Jump to content

http://startsear.info/ Hijack


Recommended Posts

Hello, for the last few months I have been having trouble with http://startsear.info/jacking my browser. I reset my home page and have tried resetting the firefox settings but when my computer restarts is is back. I have run Malewarebytes many times, it seems to find the item but after selecting quarentine and restarting it is still there! I am not sure what to do or how to get this off of my computer. Please help!

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/8/2014
Scan Time: 6:14:26 PM
Logfile: This one.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.07.10
Rootkit Database: v2014.12.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Amber

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 310817
Time Elapsed: 15 hr, 24 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Backdoor.Agent.Gen, HKU\S-1-5-21-2018166790-2710611180-2692593988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AMBER-PC, C:\Users\Amber\AppData\Roaming\video.exe, , [49bd8ad6ec9079bd386d4c1045bf36ca]

Registry Data: 1
PUP.Optional.StartSear.A, HKU\S-1-5-21-2018166790-2710611180-2692593988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://startsear.info, Good: (www.google.com), Bad: (http://startsear.info),,[778f73edef8d74c204253f2637ceed13]

Folders: 0
(No malicious items detected)

Files: 1
Backdoor.Agent.Gen, C:\Users\Amber\AppData\Roaming\video.exe, , [49bd8ad6ec9079bd386d4c1045bf36ca],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns..

 

Thanks,

 

Kevin...

Link to post
Share on other sites

It let me export it to text. This is what the results said for the Malewarebytes scan (It found and deleted 4 items).

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/10/2014
Scan Time: 6:16:55 AM
Logfile: Upload this.txt
Administrator: Yes

Version: 0.00.0.0000
Malware Database: v2014.12.10.06
Rootkit Database: v2014.12.08.03
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Amber

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 522626
Time Elapsed: 2 hr, 22 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

This is the AdwCleaner results (the browser hijacker is still in effect at this point btw).

 

# AdwCleaner v4.105 - Report created 10/12/2014 at 06:37:47
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Amber - AMBER-PC
# Running from : C:\Users\Amber\Desktop\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[w8jbeeky.default-1409714754250\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://startsear.info");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [7137 octets] - [07/12/2014 13:58:16]
AdwCleaner[R1].txt - [1220 octets] - [07/12/2014 14:07:46]
AdwCleaner[R2].txt - [1226 octets] - [07/12/2014 14:23:32]
AdwCleaner[R3].txt - [1466 octets] - [10/12/2014 06:33:18]
AdwCleaner[s0].txt - [7269 octets] - [07/12/2014 14:03:24]
AdwCleaner[s1].txt - [1273 octets] - [07/12/2014 14:12:53]
AdwCleaner[s2].txt - [1269 octets] - [07/12/2014 14:30:46]
AdwCleaner[s3].txt - [1379 octets] - [10/12/2014 06:37:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1439 octets] ##########
 

Link to post
Share on other sites

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x86
Ran by Amber on Wed 12/10/2014 at  6:42:11.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [service] antispywareservice
Successfully deleted: [service] antispywareservice



