Jump to content

ICE Infection


mjbaran

Recommended Posts

I've read the initial steps, here's my FRST.TXT:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014

Ran by SYSTEM on MINWINPC on 11-09-2014 21:11:13

Running from g:\

Platform: Windows Vista Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6156288 2008-04-08] (Realtek Semiconductor)

HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-06-02] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-05-09] (TOSHIBA Corporation)

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)

HKLM-x32\...\Run: [NDSTray.exe] => NDSTray.exe

HKLM-x32\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe

HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)

HKLM-x32\...\Run: [sBC_McciTrayApp] => "C:\Program Files (x86)\SBC\update\SST.exe"

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)

HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [585728 2011-01-07] ()

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?

HKU\Alex\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)

HKU\Alex\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKU\Alex\...\Run: [Facebook Update] => "C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

HKU\Alex\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKU\Alex\...\Run: [Google Update] => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-03] (Google Inc.)

HKU\Alex\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKU\Alex\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex

HKU\Alex\...\Policies\system: [LogonHoursAction] 2

HKU\Alex\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Bonita\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKU\Bonita\...\RunOnce: [Application Restart #0] => C:\Windows\System32\wpcumi.exe [182784 2006-11-02] (Microsoft Corporation)

HKU\Bonita\...\RunOnce: [Application Restart #1] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKU\Bonita\...\RunOnce: [Application Restart #2] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)

HKU\Bonita\...\Policies\system: [LogonHoursAction] 2

HKU\Bonita\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)

HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)

HKU\Mom & Dad\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\Mom & Dad\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\Mom & Dad\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

HKU\Mom & Dad\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)

HKU\Mom & Dad\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKU\Mom & Dad\...\Policies\system: [LogonHoursAction] 2

HKU\Mom & Dad\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Mom & Dad\...\Policies\Explorer: [HideSCAHealth] 1

Startup: C:\Users\Bonita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (No File)

Startup: C:\Users\Mom & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk

ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

Startup: C:\Users\Mom & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk

ShortcutTarget: program.lnk -> C:\ProgramData\540ED4E.cpp (Microsoft Corporation)

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicyUsers\S-1-5-21-3950572576-1964236272-3678751622-1002\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-3950572576-1964236272-3678751622-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)

S2 Winmgmt; C:\PROGRA~3\E4DE045.dot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63904 2013-10-10] ()

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2013-01-05] ()

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 KUSBusByTCPMasterBus; System32\Drivers\KUSBusByTCPMasterBus.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 SVRPEDRV; \??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [X]

S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 15:32 - 2014-09-11 21:03 - 00000000 ____D () C:\FRST

2014-09-11 00:22 - 2014-08-15 07:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-09-11 00:22 - 2014-08-15 07:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-09-11 00:22 - 2014-08-15 07:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-09-11 00:22 - 2014-08-15 07:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-09-11 00:22 - 2014-08-15 07:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-09-11 00:22 - 2014-08-15 07:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-09-11 00:22 - 2014-08-15 07:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2014-09-11 00:22 - 2014-08-15 07:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-09-11 00:22 - 2014-08-15 07:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2014-09-11 00:22 - 2014-08-15 07:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-09-11 00:22 - 2014-08-15 07:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-09-11 00:22 - 2014-08-15 07:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe

2014-09-11 00:22 - 2014-08-15 07:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2014-09-11 00:22 - 2014-08-15 06:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-11 00:22 - 2014-08-15 06:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-11 00:22 - 2014-08-15 06:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-11 00:22 - 2014-08-15 06:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-11 00:22 - 2014-08-15 06:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-11 00:22 - 2014-08-15 06:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-11 00:22 - 2014-08-15 06:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-11 00:22 - 2014-08-15 06:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-09-11 00:22 - 2014-08-15 06:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-11 00:22 - 2014-08-15 06:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-11 00:22 - 2014-08-15 06:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-11 00:22 - 2014-08-15 06:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-09-11 00:22 - 2014-08-15 06:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-09-09 10:02 - 2014-09-09 10:02 - 00000672 _____ () C:\Windows\wmsetup.log

2014-09-05 08:00 - 2014-09-05 08:00 - 00172848 _____ (Microsoft Corporation) C:\ProgramData\540ED4E.cpp

2014-08-28 00:01 - 2014-08-22 17:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-28 00:01 - 2014-08-22 16:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll

2014-08-28 00:01 - 2014-08-22 15:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2014-08-24 16:56 - 2014-08-24 16:07 - 131990903 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0010.mp4

2014-08-24 16:53 - 2014-08-24 16:53 - 00000116 _____ () C:\Users\Mom & Dad\Desktop\esetD95tyRE.url

2014-08-24 16:49 - 2014-08-24 16:11 - 61894285 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0012.mp4

2014-08-13 00:03 - 2014-06-26 14:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe

2014-08-13 00:03 - 2014-06-26 14:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-13 00:03 - 2014-06-26 14:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll

2014-08-13 00:03 - 2014-06-26 14:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-13 00:03 - 2014-06-26 14:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-13 00:03 - 2014-06-26 14:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll

2014-08-13 00:02 - 2014-06-05 20:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe

2014-08-13 00:02 - 2014-06-05 20:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-12 17:29 - 2014-06-13 16:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2014-08-12 17:29 - 2014-06-13 16:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll

2014-08-12 17:27 - 2014-07-07 17:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll

2014-08-12 17:27 - 2014-07-07 16:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-12 17:27 - 2014-06-02 13:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll

2014-08-12 17:27 - 2014-06-02 13:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll

2014-08-12 17:27 - 2014-06-02 13:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll

2014-08-12 17:27 - 2014-06-02 13:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2014-08-12 17:27 - 2014-06-02 12:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe

2014-08-12 17:27 - 2014-06-02 02:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-12 17:27 - 2014-06-02 02:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-12 17:27 - 2014-06-02 02:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 21:03 - 2014-09-11 15:32 - 00000000 ____D () C:\FRST

2014-09-11 17:46 - 2009-03-05 21:12 - 01533255 _____ () C:\Windows\WindowsUpdate.log

2014-09-11 17:41 - 2014-02-16 06:50 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job

2014-09-11 17:41 - 2014-02-16 06:50 - 00000462 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job

2014-09-11 17:41 - 2014-01-10 19:20 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2014-09-11 17:41 - 2011-03-04 10:50 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-11 17:40 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-11 17:40 - 2006-11-02 07:22 - 00003744 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-11 17:40 - 2006-11-02 07:22 - 00003744 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-11 11:07 - 2010-12-06 09:38 - 00000000 ____D () C:\Users\Mom & Dad\AppData\Roaming\Skype

2014-09-11 10:58 - 2012-08-03 13:36 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA.job

2014-09-11 10:58 - 2011-03-04 10:50 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-11 10:30 - 2006-11-02 07:27 - 00136318 _____ () C:\Windows\setupact.log

2014-09-11 10:12 - 2013-01-13 07:43 - 00000000 ___RD () C:\Users\Mom & Dad\Google Drive

2014-09-11 10:12 - 2011-03-04 12:24 - 00001356 _____ () C:\Users\Mom & Dad\AppData\Local\d3d9caps.dat

2014-09-11 10:00 - 2014-01-10 19:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-11 10:00 - 2013-01-01 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-11 09:50 - 2011-09-10 17:45 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA.job

2014-09-11 01:01 - 2013-01-01 12:13 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-11 01:00 - 2013-01-01 12:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-11 01:00 - 2011-11-08 18:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-11 00:49 - 2008-01-20 19:26 - 00893234 _____ () C:\Windows\PFRO.log

2014-09-11 00:47 - 2009-11-19 21:12 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-09-11 00:47 - 2006-11-02 07:42 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-11 00:21 - 2009-03-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-11 00:17 - 2010-08-07 13:39 - 00813038 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-11 00:17 - 2006-11-02 04:46 - 00813038 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-09-11 00:15 - 2014-08-09 01:41 - 00000000 ____D () C:\Windows\System32\MRT

2014-09-11 00:05 - 2006-11-02 04:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe

2014-09-10 23:00 - 2014-02-13 06:24 - 00000486 _____ () C:\Windows\Tasks\Scan most recently used file in the background (Spybot - Search & Destroy).job

2014-09-10 20:58 - 2012-08-03 13:36 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core.job

2014-09-10 12:49 - 2011-09-10 17:45 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core.job

2014-09-09 21:30 - 2014-01-10 19:20 - 00000630 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2014-09-09 10:02 - 2014-09-09 10:02 - 00000672 _____ () C:\Windows\wmsetup.log

2014-09-09 03:08 - 2009-03-14 20:47 - 00041984 _____ () C:\Users\Mom & Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-09-05 08:00 - 2014-09-05 08:00 - 00172848 _____ (Microsoft Corporation) C:\ProgramData\540ED4E.cpp

2014-09-03 13:10 - 2012-08-03 13:37 - 00002090 _____ () C:\Users\Alex\Desktop\Google Chrome.lnk

2014-09-02 21:31 - 2006-11-02 04:34 - 00450628 ____R () C:\Windows\System32\Drivers\etc\hosts.20140910-003037.backup

2014-09-02 03:20 - 2014-01-10 19:20 - 00000460 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

2014-08-28 00:23 - 2006-11-02 07:21 - 00415768 _____ () C:\Windows\System32\FNTCACHE.DAT

2014-08-26 21:30 - 2006-11-02 04:34 - 00450628 ____R () C:\Windows\System32\Drivers\etc\hosts.20140903-003146.backup

2014-08-24 16:53 - 2014-08-24 16:53 - 00000116 _____ () C:\Users\Mom & Dad\Desktop\esetD95tyRE.url

2014-08-24 16:11 - 2014-08-24 16:49 - 61894285 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0012.mp4

