Jump to content

error code 0x80073b01 HELP !!!

blkburnbandit
 Share

Recommended Posts

blkburnbandit Newbie

blkburnbandit

Posted
Posted

hi

 

I have the following message appear once my laptop has started up "Microsoft security client. An error has occurred in the program during initialization. If this problem continues please contact your system administrator error code 0x80073b01"

 

I tried running a scan on Microsoft security essentials but when I try to open it the message appears again. Ive tried to restore to an earlier point. but once this is done a message saying " system restore has not completed properly". It wont let me uninstall security essentials to download again. Ive downloaded avg and other virus protection and done scans and removed a couple of viruses but the same problem is there. any help in basic English would be greatly appreciated. I presume until Microsoft security essentials is up and running again im not protected?

 

thanks

  • Replies 21
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Armageddon Newbie

Armageddon

Posted
Posted
Hi and welcome to Fpch first of all am going move your post to the malware removal section then ask the Security Guys to have a look could you please post what other scans you have run any and all information we have at this point will help

Google is your friend

 

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

 

 

Armageddon Newbie

Armageddon

Posted
Posted

Hi again before the Security guys take a look could you run the following scan and post the resulting log in your next reply , this will give our guys a head start in helping you resolve your issues

 

Note:

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

 

If you are unsure what you're system bit type is..... click Here for help.

 

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

 

 

 

 

When FRST is run it will make a backup of your registry before compiling the report.

Google is your friend

 

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

 

 

blkburnbandit Newbie

blkburnbandit

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013

Ran by lee (administrator) on LEE-TOSH on 17-11-2013 10:42:36

Running from C:\Users\lee\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

() C:\ProgramData\MobileBrServ\mbbservice.exe

(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Toshiba) C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Intel Corporation) C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [571304 2010-12-09] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] - C:\Program Files\Toshiba\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)

HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)

HKLM\...\Run: [Teco] - C:\Program Files\Toshiba\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] - C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [150992 2011-09-08] (Toshiba Europe GmbH)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-08] (Google Inc.)

HKCU\...\Run: [Facebook Update] - C:\Users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-20] (Facebook Inc.)

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

MountPoints2: {34c8318a-10bb-11e2-b4f2-047d7b85f4c8} - F:\AutoRun.exe

MountPoints2: {34c83190-10bb-11e2-b4f2-047d7b85f4c8} - F:\AutoRun.exe

MountPoints2: {e70f72f7-9efd-11e2-8657-047d7b85f4c8} - F:\Startme.exe

HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)

HKLM-x32\...\Run: [iTSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)

HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [KNOWHOW APP CENTRE] - C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk [1274 2012-07-24] ()

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)

HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)

HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)

AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll [ ] ()

AppInit_DLLs-x32: c:\progra~2\search~1\datamngr\iebho.dll [ ] ()

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

BootExecute: autocheck autochk * 愀甀琀漀挀栀攀挀欀 琀甀爀攀最漀瀀琀

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA

URLSearchHook: HKLM-x32 - u*******Control_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\u*******Control_v2\prxtbuTor.dll (Conduit Ltd.)

URLSearchHook: HKCU - u*******Control_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\u*******Control_v2\prxtbuTor.dll (Conduit Ltd.)

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.mocaflix.com/?l=1&q={searchTerms}

SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKCU - {ABD6AA51-0630-4B35-AA08-A1E2182A70E6} URL = http://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468

SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.mocaflix.com/?l=1&q={searchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - No File

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: u*******Control_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\u*******Control_v2\prxtbuTor.dll (Conduit Ltd.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - u*******Control_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\u*******Control_v2\prxtbuTor.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File

DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

Chrome:

=======

CHR HomePage: hxxp://websearch.mocaflix.com/

CHR RestoreOnStartup: "hxxp://websearch.mocaflix.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File

CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Default Plug-in) - default_plugin No File

CHR Extension: (u*******Control_v2) - C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (SaveAs) - C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopkkceehnncolpbcaklchacffmdmbcl\2_0

CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\lee\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx

CHR HKLM-x32\...\Chrome\Extension: [nopkkceehnncolpbcaklchacffmdmbcl] - C:\ProgramData\SaveAs\nopkkceehnncolpbcaklchacffmdmbcl.crx

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)

R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1435928 2013-09-10] (Trusteer Ltd.)