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{652853ad-5592-4231-88c6-706613a52e61}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2018166790-2710611180-2692593988-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652853AD-5592-4231-88C6-706613A52E61}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



~~~ Files

Successfully deleted: [File] C:\windows\System32\Tasks\task82225818



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Amber\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Successfully deleted the following from C:\Users\Amber\AppData\Roaming\mozilla\firefox\profiles\w8jbeeky.default-1409714754250\prefs.js

user_pref("browser.startup.homepage", "hxxp://startsear.info");
Emptied folder: C:\Users\Amber\AppData\Roaming\mozilla\firefox\profiles\w8jbeeky.default-1409714754250\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/10/2014 at  6:45:29.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.2, December 2009
Started On Wed Dec 16 19:29:08 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:1048 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 16 19:30:23 2009


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.3, January 2010
Started On Wed Jan 13 00:48:31 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:1288 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 13 00:49:15 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.4, February 2010
Started On Thu Feb 11 09:37:01 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:3936 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 11 09:37:59 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.5, March 2010
Started On Tue Mar 16 13:34:13 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:5528 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 16 13:35:08 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.6, April 2010
Started On Thu Apr 15 20:28:23 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:10748 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 15 20:29:30 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Thu May 13 10:48:09 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:2520 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 13 10:49:09 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.8, June 2010
Started On Wed Jun 09 03:00:45 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 09 03:01:43 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.9, July 2010
Started On Wed Jul 14 09:40:10 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:5200 (code 0x00000005 (5))
-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 14 09:41:16 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.10, August 2010
Started On Thu Aug 12 03:01:14 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:2780 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:3580 (code 0x00000057 (87))
-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 12 03:02:12 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.11, September 2010
Started On Wed Sep 15 15:13:24 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:5020 (code 0x00000005 (5))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 15 15:14:20 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.12, October 2010
Started On Thu Oct 14 09:13:45 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:1368 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:2388 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:2500 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:632 (code 0x00000005 (5))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 14 09:15:01 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.13, November 2010
Started On Fri Nov 12 06:57:38 2010
->Scan ERROR: resource process://pid:1072 (code 0x00000005 (5))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 12 06:58:48 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.14, December 2010
Started On Wed Dec 15 03:02:04 2010
->Scan ERROR: resource process://pid:5884 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:4172 (code 0x00000490 (1168))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 15 03:05:11 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.15, January 2011
Started On Wed Jan 12 09:42:02 2011
->Scan ERROR: resource process://pid:6508 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:4444 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:7356 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7916 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:1804 (code 0x00000490 (1168))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 12 22:35:31 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.16, February 2011
Started On Thu Feb 10 11:47:07 2011
->Scan ERROR: resource process://pid:6572 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:15624 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:6692 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:8648 (code 0x0000012B (299))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 10 11:48:25 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.17, March 2011
Started On Thu Mar 10 03:01:27 2011