2014-08-24 16:07 - 2014-08-24 16:56 - 131990903 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0010.mp4

2014-08-22 17:05 - 2014-08-28 00:01 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 16:42 - 2014-08-28 00:01 - 00390144 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll

2014-08-22 15:38 - 2014-08-28 00:01 - 02782208 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2014-08-22 14:06 - 2014-08-08 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-08-19 21:30 - 2006-11-02 04:34 - 00450628 ____R () C:\Windows\System32\Drivers\etc\hosts.20140827-003036.backup

2014-08-15 07:48 - 2014-09-11 00:22 - 17868288 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-08-15 07:36 - 2014-09-11 00:22 - 10920960 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-08-15 07:35 - 2014-09-11 00:22 - 02339328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-08-15 07:31 - 2014-09-11 00:22 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-08-15 07:31 - 2014-09-11 00:22 - 01384960 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-08-15 07:30 - 2014-09-11 00:22 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-08-15 07:30 - 2014-09-11 00:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2014-08-15 07:30 - 2014-09-11 00:22 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 02156032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-08-15 07:29 - 2014-09-11 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2014-08-15 07:28 - 2014-09-11 00:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-08-15 07:28 - 2014-09-11 00:22 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-08-15 07:28 - 2014-09-11 00:22 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe

2014-08-15 07:28 - 2014-09-11 00:22 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2014-08-15 06:51 - 2014-09-11 00:22 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-15 06:42 - 2014-09-11 00:22 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-15 06:42 - 2014-09-11 00:22 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-15 06:37 - 2014-09-11 00:22 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-15 06:37 - 2014-09-11 00:22 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-15 06:36 - 2014-09-11 00:22 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-15 06:35 - 2014-09-11 00:22 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-15 06:35 - 2014-09-11 00:22 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-08-15 06:34 - 2014-09-11 00:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-15 06:34 - 2014-09-11 00:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-15 06:34 - 2014-09-11 00:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-15 06:34 - 2014-09-11 00:22 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-08-15 06:34 - 2014-09-11 00:22 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-08-13 16:13 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache

2014-08-12 21:30 - 2006-11-02 04:34 - 00450628 ____R () C:\Windows\System32\Drivers\etc\hosts.20140820-003034.backup

2014-08-12 10:18 - 2013-01-26 15:48 - 00000000 ____D () C:\Temp

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-3950572576-1964236272-3678751622-1000\$279896eb0829f75e17013cf93b5d347f

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f

Files to move or delete:

====================

C:\ProgramData\sysqcl1129139270.dat

Some content of TEMP:

====================

C:\Users\Alex\AppData\Local\Temp\aol_toolbar.exe

C:\Users\Alex\AppData\Local\Temp\ApnStub.exe

C:\Users\Alex\AppData\Local\Temp\AskSLib.dll

C:\Users\Alex\AppData\Local\Temp\D2M-Precheck.exe

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate01.exe

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate02.exe

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate03.exe

C:\Users\Alex\AppData\Local\Temp\fpouk3uu.dll

C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_is194D.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_is353A.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_is3604.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_is8826.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_isC42F.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_isCF9A.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_isE288.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (whitelisted) =============

==================== Restore Points =========================

Restore point made on: 2014-09-08 21:05:51

Restore point made on: 2014-09-08 23:01:30

Restore point made on: 2014-09-09 21:01:05

Restore point made on: 2014-09-10 21:01:28

Restore point made on: 2014-09-11 00:01:20

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 3963.07 MB

Available physical RAM: 3376.26 MB

Total Pagefile: 3714.56 MB

Available Pagefile: 3349.71 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Drives ================================

Drive c: (SQ004817V03) (Fixed) (Total:139.51 GB) (Free:40.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.29 GB) NTFS

Drive g: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 5A2D976F)

Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)

Partition 2: (Active) - (Size=139.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=8.1 GB) - (Type=17)

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 967.5 MB) (Disk ID: ED232C4D)

Partition 1: (Active) - (Size=967 MB) - (Type=06)

LastRegBack: 2014-09-11 17:47

==================== End Of Log ============================

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Next,

 

See if your system will now boot to normal mode, if so continue as follows....

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 


  •  

     


  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

     


  • Press Scan button.

     

     


  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

     


  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

     

     



 

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 

 


  •  

     


  • Internet Services

     

     


  • Windows Firewall

     

     


  • System Restore

     

     


  • Security Center/Action Center

     

     


  • Windows Update

     

     


  • Windows Defender

     

     



 

 

 


  •  

     


  • Press "Scan".

     

     


  • It will create a log (FSS.txt) in the same directory the tool is run.

     

     


  • Please copy and paste the log to your reply.

     

     



 

 

Let me see those logs in your next reply...

 

Kevin...

fixlist.txt

Link to post
Share on other sites

Thanks Kevin. Here's the fixlog.

I successfully restarted Windows on my infected system, but the virus was still there and locked me out before I could run the scan. When I powered down and tried to restart, I got error messages indicating that system dll files had been illegally relocated in memory (ATBroker, UILogin and ScrnSaver among others). Currently Windows will not start. Attempting System Restore.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014

Ran by SYSTEM at 2014-09-12 08:31:13 Run:1

Running from g:\

Boot Mode: Recovery

==============================================

Content of fixlist:

*****************

Start

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?

GroupPolicyUsers\S-1-5-21-3950572576-1964236272-3678751622-1002\User: Group Policy restriction detected <======= ATTENTION

GroupPolicyUsers\S-1-5-21-3950572576-1964236272-3678751622-1001\User: Group Policy restriction detected <======= ATTENTION

S2 Winmgmt; C:\PROGRA~3\E4DE045.dot [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 KUSBusByTCPMasterBus; System32\Drivers\KUSBusByTCPMasterBus.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 SVRPEDRV; \??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [X]

S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]

C:\$Recycle.Bin\S-1-5-21-3950572576-1964236272-3678751622-1000\$279896eb0829f75e17013cf93b5d347f

C:\$Recycle.Bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f

C:\ProgramData\sysqcl1129139270.dat

C:\Users\Alex\AppData\Local\Temp\aol_toolbar.exe

C:\Users\Alex\AppData\Local\Temp\ApnStub.exe

C:\Users\Alex\AppData\Local\Temp\AskSLib.dll

C:\Users\Alex\AppData\Local\Temp\D2M-Precheck.exe

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate01.exe

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate02.exe

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate03.exe

C:\Users\Alex\AppData\Local\Temp\fpouk3uu.dll

C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_is194D.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_is353A.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_is3604.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_is8826.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_isC42F.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_isCF9A.exe

C:\Users\Mom & Dad\AppData\Local\Temp\_isE288.exe

End

*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.

C:\Windows\System32\GroupPolicyUsers\S-1-5-21-3950572576-1964236272-3678751622-1002\User => Moved successfully.

C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.

C:\Windows\System32\GroupPolicyUsers\S-1-5-21-3950572576-1964236272-3678751622-1001\User => Moved successfully.

Winmgmt => Service restored successfully.

IpInIp => Service deleted successfully.

KUSBusByTCPMasterBus => Service deleted successfully.

NwlnkFlt => Service deleted successfully.

NwlnkFwd => Service deleted successfully.

SVRPEDRV => Service deleted successfully.

sxuptp => Service deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3950572576-1964236272-3678751622-1000\$279896eb0829f75e17013cf93b5d347f => Directory moved successfully.

C:\$Recycle.Bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f => Deleted successfully.

C:\ProgramData\sysqcl1129139270.dat => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\aol_toolbar.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\ApnStub.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\AskSLib.dll => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\D2M-Precheck.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate01.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate02.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\FlashPlayerUpdate03.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\fpouk3uu.dll => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.

C:\Users\Mom & Dad\AppData\Local\Temp\_is194D.exe => Moved successfully.

C:\Users\Mom & Dad\AppData\Local\Temp\_is353A.exe => Moved successfully.

C:\Users\Mom & Dad\AppData\Local\Temp\_is3604.exe => Moved successfully.

C:\Users\Mom & Dad\AppData\Local\Temp\_is8826.exe => Moved successfully.

C:\Users\Mom & Dad\AppData\Local\Temp\_isC42F.exe => Moved successfully.

C:\Users\Mom & Dad\AppData\Local\Temp\_isCF9A.exe => Moved successfully.

C:\Users\Mom & Dad\AppData\Local\Temp\_isE288.exe => Moved successfully.

==== End of Fixlog ====

*****************************************************************************************************************************

*****************************************************************************************************************************

Link to post
Share on other sites

Done. Here's the log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014

Ran by SYSTEM on MINWINPC on 12-09-2014 11:35:49

Running from g:\

Platform: Windows Vista Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6156288 2008-04-08] (Realtek Semiconductor)

HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-06-02] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-05-09] (TOSHIBA Corporation)

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)

HKLM-x32\...\Run: [NDSTray.exe] => NDSTray.exe

HKLM-x32\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe

HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)

HKLM-x32\...\Run: [sBC_McciTrayApp] => "C:\Program Files (x86)\SBC\update\SST.exe"

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)

HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [585728 2011-01-07] ()

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\Alex\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)

HKU\Alex\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKU\Alex\...\Run: [Facebook Update] => "C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

HKU\Alex\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKU\Alex\...\Run: [Google Update] => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-03] (Google Inc.)