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2099000 2013-10-30] (AVG)

R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-10-30] (AVG)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-08-06] ()

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.)

S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [295696 2013-09-10] (Trusteer Ltd.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.)

S3 Tosrfcom; No ImagePath

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)

S1 chiokrql; \??\C:\Windows\system32\drivers\chiokrql.sys [x]

S1 dldntqub; \??\C:\Windows\system32\drivers\dldntqub.sys [x]

S1 kimhhppp; \??\C:\Windows\system32\drivers\kimhhppp.sys [x]

S1 mgxpldch; \??\C:\Windows\system32\drivers\mgxpldch.sys [x]

S1 opevsddg; \??\C:\Windows\system32\drivers\opevsddg.sys [x]

S1 rocerlsp; \??\C:\Windows\system32\drivers\rocerlsp.sys [x]

S1 snzascki; \??\C:\Windows\system32\drivers\snzascki.sys [x]

S1 tfnyklkd; \??\C:\Windows\system32\drivers\tfnyklkd.sys [x]

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2013-11-17 10:42 - 2013-11-17 10:43 - 00019716 _____ C:\Users\lee\Downloads\FRST.txt

2013-11-17 10:42 - 2013-11-17 10:42 - 00000000 ____D C:\FRST

2013-11-17 10:41 - 2013-11-17 10:42 - 01958236 _____ (Farbar) C:\Users\lee\Downloads\FRST64.exe

2013-11-17 10:28 - 2013-11-17 10:28 - 00000056 _____ C:\Windows\setupact.log

2013-11-17 10:28 - 2013-11-17 10:28 - 00000000 _____ C:\Windows\setuperr.log

2013-11-16 21:32 - 2013-11-16 21:32 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-11-16 18:45 - 2013-11-16 18:45 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program

2013-11-16 18:40 - 2013-10-30 10:27 - 00042808 _____ (AVG) C:\Windows\system32\uxtuneup.dll

2013-11-16 18:40 - 2013-10-30 10:27 - 00035640 _____ (AVG) C:\Windows\SysWOW64\uxtuneup.dll

2013-11-16 18:40 - 2013-10-30 10:27 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll

2013-11-16 18:40 - 2013-10-30 10:27 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll

2013-11-16 18:39 - 2013-11-16 18:39 - 00002192 _____ C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk

2013-11-16 18:39 - 2013-11-16 18:39 - 00002166 _____ C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk

2013-11-16 18:39 - 2013-10-30 10:27 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe

2013-11-16 18:38 - 2013-11-16 18:45 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2013-11-16 18:38 - 2013-11-16 18:41 - 00000000 ____D C:\ProgramData\AVG

2013-11-16 18:38 - 2013-11-16 18:38 - 00000000 ____D C:\Users\lee\AppData\Roaming\AVG

2013-11-16 18:32 - 2013-11-16 18:32 - 00000000 ____D C:\Users\lee\AppData\Roaming\AVG2014

2013-11-16 18:31 - 2013-11-16 18:31 - 00000932 _____ C:\Users\Public\Desktop\AVG 2014.lnk

2013-11-16 18:31 - 2013-11-16 18:31 - 00000000 ___HD C:\$AVG

2013-11-16 18:30 - 2013-11-16 18:38 - 00000000 ____D C:\Program Files (x86)\AVG

2013-11-16 18:28 - 2013-11-16 18:32 - 00000000 ____D C:\Users\lee\AppData\Local\Avg2014