->Scan ERROR: resource process://pid:4296 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:4536 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 10 03:02:42 2011


Return code: 0 (0x0)
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by Amber (administrator) on AMBER-PC on 10-12-2014 06:58:14
Running from C:\Users\Amber\Desktop
Loaded Profile: Amber (Available profiles: Amber)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amber.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Amber\AppData\Roaming\English\Windows 7.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Amber\AppData\Roaming\AMBER-PC\Amber.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2419440 2013-08-28] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [DivXUpdate] => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\Run: [Desktop Software] => "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\Run: [spotify Web Helper] => C:\Users\Amber\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-05-22] (Spotify Ltd)
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\Run: [AMBER-PC] => C:\Users\Amber\AppData\Roaming\video.exe [6501009 2014-02-27] ()
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\MountPoints2: {2972066b-5b9c-11df-9475-001e33fc1e14} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\MountPoints2: {3222af10-a6c3-11e1-9215-001e33fc1e14} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\MountPoints2: {79e56036-a3ab-11e1-9477-001e33fc1e14} - E:\setup.exe -a
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\MountPoints2: {86a63694-162c-11e2-a75a-001e33fc1e14} - F:\TL-Bootstrap.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amber.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [s-1-5-21-2018166790-2710611180-2692593988-1001] => http=127.0.0.1:53151
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2018166790-2710611180-2692593988-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
SearchScopes: HKU\S-1-5-21-2018166790-2710611180-2692593988-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files\xfin_portal\auxi\comcastAu.dll No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-2018166790-2710611180-2692593988-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\w8jbeeky.default-1409714754250
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://startsear.info
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2018166790-2710611180-2692593988-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Amber\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-24]
FF HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\Firefox\Extensions: [{2ED71FB1-0035-4EE4-817D-0FC01BC49CC8}] - C:\Users\Amber\AppData\Local\{2ED71FB1-0035-4EE4-817D-0FC01BC49CC8}
FF Extension: XULRunner - C:\Users\Amber\AppData\Local\{2ED71FB1-0035-4EE4-817D-0FC01BC49CC8} [2011-05-03]
FF HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-11] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\windows\System32\DRIVERS\amd_sata.sys [70464 2014-04-27] (Advanced Micro Devices)
R0 amd_xata; C:\windows\System32\DRIVERS\amd_xata.sys [34624 2014-04-27] (Advanced Micro Devices)
S3 HtcVCom32; C:\windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [75480 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 RTL8187B; C:\windows\System32\DRIVERS\wg111v3.sys [289280 2007-12-28] (NETGEAR Inc.                           )
R3 RTL8187Se; C:\windows\System32\DRIVERS\RTL8187Se.sys [373248 2009-10-29] (Realtek Semiconductor Corporation                           )
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S3 usbbus; C:\windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.)
S3 UsbDiag; C:\windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.)
S3 USBModem; C:\windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 06:58 - 2014-12-10 06:58 - 00016100 _____ () C:\Users\Amber\Desktop\FRST.txt
2014-12-10 06:45 - 2014-12-10 06:45 - 00002955 _____ () C:\Users\Amber\Desktop\JRT.txt
2014-12-10 06:42 - 2014-12-10 06:42 - 00000000 ____D () C:\windows\ERUNT
2014-12-10 06:32 - 2014-12-10 06:32 - 02166272 _____ () C:\Users\Amber\Desktop\adwcleaner_4.105.exe
2014-12-10 06:21 - 2014-02-27 14:54 - 06501009 ___SH () C:\Users\Amber\AppData\Roaming\video.exe
2014-12-10 00:06 - 2014-12-10 00:06 - 01707646 _____ (Thisisu) C:\Users\Amber\Desktop\JRT.exe
2014-12-10 00:05 - 2014-12-10 00:06 - 35962568 _____ (Microsoft Corporation) C:\Users\Amber\Desktop\Windows-KB890830-V5.19.exe
2014-12-09 09:31 - 2014-12-09 09:31 - 00000000 __SHD () C:\Users\Amber\AppData\Local\EmieBrowserModeList
2014-12-07 14:27 - 2014-12-07 14:27 - 00052649 _____ () C:\Users\Amber\Downloads\Shortcut.txt
2014-12-07 14:11 - 2014-12-07 14:12 - 00033617 _____ () C:\Users\Amber\Downloads\Addition.txt
2014-12-07 14:07 - 2014-12-07 14:27 - 00048990 _____ () C:\Users\Amber\Downloads\FRST.txt
2014-12-07 13:59 - 2014-12-10 06:58 - 00000000 ____D () C:\FRST
2014-12-07 13:58 - 2014-12-10 06:37 - 00000000 ____D () C:\AdwCleaner
2014-12-07 13:58 - 2014-12-07 14:22 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-07 13:58 - 2014-12-07 13:59 - 01111040 _____ (Farbar) C:\Users\Amber\Desktop\FRST.exe
