button and post the log (Search.txt) it makes to your reply.

 

Kevin

Link to post
Share on other sites

Here ya go

TFarbar Recovery Scan Tool (x64) Version: 18-06-2014

Ran by Admin at 2014-06-19 12:34:23
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll
[2009-05-30 06:43][2009-04-11 02:11] 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_c6259b510f93cd21\rpcss.dll
[2009-04-17 11:25][2009-03-02 23:59] 0717824 ____A (Microsoft Corporation) 857E04C16007E60FCC0803239C853E78 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_c5d9dd2ff64839ac\rpcss.dll
[2009-04-17 11:25][2009-03-02 23:57] 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777ff63d6f72\rpcss.dll
[2008-01-20 21:51][2008-01-20 21:51] 0713728 ____A (Microsoft Corporation) FF27BE0BA7B3C48D5C99AFCB56D436C2 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129912422fc2\rpcss.dll
[2009-04-17 11:25][2009-03-02 23:35] 0724992 ____A (Microsoft Corporation) 54FF562C2710BB610B019D723B16FB2A [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_c3e2cce1f92f2ca2\rpcss.dll
[2009-04-17 11:25][2009-03-02 23:40] 0724992 ____A (Microsoft Corporation) 007F8DE7AC0F9386C3FD2EC7DC87C37A [File is signed]
 
C:\Windows\System32\rpcss.dll
[2009-05-30 06:43][2009-04-11 02:11] 0723968 ____A (Microsoft Corporation) 7BA52C111735CEEE51B34776BAD82037
 

====== End Of Search ======hanks

 

 

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Let me see those two logs, also give an update on any remaining issues or concerns

 

Kevin

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014

Ran by Admin at 2014-06-20 07:35:57 Run:1

Running from C:\Users\Admin\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll C:\Windows\System32\rpcss.dll

Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

S3 Tosrfcom; No ImagePath

S1 meofboht; \??\C:\Windows\system32\drivers\meofboht.sys [X]

C:\Windows\system32\drivers\meofboht.sys

2014-06-11 11:23 - 2014-04-24 20:04 - 00000079 _____ () C:\Windows\system32\edsthc.ylh

2014-06-11 11:18 - 2014-06-09 15:44 - 00037376 _____ () C:\Windows\system32\ierzr.yxm

2014-06-11 11:18 - 2014-04-24 19:37 - 00000211 _____ () C:\Windows\system32\mxglci.geh

C:\Windows\assembly\tmp

C:\Windows\assembly\tmp\@

C:\Windows\assembly\tmp\cfg.ini

C:\Windows\assembly\tmp\lsflt7.ver

C:\Users\Admin\dxdllreg.exe

Task: {20628802-42FE-4C92-AA3C-D2384B240DE6} - \Express FilesUpdate No Task File <==== ATTENTION

AlternateDataStreams: C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml:OECustomProperty

AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

End

*****************

 

C:\Windows\System32\rpcss.dll => Moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

Tosrfcom => Service deleted successfully.

meofboht => Service deleted successfully.

"C:\Windows\system32\drivers\meofboht.sys" => File/Directory not found.

C:\Windows\system32\edsthc.ylh => Moved successfully.

C:\Windows\system32\ierzr.yxm => Moved successfully.

Could not move "C:\Windows\system32\mxglci.geh" => Scheduled to move on reboot.

C:\Windows\assembly\tmp => Moved successfully.

"C:\Windows\assembly\tmp\@" => File/Directory not found.

"C:\Windows\assembly\tmp\cfg.ini" => File/Directory not found.

"C:\Windows\assembly\tmp\lsflt7.ver" => File/Directory not found.

C:\Users\Admin\dxdllreg.exe => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20628802-42FE-4C92-AA3C-D2384B240DE6}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20628802-42FE-4C92-AA3C-D2384B240DE6}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate' => Key deleted successfully.

C:\Users\Admin\Documents\SLC Sandestin condo rooming list.eml => ":OECustomProperty" ADS removed successfully.

C:\ProgramData\TEMP => ":07F6D9E4" ADS removed successfully.

C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-20 07:38:21)<=

 

C:\Windows\system32\mxglci.geh => Is moved successfully.

 

==== End of Fixlog ====

 

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/20/2014

Scan Time: 08:12:14 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.20.06

Rootkit Database: v2014.06.19.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x64

File System: NTFS

User: Admin

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 296369

Time Elapsed: 23 min, 36 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)


 

 

Link to post
Share on other sites

Everything seems to be working fine! Any programs you recommend to speedup or optimize computer? Can I delete FRST and the files it created or do I need to save?

Where do you think this infection came from?(dont do porn,piracy,etc) Thanks again for your help. Will send donation to kevinf80 email by paypal.

Link to post
Share on other sites

The infection can be picked up many ways, infected websites, spoof emails, piggybacked software or other types of downloads, any type of P2P actions etc etc...

 

Before we clean up tools etc we need one more scan to ensure your system is clean:

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Thank you,

 

Kevin...

Link to post
Share on other sites

C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD Win64/Patched.H trojan

C:\Users\Admin\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

 

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\Users\Admin\Downloads\ccsetup414.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\ApnIC[1].0C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\ApnIC[1].0:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Let me see that log, also give an update on any remaining issues or concerns, if none please say so.....

 

Kevin

Link to post
Share on other sites

OTM FILE

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
C:\Users\Admin\Downloads\ccsetup414.exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\ApnIC[1].0 moved successfully.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\ApnIC[1].0 not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 11484272 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6885941 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 598 bytes
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 6440813 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 131170932 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 149.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 06202014_165852
 
Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

The following tool should clean up tools that we have used, also related files and folders. Any that remain can be deleted...

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we can close out....

 

It was a pleasure to work with you, take care and surf safe.....

 

Kevin... ;)

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.