HKU\Alex\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKU\Alex\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex

HKU\Alex\...\Policies\system: [LogonHoursAction] 2

HKU\Alex\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Bonita\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKU\Bonita\...\RunOnce: [Application Restart #0] => C:\Windows\System32\wpcumi.exe [182784 2006-11-02] (Microsoft Corporation)

HKU\Bonita\...\RunOnce: [Application Restart #1] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKU\Bonita\...\RunOnce: [Application Restart #2] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)

HKU\Bonita\...\Policies\system: [LogonHoursAction] 2

HKU\Bonita\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)

HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)

HKU\Mom & Dad\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\Mom & Dad\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\Mom & Dad\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

HKU\Mom & Dad\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)

HKU\Mom & Dad\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKU\Mom & Dad\...\Policies\Explorer: [HideSCAHealth] 1

Startup: C:\Users\Bonita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (No File)

Startup: C:\Users\Mom & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk

ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

Startup: C:\Users\Mom & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk

ShortcutTarget: program.lnk -> C:\ProgramData\540ED4E.cpp (Microsoft Corporation)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)

S2 Winmgmt; C:\PROGRA~3\E4DE045.dot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63904 2013-10-10] ()

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2013-01-05] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 15:32 - 2014-09-12 11:35 - 00000000 ____D () C:\FRST

2014-09-11 00:22 - 2014-08-15 07:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-09-11 00:22 - 2014-08-15 07:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-09-11 00:22 - 2014-08-15 07:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-09-11 00:22 - 2014-08-15 07:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-09-11 00:22 - 2014-08-15 07:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-09-11 00:22 - 2014-08-15 07:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-09-11 00:22 - 2014-08-15 07:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2014-09-11 00:22 - 2014-08-15 07:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-09-11 00:22 - 2014-08-15 07:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2014-09-11 00:22 - 2014-08-15 07:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-09-11 00:22 - 2014-08-15 07:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-09-11 00:22 - 2014-08-15 07:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe

2014-09-11 00:22 - 2014-08-15 07:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2014-09-11 00:22 - 2014-08-15 06:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-11 00:22 - 2014-08-15 06:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-11 00:22 - 2014-08-15 06:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-11 00:22 - 2014-08-15 06:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-11 00:22 - 2014-08-15 06:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-11 00:22 - 2014-08-15 06:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-11 00:22 - 2014-08-15 06:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-11 00:22 - 2014-08-15 06:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-09-11 00:22 - 2014-08-15 06:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-11 00:22 - 2014-08-15 06:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-11 00:22 - 2014-08-15 06:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-11 00:22 - 2014-08-15 06:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-09-11 00:22 - 2014-08-15 06:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-09-09 10:02 - 2014-09-09 10:02 - 00000672 _____ () C:\Windows\wmsetup.log

2014-09-05 08:00 - 2014-09-05 08:00 - 00172848 _____ (Microsoft Corporation) C:\ProgramData\540ED4E.cpp

2014-08-28 00:01 - 2014-08-22 17:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-28 00:01 - 2014-08-22 16:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll

2014-08-28 00:01 - 2014-08-22 15:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2014-08-24 16:56 - 2014-08-24 16:07 - 131990903 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0010.mp4

2014-08-24 16:53 - 2014-08-24 16:53 - 00000116 _____ () C:\Users\Mom & Dad\Desktop\esetD95tyRE.url

2014-08-24 16:49 - 2014-08-24 16:11 - 61894285 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0012.mp4

2014-08-13 00:03 - 2014-06-26 14:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe

2014-08-13 00:03 - 2014-06-26 14:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-13 00:03 - 2014-06-26 14:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll

2014-08-13 00:03 - 2014-06-26 14:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-13 00:03 - 2014-06-26 14:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-13 00:03 - 2014-06-26 14:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll

2014-08-13 00:02 - 2014-06-05 20:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe

2014-08-13 00:02 - 2014-06-05 20:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 11:35 - 2014-09-11 15:32 - 00000000 ____D () C:\FRST

2014-09-12 08:31 - 2006-11-02 05:34 - 00000000 ___HD () C:\Windows\System32\GroupPolicy

2014-09-12 06:58 - 2009-03-05 21:12 - 01600746 _____ () C:\Windows\WindowsUpdate.log

2014-09-12 06:50 - 2011-09-10 17:45 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA.job

2014-09-12 06:44 - 2014-02-16 06:50 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job

2014-09-12 06:43 - 2014-02-16 06:50 - 00000462 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job

2014-09-12 06:42 - 2011-03-04 10:50 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-12 06:41 - 2014-01-10 19:20 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2014-09-12 06:40 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-12 06:40 - 2006-11-02 07:27 - 00137908 _____ () C:\Windows\setupact.log

2014-09-12 06:40 - 2006-11-02 07:22 - 00003744 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-12 06:40 - 2006-11-02 07:22 - 00003744 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-12 06:10 - 2013-01-01 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-12 05:58 - 2012-08-03 13:36 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA.job

2014-09-12 05:58 - 2011-03-04 10:50 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-12 05:35 - 2009-03-12 09:08 - 00000008 __RSH () C:\Users\Mom & Dad\ntuser.pol

2014-09-12 05:35 - 2009-03-12 08:49 - 00000000 ____D () C:\users\Mom & Dad

2014-09-12 05:34 - 2009-03-14 20:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-09-11 11:07 - 2010-12-06 09:38 - 00000000 ____D () C:\Users\Mom & Dad\AppData\Roaming\Skype

2014-09-11 10:12 - 2013-01-13 07:43 - 00000000 ___RD () C:\Users\Mom & Dad\Google Drive

2014-09-11 10:12 - 2011-03-04 12:24 - 00001356 _____ () C:\Users\Mom & Dad\AppData\Local\d3d9caps.dat

2014-09-11 10:00 - 2014-01-10 19:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-11 01:01 - 2013-01-01 12:13 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-11 01:00 - 2013-01-01 12:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-11 01:00 - 2011-11-08 18:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-11 00:49 - 2008-01-20 19:26 - 00893234 _____ () C:\Windows\PFRO.log

2014-09-11 00:47 - 2009-11-19 21:12 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-09-11 00:47 - 2006-11-02 07:42 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-11 00:21 - 2009-03-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-11 00:17 - 2010-08-07 13:39 - 00813038 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-11 00:17 - 2006-11-02 04:46 - 00813038 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-09-11 00:15 - 2014-08-09 01:41 - 00000000 ____D () C:\Windows\System32\MRT

2014-09-11 00:05 - 2006-11-02 04:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe

2014-09-10 23:00 - 2014-02-13 06:24 - 00000486 _____ () C:\Windows\Tasks\Scan most recently used file in the background (Spybot - Search & Destroy).job

2014-09-10 20:58 - 2012-08-03 13:36 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core.job

2014-09-10 12:49 - 2011-09-10 17:45 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core.job

2014-09-09 21:30 - 2014-01-10 19:20 - 00000630 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2014-09-09 10:02 - 2014-09-09 10:02 - 00000672 _____ () C:\Windows\wmsetup.log

2014-09-09 03:08 - 2009-03-14 20:47 - 00041984 _____ () C:\Users\Mom & Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-09-05 08:00 - 2014-09-05 08:00 - 00172848 _____ (Microsoft Corporation) C:\ProgramData\540ED4E.cpp

2014-09-03 13:10 - 2012-08-03 13:37 - 00002090 _____ () C:\Users\Alex\Desktop\Google Chrome.lnk

2014-09-02 21:31 - 2006-11-02 04:34 - 00450628 ____R () C:\Windows\System32\Drivers\etc\hosts.20140910-003037.backup

2014-09-02 03:20 - 2014-01-10 19:20 - 00000460 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

2014-08-28 00:23 - 2006-11-02 07:21 - 00415768 _____ () C:\Windows\System32\FNTCACHE.DAT

2014-08-26 21:30 - 2006-11-02 04:34 - 00450628 ____R () C:\Windows\System32\Drivers\etc\hosts.20140903-003146.backup

2014-08-24 16:53 - 2014-08-24 16:53 - 00000116 _____ () C:\Users\Mom & Dad\Desktop\esetD95tyRE.url

2014-08-24 16:11 - 2014-08-24 16:49 - 61894285 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0012.mp4

2014-08-24 16:07 - 2014-08-24 16:56 - 131990903 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0010.mp4

2014-08-22 17:05 - 2014-08-28 00:01 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 16:42 - 2014-08-28 00:01 - 00390144 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll

2014-08-22 15:38 - 2014-08-28 00:01 - 02782208 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2014-08-22 14:06 - 2014-08-08 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-08-19 21:30 - 2006-11-02 04:34 - 00450628 ____R () C:\Windows\System32\Drivers\etc\hosts.20140827-003036.backup

2014-08-15 07:48 - 2014-09-11 00:22 - 17868288 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-08-15 07:36 - 2014-09-11 00:22 - 10920960 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-08-15 07:35 - 2014-09-11 00:22 - 02339328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-08-15 07:31 - 2014-09-11 00:22 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-08-15 07:31 - 2014-09-11 00:22 - 01384960 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-08-15 07:30 - 2014-09-11 00:22 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-08-15 07:30 - 2014-09-11 00:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2014-08-15 07:30 - 2014-09-11 00:22 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 02156032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-08-15 07:29 - 2014-09-11 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-08-15 07:29 - 2014-09-11 00:22 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2014-08-15 07:28 - 2014-09-11 00:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-08-15 07:28 - 2014-09-11 00:22 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-08-15 07:28 - 2014-09-11 00:22 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe

2014-08-15 07:28 - 2014-09-11 00:22 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2014-08-15 06:51 - 2014-09-11 00:22 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-15 06:42 - 2014-09-11 00:22 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-15 06:42 - 2014-09-11 00:22 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-15 06:37 - 2014-09-11 00:22 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-15 06:37 - 2014-09-11 00:22 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-15 06:36 - 2014-09-11 00:22 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-15 06:35 - 2014-09-11 00:22 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-15 06:35 - 2014-09-11 00:22 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-15 06:35 - 2014-09-11 00:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-08-15 06:34 - 2014-09-11 00:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-15 06:34 - 2014-09-11 00:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-15 06:34 - 2014-09-11 00:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-15 06:34 - 2014-09-11 00:22 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-08-15 06:34 - 2014-09-11 00:22 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-08-13 16:13 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (whitelisted) =============

==================== Restore Points =========================

Restore point made on: 2014-09-08 21:05:51

Restore point made on: 2014-09-08 23:01:30

Restore point made on: 2014-09-09 21:01:05

Restore point made on: 2014-09-10 21:01:28

Restore point made on: 2014-09-11 00:01:20

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 3963.07 MB

Available physical RAM: 3351.32 MB

Total Pagefile: 3714.56 MB

Available Pagefile: 3330.9 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Drives ================================

Drive c: (SQ004817V03) (Fixed) (Total:139.51 GB) (Free:40.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.29 GB) NTFS

Drive g: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 5A2D976F)

Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)

Partition 2: (Active) - (Size=139.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=8.1 GB) - (Type=17)

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 967.5 MB) (Disk ID: ED232C4D)

Partition 1: (Active) - (Size=967 MB) - (Type=06)

LastRegBack: 2014-09-12 06:46

==================== End Of Log ============================

Link to post
Share on other sites

Delete any previously saved files related to FRST fixes....