2014-12-05 11:08 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-05 11:08 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-05 11:08 - 2014-11-05 21:28 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-05 11:08 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-05 11:08 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-05 11:08 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-05 11:08 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-05 11:08 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-05 11:08 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-05 11:08 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-05 11:08 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-05 11:08 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-05 11:08 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-05 11:08 - 2014-11-05 20:59 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-05 11:08 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-05 11:08 - 2014-11-05 20:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-05 11:08 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-05 11:08 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-05 11:08 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-05 11:08 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-05 11:08 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-05 11:08 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-05 11:08 - 2014-11-05 20:22 - 00683008 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-05 11:08 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-05 11:08 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-05 11:08 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-05 11:08 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-05 11:08 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-05 11:08 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-05 11:08 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-30 17:13 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-30 17:12 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-30 17:12 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-30 17:12 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-30 17:12 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-30 17:12 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-30 17:12 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-30 17:12 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-30 17:12 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-26 10:23 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-11-26 10:22 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-11-26 10:22 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-11-26 10:22 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-11-23 19:39 - 2014-11-05 11:50 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-23 19:39 - 2014-11-05 11:50 - 00203776 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-23 19:39 - 2014-11-05 11:47 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-23 19:39 - 2014-10-02 19:44 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-23 19:39 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-23 19:39 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-23 19:39 - 2014-10-02 19:44 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-23 19:39 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-23 19:37 - 2014-10-13 19:56 - 00136632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-23 19:37 - 2014-10-13 19:50 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-23 19:37 - 2014-10-13 19:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-23 19:37 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-23 19:37 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-23 19:36 - 2013-07-20 04:33 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-11-22 11:19 - 2014-10-09 18:45 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-21 16:02 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-18 20:33 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-18 20:33 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-17 21:14 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-17 21:14 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 17:16 - 2014-11-12 17:16 - 00000000 ____D () C:\Program Files\Reference Assemblies

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 06:57 - 2009-07-13 22:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 06:57 - 2009-07-13 22:34 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 06:55 - 2014-02-27 22:38 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\English
2014-12-10 06:54 - 2009-09-01 23:32 - 00738918 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-10 06:52 - 2009-10-14 00:27 - 01863985 _____ () C:\windows\WindowsUpdate.log
2014-12-10 06:49 - 2014-10-19 12:46 - 00000000 ____D () C:\Users\Amber\AppData\Local\HTC MediaHub
2014-12-10 06:48 - 2014-06-23 17:52 - 00018836 _____ () C:\windows\setupact.log
2014-12-10 06:48 - 2009-07-13 22:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-10 06:38 - 2009-09-01 23:53 - 00385030 _____ () C:\windows\PFRO.log