2013-11-16 15:34 - 2013-10-12 08:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-16 15:34 - 2013-10-12 08:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-16 15:34 - 2013-10-12 08:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-16 15:34 - 2013-10-12 08:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-16 15:34 - 2013-10-12 07:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-16 15:34 - 2013-10-12 07:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-16 15:34 - 2013-10-12 06:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-16 15:34 - 2013-10-12 06:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-16 15:34 - 2013-10-12 05:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-16 15:34 - 2013-10-12 05:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-16 15:00 - 2013-11-16 15:00 - 00002970 _____ C:\Windows\System32\Tasks\{FF835B1B-B119-48EC-B38E-F5ED88D67C3D}

2013-11-16 14:59 - 2013-11-16 14:59 - 00002970 _____ C:\Windows\System32\Tasks\{22A4902F-C97D-4F98-B541-8509AD5853F9}

2013-11-16 14:50 - 2013-11-16 14:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2013-11-16 14:23 - 2013-11-16 14:23 - 00000000 ____D C:\Users\lee\AppData\Roaming\Malwarebytes

2013-11-16 14:22 - 2013-11-16 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-16 14:16 - 2013-11-16 14:50 - 00000000 ____D C:\ProgramData\HitmanPro

2013-11-16 13:34 - 2013-11-16 18:32 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute

2013-11-16 13:34 - 2013-11-16 13:34 - 00000000 ____D C:\Users\lee\AppData\Roaming\TuneUp Software

2013-11-16 13:33 - 2013-11-16 18:32 - 00000000 ____D C:\ProgramData\AVG2014

2013-11-16 13:30 - 2013-11-17 10:35 - 00000000 ____D C:\ProgramData\MFAData

2013-11-16 13:30 - 2013-11-16 13:30 - 00000000 ____D C:\Users\lee\AppData\Local\MFAData

2013-11-16 10:52 - 2013-11-16 10:52 - 00000000 ____D C:\ProgramData\ErrorEND64

2013-11-16 10:40 - 2013-11-16 10:40 - 00000000 ____D C:\Windows\system32\config\amd64

2013-11-16 10:40 - 2013-10-23 18:23 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll

2013-11-16 10:40 - 2013-10-23 17:14 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll

2013-11-16 10:36 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-16 10:36 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-16 10:36 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-16 10:36 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-16 10:36 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-16 10:36 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-16 10:36 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-16 10:36 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-16 10:36 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-16 10:35 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-16 10:35 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-16 10:35 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-16 10:35 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-16 10:35 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-16 10:35 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-16 10:35 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-16 10:35 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-16 10:35 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-16 10:35 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-16 10:35 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-16 10:35 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-16 10:35 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-16 10:35 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-16 10:33 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-16 10:32 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-16 10:32 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-16 10:32 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-16 10:32 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-16 10:32 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-16 10:32 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-13 20:02 - 2013-11-13 20:03 - 00012600 _____ C:\ProgramData\r0zjr8z0.bxx

2013-11-13 20:01 - 2013-11-13 20:01 - 00000000 _____ C:\ProgramData\r0zjr8z0.fvv

2013-11-12 20:26 - 2013-11-12 20:26 - 00000000 _____ C:\ProgramData\mqlfmqvlfb.fvv

2013-11-10 20:22 - 2013-11-10 20:22 - 00000000 _____ C:\ProgramData\brj6wl0lf.fvv

2013-11-09 18:25 - 2013-11-09 18:30 - 00012600 _____ C:\ProgramData\odafrdji.bxx

2013-11-09 18:22 - 2013-11-09 18:22 - 00000000 _____ C:\ProgramData\odafrdji.fvv

2013-10-28 17:38 - 2013-10-28 17:38 - 00000000 _____ C:\ProgramData\7t8hrjzjt.fvv

==================== One Month Modified Files and Folders =======

2013-11-17 10:43 - 2013-11-17 10:42 - 00019716 _____ C:\Users\lee\Downloads\FRST.txt

2013-11-17 10:42 - 2013-11-17 10:42 - 00000000 ____D C:\FRST

2013-11-17 10:42 - 2013-11-17 10:41 - 01958236 _____ (Farbar) C:\Users\lee\Downloads\FRST64.exe