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply..

 

See if your system will boot to normal mode, if so run FRST as previously advised....

 

Kevin..

fixlist.txt

Link to post
Share on other sites

New FRST log follows Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014

Ran by SYSTEM at 2014-09-12 12:46:38 Run:2

Running from G:\

Boot Mode: Recovery

==============================================

Content of fixlist:

*****************

Start

Startup: C:\Users\Mom & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk

ShortcutTarget: program.lnk -> C:\ProgramData\540ED4E.cpp (Microsoft Corporation)

C:\ProgramData\540ED4E.cpp

S2 Winmgmt; C:\PROGRA~3\E4DE045.dot [X]

C:\PROGRA~3\E4DE045.dot

2014-09-05 08:00 - 2014-09-05 08:00 - 00172848 _____ (Microsoft Corporation) C:\ProgramData\540ED4E.cpp

Emptytemp:

End

*****************

C:\Users\Mom & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully.

C:\ProgramData\540ED4E.cpp => Moved successfully.

"C:\ProgramData\540ED4E.cpp" => File/Directory not found.

Winmgmt => Service restored successfully.

"C:\PROGRA~3\E4DE045.dot" => File/Directory not found.

"C:\ProgramData\540ED4E.cpp" => File/Directory not found.

Emptytemp: => Error: This directive works only outside recovery mode.

==== End of Fixlog ====

****************

FRST Log

****************

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014

Ran by Mom & Dad (administrator) on TOSHIBAL350 on 12-09-2014 13:26:05

Running from E:\

Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Agere Systems) C:\Windows\System32\agr64svc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(TOSHIBA Corporation.) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe

(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

() C:\SmartDraw CI\Messages\SDNotify.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuauclt.exe

(Realtek Semiconductor) C:\Windows\RAVCpl64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(Microsoft Corporation) C:\Windows\System32\wpcumi.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6156288 2008-04-08] (Realtek Semiconductor)

HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-06-02] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-05-09] (TOSHIBA Corporation)

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)

HKLM-x32\...\Run: [NDSTray.exe] => NDSTray.exe

HKLM-x32\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe

HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)

HKLM-x32\...\Run: [sBC_McciTrayApp] => "C:\Program Files (x86)\SBC\update\SST.exe"

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [585728 2011-01-07] ()

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: H - "H:\Install FreeAgent Tools.exe" /run

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {07e63dd1-6128-11de-83e3-001e33a50adf} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-1-57-100022764-100022826-100025031-2571.com g:\

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {5ed73ea9-2345-11e4-b2d6-001e33a50adf} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {6b236458-111b-11de-8427-001e33a50adf} - F:\LaunchU3.exe -a

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {948921c3-a26a-11df-bbf6-001e33a50adf} - "H:\Install FreeAgent Tools.exe" /run

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3950572576-1964236272-3678751622-1000\$279896eb0829f75e17013cf93b5d347f\n. ATTENTION! ====> ZeroAccess?

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

Startup: C:\Users\Bonita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (No File)

Startup: C:\Users\Mom & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk

ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: localhost:21320

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

URLSearchHook: HKCU - (No Name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {8CFC3DAE-B085-4451-8D27-2333952033CF} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB

SearchScopes: HKLM - {8CFC3DAE-B085-4451-8D27-2333952033CF} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=575&systemid=1&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB

SearchScopes: HKLM-x32 - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=575&systemid=1&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668

SearchScopes: HKLM-x32 - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

SearchScopes: HKCU - DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111110&iesrc={referrer:source}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADFA_en

SearchScopes: HKCU - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKCU - {8CFC3DAE-B085-4451-8D27-2333952033CF} URL =

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=575&systemid=1&sr=0&q={searchTerms}

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3008668

SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU - No Name - {9427041A-A8DC-4D06-9A68-93873486E957} - No File

DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:

========

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-01]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-30]

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF HKCU\...\Firefox\Extensions: [{e9f50660-b0c4-4ca8-8b40-8c5ace0c901a}] - C:\Program Files (x86)\ViewPassword\150.xpi

Chrome:

=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2008-04-03] (TOSHIBA Corporation.) [File not signed]

R2 ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]

R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1371136 2008-04-30] (Intel® Corporation) [File not signed]

R2 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [253568 2009-11-18] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1043584 2010-01-30] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] () [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [826368 2008-04-30] (Intel® Corporation) [File not signed]

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed]

R2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)

R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]

R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed]

R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63904 2013-10-10] ()

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2013-01-05] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 18:32 - 2014-09-12 13:26 - 00000000 ____D () C:\FRST

2014-09-11 03:22 - 2014-08-15 10:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-11 03:22 - 2014-08-15 10:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-11 03:22 - 2014-08-15 10:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-11 03:22 - 2014-08-15 10:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-11 03:22 - 2014-08-15 10:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-11 03:22 - 2014-08-15 10:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-11 03:22 - 2014-08-15 10:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-09-11 03:22 - 2014-08-15 10:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-11 03:22 - 2014-08-15 10:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-11 03:22 - 2014-08-15 10:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-11 03:22 - 2014-08-15 10:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-11 03:22 - 2014-08-15 10:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-11 03:22 - 2014-08-15 10:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-09-11 03:22 - 2014-08-15 10:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-11 03:22 - 2014-08-15 10:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-11 03:22 - 2014-08-15 10:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-11 03:22 - 2014-08-15 10:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-09-11 03:22 - 2014-08-15 10:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-11 03:22 - 2014-08-15 10:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-11 03:22 - 2014-08-15 10:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-09-11 03:22 - 2014-08-15 10:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-09-11 03:22 - 2014-08-15 09:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-11 03:22 - 2014-08-15 09:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-11 03:22 - 2014-08-15 09:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-11 03:22 - 2014-08-15 09:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-11 03:22 - 2014-08-15 09:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-11 03:22 - 2014-08-15 09:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-11 03:22 - 2014-08-15 09:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-11 03:22 - 2014-08-15 09:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-09-11 03:22 - 2014-08-15 09:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-11 03:22 - 2014-08-15 09:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-11 03:22 - 2014-08-15 09:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-11 03:22 - 2014-08-15 09:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-09-11 03:22 - 2014-08-15 09:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-11 03:22 - 2014-08-15 09:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-11 03:22 - 2014-08-15 09:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-11 03:22 - 2014-08-15 09:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-09-11 03:22 - 2014-08-15 09:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-11 03:22 - 2014-08-15 09:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-11 03:22 - 2014-08-15 09:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-11 03:22 - 2014-08-15 09:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-09-11 03:22 - 2014-08-15 09:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-09-09 13:02 - 2014-09-09 13:02 - 00000672 _____ () C:\Windows\wmsetup.log

2014-08-28 03:01 - 2014-08-22 20:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-28 03:01 - 2014-08-22 19:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-28 03:01 - 2014-08-22 18:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 19:56 - 2014-08-24 19:07 - 131990903 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0010.mp4

2014-08-24 19:53 - 2014-08-24 19:53 - 00000116 _____ () C:\Users\Mom & Dad\Desktop\esetD95tyRE.url

2014-08-24 19:49 - 2014-08-24 19:11 - 61894285 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0012.mp4

2014-08-13 03:03 - 2014-06-26 17:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-13 03:03 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-13 03:03 - 2014-06-26 17:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-13 03:03 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-13 03:03 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-13 03:03 - 2014-06-26 17:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-13 03:02 - 2014-06-05 23:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-13 03:02 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 13:26 - 2014-09-11 18:32 - 00000000 ____D () C:\FRST

2014-09-12 13:25 - 2014-02-16 09:50 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job

2014-09-12 13:25 - 2014-02-16 09:50 - 00000462 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job

2014-09-12 13:25 - 2014-01-10 22:20 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2014-09-12 13:25 - 2011-03-04 13:50 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-12 13:17 - 2009-03-06 00:12 - 01604638 _____ () C:\Windows\WindowsUpdate.log

2014-09-12 13:14 - 2006-11-02 10:27 - 00138703 _____ () C:\Windows\setupact.log

2014-09-12 13:13 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-12 13:13 - 2006-11-02 10:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-12 13:13 - 2006-11-02 10:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-12 11:31 - 2006-11-02 08:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-09-12 09:50 - 2011-09-10 20:45 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA.job

2014-09-12 09:10 - 2013-01-01 15:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-12 08:58 - 2012-08-03 16:36 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA.job

2014-09-12 08:58 - 2011-03-04 13:50 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-12 08:35 - 2009-03-12 12:08 - 00000008 __RSH () C:\Users\Mom & Dad\ntuser.pol