2014-12-10 06:24 - 2014-04-30 06:58 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-10 06:24 - 2010-01-26 22:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-10 06:21 - 2011-11-13 21:24 - 00000000 ____D () C:\windows\Minidump
2014-12-10 06:16 - 2012-10-23 11:09 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 00:03 - 2012-05-25 17:42 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-12-10 00:03 - 2011-11-05 14:42 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 23:59 - 2009-11-09 03:48 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\uTorrent
2014-12-07 15:38 - 2010-02-07 11:15 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\vlc
2014-12-07 15:13 - 2009-07-13 22:52 - 00000000 ____D () C:\windows\Performance
2014-12-07 14:41 - 2014-04-30 09:40 - 00001035 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-07 14:41 - 2014-04-30 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-07 14:41 - 2014-04-30 09:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-05 11:14 - 2009-07-13 20:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-12-05 07:41 - 2014-06-02 21:48 - 00000000 ____D () C:\Users\Amber\Documents\Outlook Files
2014-12-04 09:22 - 2009-07-13 20:37 - 00000000 ____D () C:\windows\rescache
2014-11-30 17:08 - 2009-07-13 22:33 - 00484016 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-30 17:06 - 2014-05-12 20:26 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-27 16:40 - 2009-12-16 19:29 - 109818608 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-26 10:25 - 2009-10-14 00:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-22 11:23 - 2012-07-14 10:38 - 00000000 ____D () C:\Users\Amber\Documents\My Scans
2014-11-21 06:14 - 2014-04-30 09:39 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-04-30 09:39 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-04-30 09:39 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-18 09:16 - 2013-08-16 08:08 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 17:25 - 2014-04-29 22:53 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\JRT Studio
2014-11-12 17:24 - 2013-02-19 13:34 - 00000000 ____D () C:\Users\Amber\Documents\JRT Studio
2014-11-12 17:17 - 2013-07-19 10:17 - 00002997 _____ () C:\Users\Amber\Desktop\iSyncr.lnk
2014-11-12 17:17 - 2013-07-19 10:17 - 00000000 ____D () C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JRT Studio
2014-11-12 17:16 - 2009-07-13 22:52 - 00000000 ____D () C:\Program Files\MSBuild

Some content of TEMP:
====================
C:\Users\Amber\AppData\Local\Temp\88720uninstall.exe
C:\Users\Amber\AppData\Local\Temp\ose00000.exe
C:\Users\Amber\AppData\Local\Temp\Quarantine.exe
C:\Users\Amber\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 09:38

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2014 01
Ran by Amber at 2014-12-10 07:02:13
Running from C:\Users\Amber\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F39BE87B-E80E-AF64-8722-A5BA2FF82997}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CourseSmart Bookshelf (HKLM\...\{FCB7FB28-11BA-4897-8CA2-EFC9C2AC4DFF}) (Version: 5.03.0039 - Ingram Digital)
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version:  - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirectVobSub 2.40.4209 (HKLM\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync (HKLM\...\{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}) (Version: 2.0.40 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iSyncr (HKLM\...\{81392B7C-101D-49F1-B805-AB1B1798ECFB}) (Version: 5.0.8 - JRT Studio)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mathematica Player (M-WIN-D 7.0.1 1223367) (HKLM\...\M-WIN-D 7.0.1 1223367_is1) (Version: 7.0.1 - Wolfram Research, Inc.)
MathType 6 (HKLM\...\DSMT6) (Version: 6.6 - Design Science, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Norton Internet Security (Version: 16.7.0.30 - Symantec Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Rosetta Stone Version 3 (HKLM\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.7.0 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation)
Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.0 - TOSHIBA Corporation)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.26 - TOSHIBA Corporation)
ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2018166790-2710611180-2692593988-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2018166790-2710611180-2692593988-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2018166790-2710611180-2692593988-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2018166790-2710611180-2692593988-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2018166790-2710611180-2692593988-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Amber\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

==================== Restore Points  =========================

29-10-2014 14:58:44 Windows Update
30-10-2014 19:47:11 Windows Update
02-11-2014 08:00:22 Windows Update
05-11-2014 00:48:27 Windows Backup
10-11-2014 14:06:45 Windows Backup
12-11-2014 23:06:47 Installed iSyncr
12-11-2014 23:15:02 Windows Modules Installer
12-11-2014 23:17:16 Installed iSyncr
18-11-2014 15:11:00 Windows Update
20-11-2014 19:56:12 Windows Modules Installer
22-11-2014 17:11:59 Windows Update
24-11-2014 01:00:00 Windows Backup
26-11-2014 16:21:22 Windows Update
02-12-2014 13:46:11 Windows Update
02-12-2014 13:46:36 Windows Backup
05-12-2014 12:47:39 Windows Update
07-12-2014 19:43:16 Windows Update
08-12-2014 01:00:08 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2011-11-13 12:19 - 00000761 _RASH C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {22B8E1A4-F083-41AF-81E2-2A8C30E50B81} - System32\Tasks\Regwork => C:\Program Files\RegWork\RegWork.exe
Task: {2843F4F9-2C7B-4D8C-A4F0-FB167B126BD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {28F5DB85-F597-428E-8B99-329CBF64CA98} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9C5424C2-208E-4E6D-968E-F7BBA715A33F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {ABC1805A-5C50-455F-8AB1-EF7865DDDF5E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {FA4DE963-1263-47C4-92B2-03DF4377220E} - \task82225818 No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Regwork.job => C:\Program Files\RegWork\RegWork.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-06 12:40 - 2014-08-06 12:40 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-08-06 12:41 - 2014-08-06 12:41 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 12:41 - 2014-08-06 12:41 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 12:41 - 2014-08-06 12:41 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 12:42 - 2014-08-06 12:42 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 12:44 - 2014-08-06 12:44 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 12:46 - 2014-08-06 12:46 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-08-06 12:42 - 2014-08-06 12:42 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-02-27 22:38 - 2014-02-27 14:54 - 06501009 ____S () C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amber.exe
2014-02-27 22:38 - 2014-02-27 22:38 - 01973649 _____ () C:\Users\Amber\AppData\Roaming\English\Windows 7.exe
2014-04-30 07:57 - 2014-12-10 06:24 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-27 22:39 - 2014-02-27 14:55 - 01367997 ___SH () C:\Users\Amber\AppData\Roaming\AMBER-PC\Amber.exe
2014-02-27 22:39 - 2014-02-27 14:55 - 01218028 ___SH () C:\Users\Amber\AppData\Roaming\AMBER-PC\miner.dll
2014-02-27 22:39 - 2014-02-27 14:55 - 01739166 ___SH () C:\Users\Amber\AppData\Roaming\AMBER-PC\usft_ext.dll
2014-02-27 22:39 - 2014-02-27 14:55 - 01025671 ___SH () C:\Users\Amber\AppData\Roaming\AMBER-PC\coinutil.dll
2014-02-27 22:39 - 2014-02-27 14:55 - 00850403 ___SH () C:\Users\Amber\AppData\Roaming\AMBER-PC\MPIR.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DA868A70

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2018166790-2710611180-2692593988-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: conhost => C:\Users\Amber\AppData\Roaming\Microsoft\conhost.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Mobile Connectivity Suite => "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
MSCONFIG\startupreg: MyTOSHIBA => "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2018166790-2710611180-2692593988-500 - Administrator - Disabled)
Amber (S-1-5-21-2018166790-2710611180-2692593988-1001 - Administrator - Enabled) => C:\Users\Amber
Guest (S-1-5-21-2018166790-2710611180-2692593988-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2018166790-2710611180-2692593988-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Deskjet 3050A J611 series
Description: Deskjet 3050A J611 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/10/2014 06:48:52 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/10/2014 06:48:52 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon II Dual-Core M300
Percentage of memory in use: 36%
Total physical RAM: 2812.17 MB
Available physical RAM: 1774.19 MB
Total Pagefile: 5622.63 MB
Available Pagefile: 4547.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.19 MB

==================== Drives ================================

Drive c: (TI103426W0D) (Fixed) (Total:288.71 GB) (Free:223.68 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 89E6579C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.9 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

Yes I can see it listed in the logs, couple things to do before we progress:

 

Do you know of or trust the following Proxy server:

 

ProxyServer: [s-1-5-21-2018166790-2710611180-2692593988-1001] => http=127.0.0.1:53151

 

Next,

 

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\Users\Amber\AppData\Roaming\video.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

 

Thanks...

Link to post
Share on other sites

I'm not sure what a proxy server is, or what that one posted above is.