2014-09-12 08:35 - 2009-03-12 11:49 - 00000000 ____D () C:\Users\Mom & Dad

2014-09-12 08:34 - 2009-03-14 23:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-09-11 14:07 - 2010-12-06 12:38 - 00000000 ____D () C:\Users\Mom & Dad\AppData\Roaming\Skype

2014-09-11 13:12 - 2013-01-13 10:43 - 00000000 ___RD () C:\Users\Mom & Dad\Google Drive

2014-09-11 13:12 - 2011-03-04 15:24 - 00001356 _____ () C:\Users\Mom & Dad\AppData\Local\d3d9caps.dat

2014-09-11 13:00 - 2014-01-10 22:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-11 04:01 - 2013-01-01 15:13 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-11 04:00 - 2013-01-01 15:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-11 04:00 - 2011-11-08 21:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-11 03:49 - 2008-01-20 22:26 - 00893234 _____ () C:\Windows\PFRO.log

2014-09-11 03:47 - 2009-11-20 00:12 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-09-11 03:47 - 2006-11-02 10:42 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-11 03:21 - 2009-03-05 23:12 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-11 03:17 - 2010-08-07 16:39 - 00813038 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-11 03:17 - 2006-11-02 07:46 - 00813038 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-11 03:15 - 2014-08-09 04:41 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-11 03:05 - 2006-11-02 07:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-09-11 02:00 - 2014-02-13 09:24 - 00000486 _____ () C:\Windows\Tasks\Scan most recently used file in the background (Spybot - Search & Destroy).job

2014-09-10 23:58 - 2012-08-03 16:36 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core.job

2014-09-10 15:49 - 2011-09-10 20:45 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core.job

2014-09-10 00:30 - 2014-01-10 22:20 - 00000630 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2014-09-09 13:02 - 2014-09-09 13:02 - 00000672 _____ () C:\Windows\wmsetup.log

2014-09-09 06:08 - 2009-03-14 23:47 - 00041984 _____ () C:\Users\Mom & Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-09-03 16:10 - 2012-08-03 16:37 - 00002090 _____ () C:\Users\Alex\Desktop\Google Chrome.lnk

2014-09-03 00:31 - 2006-11-02 07:34 - 00450628 ____R () C:\Windows\system32\Drivers\etc\hosts.20140910-003037.backup

2014-09-02 06:20 - 2014-01-10 22:20 - 00000460 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

2014-08-28 03:23 - 2006-11-02 10:21 - 00415768 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-27 00:30 - 2006-11-02 07:34 - 00450628 ____R () C:\Windows\system32\Drivers\etc\hosts.20140903-003146.backup

2014-08-24 19:53 - 2014-08-24 19:53 - 00000116 _____ () C:\Users\Mom & Dad\Desktop\esetD95tyRE.url

2014-08-24 19:11 - 2014-08-24 19:49 - 61894285 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0012.mp4

2014-08-24 19:07 - 2014-08-24 19:56 - 131990903 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0010.mp4

2014-08-22 20:05 - 2014-08-28 03:01 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 19:42 - 2014-08-28 03:01 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 18:38 - 2014-08-28 03:01 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-22 17:06 - 2014-08-08 19:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-20 00:30 - 2006-11-02 07:34 - 00450628 ____R () C:\Windows\system32\Drivers\etc\hosts.20140827-003036.backup

2014-08-15 10:48 - 2014-09-11 03:22 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-15 10:36 - 2014-09-11 03:22 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-15 10:35 - 2014-09-11 03:22 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-15 10:31 - 2014-09-11 03:22 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-15 10:31 - 2014-09-11 03:22 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-15 10:30 - 2014-09-11 03:22 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-15 10:30 - 2014-09-11 03:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-15 10:30 - 2014-09-11 03:22 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-15 10:29 - 2014-09-11 03:22 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-15 10:29 - 2014-09-11 03:22 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-15 10:29 - 2014-09-11 03:22 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-15 10:29 - 2014-09-11 03:22 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-15 10:29 - 2014-09-11 03:22 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-15 10:29 - 2014-09-11 03:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-15 10:29 - 2014-09-11 03:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-15 10:29 - 2014-09-11 03:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-15 10:29 - 2014-09-11 03:22 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-15 10:28 - 2014-09-11 03:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-15 10:28 - 2014-09-11 03:22 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-15 10:28 - 2014-09-11 03:22 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-15 10:28 - 2014-09-11 03:22 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-15 09:51 - 2014-09-11 03:22 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-15 09:42 - 2014-09-11 03:22 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-15 09:42 - 2014-09-11 03:22 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-15 09:37 - 2014-09-11 03:22 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-15 09:37 - 2014-09-11 03:22 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-15 09:36 - 2014-09-11 03:22 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-15 09:35 - 2014-09-11 03:22 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-15 09:35 - 2014-09-11 03:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-08-15 09:35 - 2014-09-11 03:22 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-15 09:35 - 2014-09-11 03:22 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-15 09:35 - 2014-09-11 03:22 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-15 09:35 - 2014-09-11 03:22 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-08-15 09:35 - 2014-09-11 03:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-15 09:35 - 2014-09-11 03:22 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-15 09:35 - 2014-09-11 03:22 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-15 09:35 - 2014-09-11 03:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-08-15 09:34 - 2014-09-11 03:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-15 09:34 - 2014-09-11 03:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-15 09:34 - 2014-09-11 03:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-15 09:34 - 2014-09-11 03:22 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-08-15 09:34 - 2014-09-11 03:22 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-08-15 01:04 - 2013-01-13 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-08-13 19:13 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache

2014-08-13 00:30 - 2006-11-02 07:34 - 00450628 ____R () C:\Windows\system32\Drivers\etc\hosts.20140820-003034.backup

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-12 09:46

==================== End Of Log ============================

Link to post
Share on other sites

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014

Ran by Mom & Dad at 2014-09-11 18:34:58

Running from E:\

Boot Mode: Safe Mode (minimal)

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.0) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)

AirPort (HKLM-x32\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)

Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version: - )

AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

C4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden

Camera Assistant Software for Toshiba (HKLM-x32\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)

CD/DVD Drive Acoustic Silencer (HKLM-x32\...\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}) (Version: 3.01.04 - TOSHIBA)

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

Chapura SyncManager (HKLM-x32\...\{6E81E3FE-8DE3-4C58-9F47-C3697887F1F4}_is1) (Version: 2.0.3674.25045 - Chapura, Inc.)

Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)

Citrix XenApp Plugin for Hosted Apps (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)

Comic Life (HKLM-x32\...\{6A1F0A1A-474C-4151-8534-5F61832D88CD}) (Version: 1.3.6 - plasq)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)

Daniusoft DRM Converter(Build 2.6.8.3) (HKLM-x32\...\Daniusoft DRM Converter_is1) (Version: - Daniusoft Software)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)

Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

DVD MovieFactory for TOSHIBA (HKLM-x32\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)

EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )

erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden

Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)

Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)

Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )

GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)

HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP)

HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden

HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)

HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.005 - HTC Corporation)

HTC Sync (HKLM-x32\...\{5645FB61-898F-4F59-AF80-52FEF3D63A64}) (Version: 3.0.5511 - HTC)

HTS iNet (HKLM-x32\...\{6FA04B6A-E4A6-4A87-A6E9-AC7E8A1128C5}) (Version: 8.8.4 - HTS Inc.)

iMesh (HKLM-x32\...\iMesh) (Version: 11.0.0.117532 - iMesh Inc.) <==== ATTENTION

iMesh (x32 Version: 11.0.0.117532 - iMesh Inc.) Hidden <==== ATTENTION

Intel PROSet Wireless (Version: - ) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel® Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)

iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)

Java 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)

Java 6 Update 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)

JNLP (HKCU\...\JNLP) (Version: - JNLP)

KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden

Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)

Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden

Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )

Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Store Download Manager (HKLM-x32\...\{A3D88A98-506E-4CFC-B294-E256C679B0EE}) (Version: 2.5.2219.1 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden

Microsoft XML Parser (x32 Version: 8.20.8730.4 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.3.01.13160 - Sony Corporation)

MyxerMagic Web Extensions (HKLM-x32\...\{12EA0FCE-663F-45B1-9D35-3715F2B125C8}) (Version: 1.0.0 - Myxer Inc.)

Netflix Movie Viewer (HKLM-x32\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)

Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden

Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden

PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden

QuickBooks Financial Center (HKLM-x32\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)

Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.4.14 - Intuit)

Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden

Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)

Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )

Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden

Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden

Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.14.06030 - Sony Corporation)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)

Spybot - Search & Destroy 1.3 (HKLM-x32\...\Spybot - Search & Destroy_is1) (Version: 1.3 - Safer Networking Limited)

Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)

Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.06 - TOSHIBA)

TOSHIBA ConfigFree (HKLM-x32\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)

TOSHIBA Desktop Links (HKLM-x32\...\{E1E56B8A-1AAF-422A-91DB-625059FB9863}) (Version: 1.7 - TOSHIBA Corporation)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)

TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)

TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )

TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden

TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 2.0.2.64 - TOSHIBA)

TOSHIBA Face Recognition (Version: 2.0.2.64 - TOSHIBA) Hidden

TOSHIBA Hardware Setup (HKLM-x32\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )

TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation)

Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)

TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA)

TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.87 (SM2187ALS04) - Agere Systems)

TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )

TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )

TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )

TOSHIBA Supervisor Password (HKLM-x32\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.1.24.64 - TOSHIBA Corporation)

TOSHIBA Value Added Package (Version: 1.1.24.64 - TOSHIBA Corporation) Hidden

TOSHIBA Value Added Package (x32 Version: 1.1.24.64 - TOSHIBA Corporation) Hidden

TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)

TurboTax 2011 wiliper (x32 Version: 011.000.1768 - Intuit Inc.) Hidden

TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.3351 - Intuit Inc.) Hidden

TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0496 - Intuit Inc.) Hidden

TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0222 - Intuit Inc.) Hidden

TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden

TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2012 wiliper (x32 Version: 012.000.1498 - Intuit Inc.) Hidden

TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden

TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden

TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden

TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden

TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

TurboTax 2013 wiliper (x32 Version: 013.000.1255 - Intuit Inc.) Hidden

TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1874 - Intuit Inc.) Hidden

TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0477 - Intuit Inc.) Hidden

TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0164 - Intuit Inc.) Hidden

TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)

Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)

Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)

WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden

WexTech AnswerWorks (HKLM-x32\...\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}) (Version: 1.00.000 - )

WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.62 - WildTangent)

Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)

Windows Live Communications Platform (x32 Version: 14.0.8098.930 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )

Windows Media Encoder 9 Series (x32 Version: 9.00.3374 - Microsoft Corporation) Hidden

Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3950572576-1964236272-3678751622-1000_Classes\CLSID\{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}\InprocServer32 -> C:\Windows\system32\TosBtShell.dll (TOSHIBA)

CustomCLSID: HKU\S-1-5-21-3950572576-1964236272-3678751622-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2014-09-10 00:30 - 00450628 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00CDFE8C-6DD6-4211-A36C-56D63DFE5841} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {02D11507-E1DC-4117-90C4-5E5F169BE20C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03] (Google Inc.)

Task: {0616A940-5683-41F3-BFA5-FC273E7BF27D} - System32\Tasks\{EAA5E7FF-655D-4E70-89EA-94E0BFF723AB} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.104.259/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-installed;madedefault

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {0BB3F014-1253-42B7-8E23-B55C43FF98F7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION

Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {253A29CE-B4DF-4B7C-97DC-97564B5992A3} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)

Task: {30A5998E-86F2-4BE4-87AF-FC79B29FE06B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: {365EE0F3-1A97-4D75-9EC1-95570598865E} - System32\Tasks\4760 => Wscript.exe C:\Users\MOM&DA~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {3FAFEB69-7A7F-4F37-8290-47E75B734D81} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: {482CD273-C5B3-4DA5-A613-BCEA814FD84E} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {62BA8375-0AB5-4E7B-A9D2-6AAAF65D3409} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {65DBA2F6-A396-4E76-88A3-EDF27EFF9077} - System32\Tasks\{BA67A88C-0989-4915-BAF1-A85BCD9926C9} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)

Task: {795F1545-48B8-41C3-99AF-CFB090F7AB3F} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()

Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {7ED2E2B5-963F-4D97-B6CF-8B33B01967A9} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()

Task: {81D4D6C0-5398-4BBF-AE3C-926AE9DF41E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04] (Google Inc.)

Task: {8564A993-50F7-4956-8CD7-77023FEC74F9} - System32\Tasks\Scan most recently used file in the background (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe

Task: {93C36455-E86E-444E-AD61-D98EE7BF45EB} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-01-07] ()

Task: {94ED66F4-EB83-43BD-8F63-3154CDB2667D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)

Task: {9F42F71C-2C46-4C21-8DF4-64E586E65540} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03] (Google Inc.)

Task: {A406AF31-4067-4509-B5C8-3214D8BA8D67} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)

Task: {AEF929A0-7252-41C7-BBC9-7DA8B1E56572} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04] (Google Inc.)

Task: {C1404A22-3AF0-4DB6-B961-29757990F171} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {DBEC1CF8-727D-4256-9BB8-A78DB01A1188} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Bonita => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)

Task: {E88C945C-6C9F-453D-ADE8-FC26C6106279} - System32\Tasks\Microsoft\Support\ATS\OAS Integration => C:\Users\Mom & Dad\AppData\Local\Temp\MATS-Temp\IXPa5rtcrxu.1t5\MATSWiz.exe <==== ATTENTION

Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

Task: {F1A9E18A-37DF-4CA0-8BC3-B9B5A6E61EEF} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core.job => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA.job => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: C:\Windows\Tasks\Scan most recently used file in the background (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe

Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\SMARTD~1\Messages\SDNotify.exe

Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\SMARTD~1\Messages\SDNotify.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:

==================

Error: (09/11/2014 01:56:49 PM) (Source: Windows Search Service) (EventID: 3079) (User: )

Description: Notifications for the volume e:\ are not active.

Context: Windows Application

Details:

The device is not ready. (0x80070015)

Error: (09/11/2014 01:53:16 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)

Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (09/11/2014 01:32:59 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)

Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (09/11/2014 01:11:25 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)

Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (09/11/2014 03:53:51 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)

Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (09/11/2014 03:52:17 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "SMDiagnostics, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.

.

Error: (09/11/2014 03:52:17 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.ServiceModel, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.

.

Error: (09/11/2014 03:52:17 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Runtime.Serialization, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.

.

Error: (09/11/2014 03:52:17 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "SMSvcHost, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.

.

Error: (09/11/2014 03:52:17 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.IdentityModel, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.

.

System errors:

=============

Error: (08/30/2010 08:05:44 PM) (Source: HTTP) (EventID: 15016) (User: )

Description: \Device\Http\ReqQueueKerberos

Error: (08/30/2010 07:50:25 PM) (Source: Print) (EventID: 54) (User: NT AUTHORITY)

Description: Document Mark Gift Wish List.txt - Notepad failed to print and was deleted because of corruption in the spooled file. The associated driver is: HP Photosmart C4700 series. Try printing the document again.

Error: (08/30/2010 07:50:18 PM) (Source: HTTP) (EventID: 15016) (User: )

Description: \Device\Http\ReqQueueKerberos

Error: (08/30/2010 07:44:28 PM) (Source: Print) (EventID: 6161) (User: NT AUTHORITY)

Description: The document Mark Gift Wish List.txt - Notepad, owned by Mom & Dad, failed to print on printer HP Photosmart C4700 series. Try to print the document again, or restart the print spooler.

Data type: NT EMF 1.008. Size of the spool file in bytes: 3024. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\TOSHIBAL350. Win32 error code returned by the print processor: Mark Gift Wish List.txt - Notepad0. Mark Gift Wish List.txt - Notepad1

Error: (08/30/2010 07:34:29 PM) (Source: Print) (EventID: 6161) (User: TOSHIBAL350)

Description: The document Mark Gift Wish List.txt - Notepad, owned by Mom & Dad, failed to print on printer HP Photosmart C4700 series. Try to print the document again, or restart the print spooler.

Data type: NT EMF 1.008. Size of the spool file in bytes: 3024. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\TOSHIBAL350. Win32 error code returned by the print processor: Mark Gift Wish List.txt - Notepad0. Mark Gift Wish List.txt - Notepad1

Error: (08/30/2010 07:20:06 PM) (Source: BROWSER) (EventID: 8032) (User: )

Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{08231EBD-600D-4F07-8C17-08B1C7527537}.

The backup browser is stopping.

Error: (08/30/2010 07:19:42 PM) (Source: DCOM) (EventID: 10000) (User: )

Description: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding786{66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}

Error: (08/30/2010 07:19:42 PM) (Source: DCOM) (EventID: 10000) (User: )

Description: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding786{694978FF-AB41-4E51-9A2F-862A9312FCB1}

Error: (08/30/2010 07:19:35 PM) (Source: DCOM) (EventID: 10000) (User: )

Description: C:\Windows\ehome\ehmsas.exe -Embedding786{0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (08/30/2010 05:55:46 PM) (Source: DCOM) (EventID: 10000) (User: )

Description: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding786{66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}

Microsoft Office Sessions:

=========================

Error: (09/11/2014 01:56:49 PM) (Source: Windows Search Service) (EventID: 3079) (User: )

Description: Context: Windows Application

Details:

The device is not ready. (0x80070015)

e:\

Error: (09/11/2014 01:53:16 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)

Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (09/11/2014 01:32:59 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)

Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (09/11/2014 01:11:25 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)

Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (09/11/2014 03:53:51 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)

Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (09/11/2014 03:52:17 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "SMDiagnostics, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.

.

Error: (09/11/2014 03:52:17 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.ServiceModel, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.

.

Error: (09/11/2014 03:52:17 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Runtime.Serialization, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.

.

Error: (09/11/2014 03:52:17 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "SMSvcHost, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.

.

Error: (09/11/2014 03:52:17 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.IdentityModel, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.

.

CodeIntegrity Errors:

===================================

Date: 2014-08-22 15:59:40.594

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-22 15:59:40.469

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-22 15:59:40.353

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-22 15:59:40.176

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-22 11:21:31.335

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-22 11:21:31.142

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-22 11:21:30.999

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-22 11:21:30.811

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-22 08:15:03.932

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-22 08:15:03.807

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply. Also give an update on any remaining issues or concerns...

 

Kevin....

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014

Ran by SYSTEM at 2014-09-12 23:36:19 Run:3

Running from g:\

Boot Mode: Recovery

==============================================

Content of fixlist:

*****************

Start

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: H - "H:\Install FreeAgent Tools.exe" /run

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {07e63dd1-6128-11de-83e3-001e33a50adf} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-1-57-100022764-100022826-100025031-2571.com g:\

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {5ed73ea9-2345-11e4-b2d6-001e33a50adf} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {6b236458-111b-11de-8427-001e33a50adf} - F:\LaunchU3.exe -a

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {948921c3-a26a-11df-bbf6-001e33a50adf} - "H:\Install FreeAgent Tools.exe" /run

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3950572576-1964236272-3678751622-1000\$279896eb0829f75e17013cf93b5d347f\n. ATTENTION! ====> ZeroAccess?