ALYac Gen:Variant.Kazy.367496 20141210 AVG Generic34.BSHV 20141210 AVware Trojan.Win32.Generic!BT 20141209 Ad-Aware Gen:Variant.Kazy.367496 20141210 Agnitum TrojanSpy.Carberp!C4teSSSAs8o 20141210 AhnLab-V3 Spyware/Win32.Carberp 20141210 Antiy-AVL Trojan[PSWTool:not-a-virus]/Win32.FirePass 20141210 Avast Win32:PasswordDump-A [Tool] 20141210 Avira TR/Symmi.18328.26 20141210 BitDefender Gen:Variant.Kazy.367496 20141210 CAT-QuickHeal PSWTool.FirePass.r4 (Not a Virus) 20141210 ClamAV Trojan.Firepass 20141210 DrWeb Trojan.Siggen6.12756 20141210 ESET-NOD32 a variant of Win32/SecurityXploded.D 20141210 Emsisoft Gen:Variant.Kazy.367496 (B) 20141210 F-Secure Gen:Variant.Kazy.367496 20141210 Fortinet W32/Carberp.ABXE!tr 20141210 GData Gen:Variant.Kazy.367496 20141210 Ikarus not-a-virus:PSWTool.PasswordFinder 20141210 Jiangmin TrojanSpy.Carberp.fxc 20141210 K7AntiVirus Password-Stealer ( 002810101 ) 20141210 K7GW Password-Stealer ( 002810101 ) 20141210 Kaspersky Trojan-Spy.Win32.Carberp.abxe 20141210 McAfee Artemis!FF8CCA2EEBBE 20141210 McAfee-GW-Edition Artemis 20141210 MicroWorld-eScan Gen:Variant.Kazy.367496 20141210 NANO-Antivirus Trojan.Win32.Carberp.cxilbn 20141210 Norman Carberp.DUV 20141210 Qihoo-360 Win32/Trojan.0ed 20141210 Rising PE:Spyware.Gen2!6.10EE 20141210 Sophos Generic PUA JE 20141210 Symantec Trojan.ADH.2 20141210 Tencent Win32.Trojan-spy.Carberp.Egye 20141210 TrendMicro TROJ_SPNR.06C714 20141210 TrendMicro-HouseCall TROJ_SPNR.06C714 20141210 VBA32 TrojanSpy.Carberp 20141210 VIPRE Trojan.Win32.Generic!BT 20141210 Zillya Trojan.Carberp.Win32.4288 20141210 AegisLab   20141210 Baidu-International   20141210 Bkav   20141210 ByteHero   20141210 CMC   20141208 Comodo   20141210 Cyren   20141210 F-Prot   20141210 Kingsoft   20141210 Malwarebytes   20141210 Microsoft   20141210 Panda   20141210 SUPERAntiSpyware   20141210 TheHacker   20141208 TotalDefense   20141210 ViRobot   20141210 Zoner   20141210 nProtect   20141210
Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

Fixlist.txt

Link to post
Share on other sites

 

SHA256:

 

80736950e34ed8995a740456a6c50c95b90eda929550a60686f94db8ba961195

File name: video.exe Detection ratio: 38 / 56 Analysis date: 2014-12-10 20:54:54 UTC ( 0 minutes ago )

 

Developer metadata
Product software
Internal name software
File version 0.0.0.9
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-03 04:13:27
Entry Point 0x00050501
Number of sections 5
PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text 4096 377396 377856 6.57 f6d6ec6c743e359d018c4fb75e9ffebe
.rdata 385024 102304 102400 6.12 d3034559b1773e856fff7985c19c0373
.data 487424 39880 6656 3.36 0c16a813064f3a42666c9f4328751018
.rsrc 528384 5584424 5584896 2.92 aa9da620793b764b99fb2e66c5fb68fd
.reloc 6115328 32982 33280 6.31 f909e80e34e1ec53f886193d775e0c25
PE imports Number of PE resources by type
RT_RCDATA 5
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL DEFAULT 4
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0
LinkerVersion
10.0
ImageVersion
0.0
FileSubtype
0
FileVersionNumber
0.0.0.9
LanguageCode
English (U.S.)
FileFlagsMask
0x003f
CharacterSet
Unicode
InitializedDataSize
5727232
MIMEType
application/octet-stream
FileVersion
0.0.0.9
TimeStamp
2013:11:03 05:13:27+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
software
FileAccessDate
2014:12:10 21:55:07+01:00
ProductVersion
0.0.0.9
SubsystemVersion
5.1
OSVersion
5.1
FileCreateDate
2014:12:10 21:55:07+01:00
FileOS
Win32
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CodeSize
377856
ProductName
software
ProductVersionNumber
0.0.0.9
EntryPoint
0x50501
ObjectFileType
Executable application

 

MD5 ff8cca2eebbe8fc5faea4dfb8e3a7fa0
SHA1 94de889e4d9fc703bf6d54be1714daf467a88dda
SHA256 80736950e34ed8995a740456a6c50c95b90eda929550a60686f94db8ba961195
ssdeep
49152:ulu2u0DUXYQLIlzfX7F6QBa9BgFxcvLJa:Au4UXvLIVX/oBzLA
authentihash c80445ab3c7587feaf58a928045841f57df216ada4f853ddb07e5091f20bcc55
imphash 0cebf3eb43ebb4c5af2fb9ab708121f6
File size 6.2 MB ( 6501009 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID InstallShield setup (48.1%)

Win32 Executable MS Visual C++ (generic) (34.9%)

Win32 Dynamic Link Library (generic) (7.3%)

Win32 Executable (generic) (5.0%)

Generic Win/DOS Executable (2.2%)

Tags
peexe
VirusTotal metadata
First submission 2014-03-01 20:39:14 UTC ( 9 months, 2 weeks ago )
Last submission 2014-12-10 20:54:54 UTC ( 26 minutes ago )
File names vt-upload-ku_Xz

video.exe

software

Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight

 

Maybe I was supposed to post this?

Link to post
Share on other sites

RogueKiller V10.0.9.0 [Dec  8 2014] by Adlice Software
mail : http://startsear.info -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[suspicious.Path?Suspicious.Startup][File] Amber.exe -- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amber.exe -> Found

¤¤¤ Hosts File : 2 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\windows\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] w8jbeeky.default-1409714754250 : user_pref("browser.startup.homepage", "google.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 SATA Disk Device +++++
--- User ---
[MBR] e2a42df7b920a2480088166d36acef33
[bSP] 2273afcae0e45151daed3637a2b7886d : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 295636 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608536576 | Size: 8108 MB
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.