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: localhost:21320

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-re...q={searchTerms}

SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3008668

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-re...q={searchTerms}

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3008668

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File

Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU - No Name - {9427041A-A8DC-4D06-9A68-93873486E957} - No File

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Task: {0BB3F014-1253-42B7-8E23-B55C43FF98F7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION

Task: {365EE0F3-1A97-4D75-9EC1-95570598865E} - System32\Tasks\4760 => Wscript.exe C:\Users\MOM&DA~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {E88C945C-6C9F-453D-ADE8-FC26C6106279} - System32\Tasks\Microsoft\Support\ATS\OAS Integration => C:\Users\Mom & Dad\AppData\Local\Temp\MATS-Temp\IXPa5rtcrxu.1t5\MATSWiz.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B

Emptytemp:

End

*****************

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: H - "H:\Install FreeAgent Tools.exe" /run => Error: The entry should be fixed outside recovery mode.

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {07e63dd1-6128-11de-83e3-001e33a50adf} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-1-57-100022764-100022826-100025031-2571.com g:\ => Error: The entry should be fixed outside recovery mode.

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {5ed73ea9-2345-11e4-b2d6-001e33a50adf} - G:\HTC_Sync_Manager_PC.exe => Error: The entry should be fixed outside recovery mode.

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {6b236458-111b-11de-8427-001e33a50adf} - F:\LaunchU3.exe -a => Error: The entry should be fixed outside recovery mode.

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...\MountPoints2: {948921c3-a26a-11df-bbf6-001e33a50adf} - "H:\Install FreeAgent Tools.exe" /run => Error: The entry should be fixed outside recovery mode.

HKU\S-1-5-21-3950572576-1964236272-3678751622-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3950572576-1964236272-3678751622-1000\$279896eb0829f75e17013cf93b5d347f\n. ATTENTION! ====> ZeroAccess? => Error: The entry should be fixed outside recovery mode.

ProxyEnable: Internet Explorer proxy is enabled. => Error: The entry should be fixed outside recovery mode.

ProxyServer: localhost:21320 => Error: The entry should be fixed outside recovery mode.

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-re...q={searchTerms} => Error: The entry should be fixed outside recovery mode.

SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3008668 => Error: The entry should be fixed outside recovery mode.

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-re...q={searchTerms} => Error: The entry should be fixed outside recovery mode.

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT3008668 => Error: The entry should be fixed outside recovery mode.

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File => Error: The entry should be fixed outside recovery mode.

Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File => Error: The entry should be fixed outside recovery mode.

Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File => Error: The entry should be fixed outside recovery mode.

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File => Error: The entry should be fixed outside recovery mode.

Toolbar: HKCU - No Name - {9427041A-A8DC-4D06-9A68-93873486E957} - No File => Error: The entry should be fixed outside recovery mode.

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" => Error: The entry should be fixed outside recovery mode.

Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" => Error: The entry should be fixed outside recovery mode.

Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" => Error: The entry should be fixed outside recovery mode.

Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" => Error: The entry should be fixed outside recovery mode.

Task: {0BB3F014-1253-42B7-8E23-B55C43FF98F7} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION => Error: The entry should be fixed outside recovery mode.

Task: {365EE0F3-1A97-4D75-9EC1-95570598865E} - System32\Tasks\4760 => Wscript.exe C:\Users\MOM&DA~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION => Error: The entry should be fixed outside recovery mode.

Task: {E88C945C-6C9F-453D-ADE8-FC26C6106279} - System32\Tasks\Microsoft\Support\ATS\OAS Integration => C:\Users\Mom & Dad\AppData\Local\Temp\MATS-Temp\IXPa5rtcrxu.1t5\MATSWiz.exe <==== ATTENTION => Error: The entry should be fixed outside recovery mode.

C:\ProgramData\TEMP => ":9A870F8B" ADS removed successfully.

Emptytemp: => Error: This directive works only outside recovery mode.

==== End of Fixlog ====

*************************

ScanLog

*************************

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 9/13/2014

Scan Time: 6:27:20 AM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.09.13.01

Rootkit Database: v2014.09.12.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows Vista Service Pack 2

CPU: x64

File System: NTFS

User: Mom & Dad

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 413254

Time Elapsed: 22 min, 37 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 1

PUP.Optional.Somoto.A, HKU\S-1-5-21-3950572576-1964236272-3678751622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Somoto, Quarantined, [73513fadcbb0a096460d0af21ce642be],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

Trojan.Agent, C:\Users\Alex\AppData\Local\Temp\nsgE17C.tmp\DcryptDll.dll, Quarantined, [259fd418582384b246f3add45aa8e21e],

Physical Sectors: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

OK, looks like I'm hosed. I tried running FRST in Normal Windows mode with the fixlist you sent Sept 12 at 10:24 pm and it failed. Restarted it and it ran to completion, but the system restarted itself. The box is again throwing Illegal System DLL Relocation errors. Where to from here?

Really appreciate the help...

Link to post
Share on other sites

Your system was infected with ZeroAccess rootkit infection, it is not impossible to remove this infection but there is nearly always registry damage along the way.

Lets not panic just yet, run another scan with FRST from the recovery environment and post a fresh log....

 

One other point, do you have access to another PC to create an offline tool to run on your sick PC via a CD, USB memory stick or similar...

 

Kevin..

Link to post
Share on other sites

Kaspersky Rescue CD

STEP A:

 

Download and create a bootable Kaspersky Rescue Disk CD

 

1. Download the Kaspersky Rescue Disk ISOimage from below.

 

 KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)

 

2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that)

 

 IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download ImgBurn)

3. You can now insert your blank DVD/CD in your burner.

 

4. Install ImgBurn by following the prompts and then start this program.

 

5. Click on the Write image file to disc button.

 

6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)

 

7. Click on the big Write button.

 

8. The disc creation process will now start and it will take around 5-10 minutes to complete.

 

 

STEP B:

 

Configure the computer to boot from CD-ROM

 

On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.

IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below.

 

 Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.

 

3. Insert your Kaspersky Rescue Disk and restart your computer.

 

STEP C:

 

Boot your computer from Kaspersky Rescue Disk

 

1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process

 

 

Kasp1-1.png

 

 

2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.

 

 

Kasp2-1.png

 

 

3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.

 

 

Kasp3-1.png

 

 

4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.

 

5. Once the actions described above have been performed, the Kasprsky operating system will start.

 

STEP D:

 

Launch Kaspersky WindowsUnlocker to remove the malicious registry changes

 

This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.

 

 

Kasp5-1.png

 

 

IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.

 

2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.

 

 

Kasp6-1.png

 

 

STEP E:

 

Scan your system with Kaspersky Rescue Disk

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.

 

 

Kasp7-1.png

 

 

2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.

 

 

Kasp8-1.png

 

 

3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.

 

 

Kasp9-1.png

 

 

4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.

 

 

Kasp10-1.png

 

 

5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.

 

 

Kasp11-1.png

 

 

6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.

 

7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014

Ran by SYSTEM on MINWINPC on 15-09-2014 07:41:33

Running from g:\

Platform: Windows Vista Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6156288 2008-04-08] (Realtek Semiconductor)

HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-06-02] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-05-09] (TOSHIBA Corporation)

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)

HKLM-x32\...\Run: [NDSTray.exe] => NDSTray.exe

HKLM-x32\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe

HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)

HKLM-x32\...\Run: [sBC_McciTrayApp] => "C:\Program Files (x86)\SBC\update\SST.exe"

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)

HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [585728 2011-01-07] ()

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\Alex\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)

HKU\Alex\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKU\Alex\...\Run: [Facebook Update] => "C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

HKU\Alex\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKU\Alex\...\Run: [Google Update] => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-03] (Google Inc.)

HKU\Alex\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKU\Alex\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex

HKU\Alex\...\Policies\system: [LogonHoursAction] 2

HKU\Alex\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Bonita\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKU\Bonita\...\RunOnce: [Application Restart #0] => C:\Windows\System32\wpcumi.exe [182784 2006-11-02] (Microsoft Corporation)

HKU\Bonita\...\RunOnce: [Application Restart #1] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKU\Bonita\...\RunOnce: [Application Restart #2] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)

HKU\Bonita\...\Policies\system: [LogonHoursAction] 2

HKU\Bonita\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)

HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)

HKU\Mom & Dad\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\Mom & Dad\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\Mom & Dad\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

HKU\Mom & Dad\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)

HKU\Mom & Dad\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKU\Mom & Dad\...\Policies\Explorer: [HideSCAHealth] 1

Startup: C:\Users\Bonita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (No File)

Startup: C:\Users\Mom & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk

ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

S1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63904 2013-10-10] ()

S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2013-01-05] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 15:32 - 2014-09-14 19:04 - 00000000 ____D () C:\FRST

2014-09-11 00:22 - 2014-08-15 07:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2014-09-11 00:22 - 2014-08-15 07:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2014-09-11 00:22 - 2014-08-15 07:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2014-09-11 00:22 - 2014-08-15 07:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2014-09-11 00:22 - 2014-08-15 07:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2014-09-11 00:22 - 2014-08-15 07:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2014-09-11 00:22 - 2014-08-15 07:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2014-09-11 00:22 - 2014-08-15 07:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-09-11 00:22 - 2014-08-15 07:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2014-09-11 00:22 - 2014-08-15 07:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2014-09-11 00:22 - 2014-08-15 07:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2014-09-11 00:22 - 2014-08-15 07:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2014-09-11 00:22 - 2014-08-15 07:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe

2014-09-11 00:22 - 2014-08-15 07:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2014-09-11 00:22 - 2014-08-15 06:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-11 00:22 - 2014-08-15 06:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-11 00:22 - 2014-08-15 06:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-11 00:22 - 2014-08-15 06:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-11 00:22 - 2014-08-15 06:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-11 00:22 - 2014-08-15 06:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-11 00:22 - 2014-08-15 06:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-11 00:22 - 2014-08-15 06:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-11 00:22 - 2014-08-15 06:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-09-11 00:22 - 2014-08-15 06:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-11 00:22 - 2014-08-15 06:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-11 00:22 - 2014-08-15 06:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-11 00:22 - 2014-08-15 06:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-09-11 00:22 - 2014-08-15 06:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-09-09 10:02 - 2014-09-09 10:02 - 00000672 _____ () C:\Windows\wmsetup.log

2014-08-28 00:01 - 2014-08-22 17:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-28 00:01 - 2014-08-22 16:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll

2014-08-28 00:01 - 2014-08-22 15:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2014-08-24 16:56 - 2014-08-24 16:07 - 131990903 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0010.mp4

2014-08-24 16:53 - 2014-08-24 16:53 - 00000116 _____ () C:\Users\Mom & Dad\Desktop\esetD95tyRE.url

2014-08-24 16:49 - 2014-08-24 16:11 - 61894285 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0012.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 04:06 - 2009-03-05 21:12 - 01507723 _____ () C:\Windows\WindowsUpdate.log

2014-09-15 04:00 - 2013-01-01 12:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-15 03:58 - 2012-08-03 13:36 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA.job

2014-09-15 03:57 - 2011-03-04 10:50 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-15 03:50 - 2011-09-10 17:45 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001UA.job

2014-09-15 03:22 - 2006-11-02 07:22 - 00003744 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-15 03:22 - 2006-11-02 07:22 - 00003744 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-15 02:04 - 2014-08-08 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-09-14 23:01 - 2014-02-13 06:24 - 00000486 _____ () C:\Windows\Tasks\Scan most recently used file in the background (Spybot - Search & Destroy).job

2014-09-14 20:58 - 2012-08-03 13:36 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core.job

2014-09-14 19:27 - 2014-02-16 06:50 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job

2014-09-14 19:26 - 2014-02-16 06:50 - 00000462 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job

2014-09-14 19:25 - 2014-01-10 19:20 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2014-09-14 19:25 - 2011-03-04 10:50 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-14 19:22 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-14 19:09 - 2008-01-20 19:26 - 02469142 _____ () C:\Windows\PFRO.log

2014-09-14 19:07 - 2009-11-19 21:12 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-09-14 19:07 - 2006-11-02 07:42 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-14 19:04 - 2014-09-11 15:32 - 00000000 ____D () C:\FRST

2014-09-14 12:49 - 2011-09-10 17:45 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3950572576-1964236272-3678751622-1001Core.job

2014-09-13 04:15 - 2013-01-13 07:43 - 00000000 ___RD () C:\Users\Mom & Dad\Google Drive

2014-09-13 04:09 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-09-12 20:16 - 2006-11-02 04:46 - 00819234 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-09-12 14:26 - 2010-07-07 20:54 - 00000000 ____D () C:\Family

2014-09-12 14:01 - 2014-01-18 08:10 - 00000000 ____D () C:\Users\Public\Bonita Transfer

2014-09-12 12:50 - 2010-12-06 09:38 - 00000000 ____D () C:\Users\Mom & Dad\AppData\Roaming\Skype

2014-09-12 10:32 - 2006-11-02 07:27 - 00139184 _____ () C:\Windows\setupact.log

2014-09-12 08:31 - 2006-11-02 05:34 - 00000000 ___HD () C:\Windows\System32\GroupPolicy

2014-09-12 05:35 - 2009-03-12 09:08 - 00000008 __RSH () C:\Users\Mom & Dad\ntuser.pol

2014-09-12 05:35 - 2009-03-12 08:49 - 00000000 ____D () C:\users\Mom & Dad

2014-09-12 05:34 - 2009-03-14 20:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-09-11 10:12 - 2011-03-04 12:24 - 00001356 _____ () C:\Users\Mom & Dad\AppData\Local\d3d9caps.dat

2014-09-11 10:00 - 2014-01-10 19:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-11 01:01 - 2013-01-01 12:13 - 00003684 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-11 01:00 - 2013-01-01 12:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-11 01:00 - 2011-11-08 18:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-11 00:21 - 2009-03-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-11 00:17 - 2010-08-07 13:39 - 00813038 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-11 00:15 - 2014-08-09 01:41 - 00000000 ____D () C:\Windows\System32\MRT

2014-09-09 21:30 - 2014-01-10 19:20 - 00000630 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2014-09-09 10:02 - 2014-09-09 10:02 - 00000672 _____ () C:\Windows\wmsetup.log

2014-09-09 03:08 - 2009-03-14 20:47 - 00041984 _____ () C:\Users\Mom & Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-09-03 13:10 - 2012-08-03 13:37 - 00002090 _____ () C:\Users\Alex\Desktop\Google Chrome.lnk

2014-09-02 21:31 - 2006-11-02 04:34 - 00450628 ____R () C:\Windows\System32\Drivers\etc\hosts.20140910-003037.backup

2014-09-02 03:20 - 2014-01-10 19:20 - 00000460 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job

2014-08-29 10:01 - 2006-11-02 04:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe

2014-08-28 00:23 - 2006-11-02 07:21 - 00415768 _____ () C:\Windows\System32\FNTCACHE.DAT

2014-08-26 21:30 - 2006-11-02 04:34 - 00450628 ____R () C:\Windows\System32\Drivers\etc\hosts.20140903-003146.backup

2014-08-24 16:53 - 2014-08-24 16:53 - 00000116 _____ () C:\Users\Mom & Dad\Desktop\esetD95tyRE.url

2014-08-24 16:11 - 2014-08-24 16:49 - 61894285 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0012.mp4

2014-08-24 16:07 - 2014-08-24 16:56 - 131990903 ____N () C:\Users\Mom & Dad\Desktop\VIDEO0010.mp4

2014-08-22 17:05 - 2014-08-28 00:01 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 16:42 - 2014-08-28 00:01 - 00390144 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll

2014-08-22 15:38 - 2014-08-28 00:01 - 02782208 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2014-08-19 21:30 - 2006-11-02 04:34 - 00450628 ____R () C:\Windows\System32\Drivers\etc\hosts.20140827-003036.backup

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (whitelisted) =============

==================== Restore Points =========================

Restore point made on: 2014-09-12 17:41:47

Restore point made on: 2014-09-13 10:58:08

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 3963.07 MB

Available physical RAM: 3368.89 MB

Total Pagefile: 3714.56 MB

Available Pagefile: 3335 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Drives ================================

Drive c: (SQ004817V03) (Fixed) (Total:139.51 GB) (Free:45.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.29 GB) NTFS

Drive g: () (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT

Drive h: (My Book) (Fixed) (Total:1862.98 GB) (Free:1725.55 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 5A2D976F)

Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)

Partition 2: (Active) - (Size=139.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=8.1 GB) - (Type=17)

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 967.5 MB) (Disk ID: ED232C4D)

Partition 1: (Active) - (Size=967 MB) - (Type=06)

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

LastRegBack: 2014-09-14 19:29

==================== End Of Log ============================

Link to post
Share on other sites

Don't know how useful this will be. I scanned 4 times, last time was clean but still reported 3 deletions. Here's the log:

 

Objects Scan: stopped 20 hours ago   (events: 2, objects: 73, time: 00:00:50) 
9/15/14 2:42 PM Task stopped   
9/15/14 2:41 PM Task started   
Objects Scan: completed 16 hours ago   (events: 17, objects: 968932, time: 04:24:52) 
9/15/14 7:07 PM Task completed   
9/15/14 7:07 PM Untreated: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE Write not supported 
9/15/14 6:51 PM Detected: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE  
9/15/14 5:28 PM Detected: HEUR:Exploit.Java.Generic C:/Users/Alex/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/279dfd1-4cef795f  
9/15/14 4:21 PM Untreated: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE Postponed 
9/15/14 4:21 PM Detected: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE  
9/15/14 4:17 PM Untreated: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE Postponed 
9/15/14 4:17 PM Detected: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE  
9/15/14 4:00 PM Untreated: HEUR:Exploit.Java.Generic C:/Users/Alex/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/279dfd1-4cef795f Postponed 
9/15/14 4:00 PM Detected: HEUR:Exploit.Java.Generic C:/Users/Alex/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/279dfd1-4cef795f  
9/15/14 3:15 PM Untreated: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE Postponed 
9/15/14 3:15 PM Detected: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE  
9/15/14 3:10 PM Untreated: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE Postponed 
9/15/14 3:10 PM Detected: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE  
9/15/14 2:48 PM Untreated: HEUR:Exploit.Java.Generic C:/Users/Alex/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/279dfd1-4cef795f Postponed 
9/15/14 2:48 PM Detected: HEUR:Exploit.Java.Generic C:/Users/Alex/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/17/279dfd1-4cef795f  
9/15/14 2:43 PM Task started   
Objects Scan: completed 10 hours ago   (events: 12, objects: 969200, time: 04:26:50) 
9/16/14 12:32 AM Task completed   
9/16/14 12:32 AM Deleted: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab  
9/15/14 10:44 PM Detected: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE  
9/15/14 9:40 PM Untreated: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE Postponed 
9/15/14 9:40 PM Detected: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE  
9/15/14 9:36 PM Untreated: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE Postponed 
9/15/14 9:36 PM Detected: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE  
9/15/14 8:36 PM Untreated: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE Postponed 
9/15/14 8:36 PM Detected: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE  
9/15/14 8:31 PM Untreated: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE Postponed 
9/15/14 8:31 PM Detected: Trojan-Downloader.Win32.Dapato.ad C:/Users/Mom & Dad/AppData/Local/Microsoft/Windows/WER/ReportArchive/Report590c9129/Report.cab/{65FFD3E0-7326-0184-1B02-DE215E34749E}-jar_cache1349493544499170061.tmp/PE-Crypt.XorPE  
9/15/14 8:05 PM Task started   
Objects Scan: completed <1 minute ago   (events: 2, objects: 974553, time: 02:42:46) 
9/16/14 11:16 AM Task completed   
9/16/14 8:33 AM Task started   
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.