2013-11-17 10:37 - 2009-07-14 04:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-17 10:37 - 2009-07-14 04:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-17 10:36 - 2012-10-20 20:01 - 00003902 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000UA

2013-11-17 10:36 - 2012-10-20 20:01 - 00003534 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000Core

2013-11-17 10:36 - 2012-10-20 20:01 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000UA.job

2013-11-17 10:36 - 2012-10-20 20:01 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000Core.job

2013-11-17 10:35 - 2013-11-16 13:30 - 00000000 ____D C:\ProgramData\MFAData

2013-11-17 10:33 - 2012-11-15 17:44 - 01535918 _____ C:\Windows\WindowsUpdate.log

2013-11-17 10:29 - 2011-09-08 09:26 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-17 10:28 - 2013-11-17 10:28 - 00000056 _____ C:\Windows\setupact.log

2013-11-17 10:28 - 2013-11-17 10:28 - 00000000 _____ C:\Windows\setuperr.log

2013-11-17 10:28 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-17 00:34 - 2011-09-08 07:58 - 00000000 ____D C:\Windows\Panther

2013-11-17 00:32 - 2012-08-28 10:24 - 00000000 ____D C:\Users\lee\AppData\Roaming\Skype

2013-11-17 00:27 - 2012-08-26 17:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-11-17 00:04 - 2011-09-08 09:26 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-16 21:32 - 2013-11-16 21:32 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-11-16 21:32 - 2011-09-08 09:04 - 00000000 ____D C:\ProgramData\Skype

2013-11-16 18:45 - 2013-11-16 18:45 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program

2013-11-16 18:45 - 2013-11-16 18:38 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2013-11-16 18:45 - 2012-07-24 15:34 - 00000000 ____D C:\Users\Public\Desktop\Desktop Shortcuts

2013-11-16 18:41 - 2013-11-16 18:38 - 00000000 ____D C:\ProgramData\AVG

2013-11-16 18:39 - 2013-11-16 18:39 - 00002192 _____ C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk

2013-11-16 18:39 - 2013-11-16 18:39 - 00002166 _____ C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk

2013-11-16 18:38 - 2013-11-16 18:38 - 00000000 ____D C:\Users\lee\AppData\Roaming\AVG

2013-11-16 18:38 - 2013-11-16 18:30 - 00000000 ____D C:\Program Files (x86)\AVG

2013-11-16 18:32 - 2013-11-16 18:32 - 00000000 ____D C:\Users\lee\AppData\Roaming\AVG2014

2013-11-16 18:32 - 2013-11-16 18:28 - 00000000 ____D C:\Users\lee\AppData\Local\Avg2014

2013-11-16 18:32 - 2013-11-16 13:34 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute

2013-11-16 18:32 - 2013-11-16 13:33 - 00000000 ____D C:\ProgramData\AVG2014

2013-11-16 18:31 - 2013-11-16 18:31 - 00000932 _____ C:\Users\Public\Desktop\AVG 2014.lnk

2013-11-16 18:31 - 2013-11-16 18:31 - 00000000 ___HD C:\$AVG

2013-11-16 16:24 - 2012-08-09 17:51 - 00002057 _____ C:\Windows\epplauncher.mif

2013-11-16 15:33 - 2013-08-16 21:15 - 00000000 ____D C:\Windows\system32\MRT

2013-11-16 15:31 - 2012-08-13 20:13 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-11-16 15:03 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF

2013-11-16 15:00 - 2013-11-16 15:00 - 00002970 _____ C:\Windows\System32\Tasks\{FF835B1B-B119-48EC-B38E-F5ED88D67C3D}

2013-11-16 14:59 - 2013-11-16 14:59 - 00002970 _____ C:\Windows\System32\Tasks\{22A4902F-C97D-4F98-B541-8509AD5853F9}

2013-11-16 14:50 - 2013-11-16 14:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2013-11-16 14:50 - 2013-11-16 14:16 - 00000000 ____D C:\ProgramData\HitmanPro

2013-11-16 14:37 - 2012-10-29 18:48 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar

2013-11-16 14:23 - 2013-11-16 14:23 - 00000000 ____D C:\Users\lee\AppData\Roaming\Malwarebytes

2013-11-16 14:22 - 2013-11-16 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-16 13:34 - 2013-11-16 13:34 - 00000000 ____D C:\Users\lee\AppData\Roaming\TuneUp Software

2013-11-16 13:30 - 2013-11-16 13:30 - 00000000 ____D C:\Users\lee\AppData\Local\MFAData

2013-11-16 10:52 - 2013-11-16 10:52 - 00000000 ____D C:\ProgramData\ErrorEND64

2013-11-16 10:40 - 2013-11-16 10:40 - 00000000 ____D C:\Windows\system32\config\amd64

2013-11-16 10:39 - 2012-08-09 17:50 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-11-16 10:39 - 2012-08-09 17:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-11-16 10:24 - 2012-08-09 17:31 - 00000000 ____D C:\Users\lee

2013-11-16 10:23 - 2012-08-09 17:37 - 00000000 ____D C:\Users\lee\AppData\Local\Toshiba

2013-11-16 10:23 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-11-16 10:22 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-11-16 10:20 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration

2013-11-13 20:03 - 2013-11-13 20:02 - 00012600 _____ C:\ProgramData\r0zjr8z0.bxx

2013-11-13 20:01 - 2013-11-13 20:01 - 00000000 _____ C:\ProgramData\r0zjr8z0.fvv

2013-11-12 20:26 - 2013-11-12 20:26 - 00000000 _____ C:\ProgramData\mqlfmqvlfb.fvv

2013-11-12 18:39 - 2012-08-09 17:31 - 00000000 ___RD C:\Users\lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-10 20:22 - 2013-11-10 20:22 - 00000000 _____ C:\ProgramData\brj6wl0lf.fvv

2013-11-10 18:27 - 2009-07-14 05:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-10 12:30 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\LiveKernelReports

2013-11-10 11:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache

2013-11-09 22:53 - 2010-11-21 07:17 - 00000000 ____D C:\Program Files\Windows Journal

2013-11-09 22:53 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\winrm

2013-11-09 22:53 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\WCN

2013-11-09 22:53 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr

2013-11-09 22:53 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts

2013-11-09 22:53 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-11-09 22:53 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2013-11-09 22:53 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar

2013-11-09 22:53 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2013-11-09 22:53 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-11-09 22:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\MUI

2013-11-09 22:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz

2013-11-09 22:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Dism

2013-11-09 22:53 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\System

2013-11-09 22:52 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\winrm

2013-11-09 22:52 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\WCN

2013-11-09 22:52 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\slmgr

2013-11-09 22:52 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\com

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\sysprep

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\oobe

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\MUI

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\migwiz

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Dism

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\com

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\IME

2013-11-09 22:51 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\servicing

2013-11-09 18:30 - 2013-11-09 18:25 - 00012600 _____ C:\ProgramData\odafrdji.bxx

2013-11-09 18:22 - 2013-11-09 18:22 - 00000000 _____ C:\ProgramData\odafrdji.fvv

2013-11-09 16:07 - 2012-08-13 19:15 - 00000000 ____D C:\Windows\SysWOW64\Adobe

2013-10-30 10:27 - 2013-11-16 18:40 - 00042808 _____ (AVG) C:\Windows\system32\uxtuneup.dll

2013-10-30 10:27 - 2013-11-16 18:40 - 00035640 _____ (AVG) C:\Windows\SysWOW64\uxtuneup.dll

2013-10-30 10:27 - 2013-11-16 18:40 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll

2013-10-30 10:27 - 2013-11-16 18:40 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll

2013-10-30 10:27 - 2013-11-16 18:39 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe

2013-10-28 17:38 - 2013-10-28 17:38 - 00000000 _____ C:\ProgramData\7t8hrjzjt.fvv

2013-10-23 18:23 - 2013-11-16 10:40 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll

2013-10-23 17:14 - 2013-11-16 10:40 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll

2013-10-19 13:59 - 2011-09-08 09:26 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-19 13:59 - 2011-09-08 09:26 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:

====================

ZeroAccess:

C:\Users\lee\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\Program Files (x86)\Google\Desktop\Install

 

Some content of TEMP:

====================

C:\Users\lee\AppData\Local\Temp\ICReinstall_mseinstall.exe

 

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

 

LastRegBack: 2013-11-09 22:12

==================== End Of Log ============================

blkburnbandit Newbie

blkburnbandit

Posted
  • Author
Posted

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2013

Ran by lee at 2013-11-17 10:43:59

Running from C:\Users\lee\Downloads

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

µ******* (x32 Version: 3.2.1.28086)

ActiveX-kontroll för fjärran****ningar för Windows Live Mesh (x32 Version: 15.4.5722.2)

Adobe AIR (x32 Version: 3.2.0.2070)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Photoshop Elements 7.0 (x32 Version: 7.0)

Adobe Photoshop Elements 7.0 (x32 Version: 7.0.0.3)

Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)

Atheros Bluetooth Filter Driver Package (Version: 1.00.0004)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.1.42)

Atheros Driver Installation Program (x32 Version: 9.2)

AVG 2014 (Version: 14.0.3629)

AVG 2014 (Version: 14.0.4158)

AVG 2014 (Version: 2014.0.4158)

AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.229)

AVG PC TuneUp 2014 (x32 Version: 14.0.1001.229)

BBC iPlayer Desktop (x32 Version: 3.2.15)

Bluetooth Stack for Windows by Toshiba (Version: v8.00.04(T))

CCleaner (Version: 3.24)

Conexant HD Audio (Version: 8.51.1.0)

D3DX10 (x32 Version: 15.4.2368.0902)

Driving Theory Test Professional v3.1.0.0 (x32)

Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)

Google Chrome (x32 Version: 30.0.1599.101)

Google Earth (x32 Version: 7.1.1.1888)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)

Google Update Helper (x32 Version: 1.3.21.165)

High-Definition Video Playback (x32 Version: 7.3.10900.8.0)

Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2281)

Intel® Management Engine Components (x32 Version: 6.0.0.1179)

Intel® Rapid Storage Technology (x32 Version: 9.6.1.1001)

Java Auto Updater (x32 Version: 2.0.2.1)

Java 6 Update 20 (x32 Version: 6.0.200)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

KNOWHOW APP CENTRE (x32 Version: 22447)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office XP Professional with FrontPage (x32 Version: 10.0.6626.0)

Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022)

Microsoft Security Client (Version: 4.4.0304.0)

Microsoft Security Essentials (Version: 4.4.304.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)

Mobile Broadband HL Service (x32 Version: 22.001.14.01.105)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0)

Nero BackItUp 10 (x32 Version: 5.8.10900.8.100)

Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700)

Nero BurnRights 10 (x32 Version: 4.4.10400.2.100)

Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700)

Nero Control Center 10 (x32 Version: 10.6.12700.0.7)

Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800)

Nero Core Components 10 (x32 Version: 2.0.20000.9.12)

Nero Express 10 (x32 Version: 10.6.10700.5.100)

Nero Express 10 Help (CHM) (x32 Version: 10.6.10700)

Nero InfoTool 10 (x32 Version: 7.4.10300.1.100)

Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700)

Nero Kwik Media (x32 Version: 1.6.15100.59.100)

Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10300)

Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100)

Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800)

Nero StartSmart 10 (x32 Version: 10.6.10500.3.100)

Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700)

Nero Update (x32 Version: 1.0.10900.31.0)

NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900)

PlayReady PC Runtime amd64 (Version: 1.3.0)

Rapport (x32 Version: 3.5.1302.61)

Realtek USB 2.0 Reader Driver (x32 Version: 1.0.0.12)

Skype™ 6.1 (x32 Version: 6.1.129)

swMSM (x32 Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 15.2.11.1)

TOSHIBA Assist (x32 Version: 4.02.02)

TOSHIBA Bulletin Board (Version: 2.1.10.64)

TOSHIBA Bulletin Board (x32 Version: 2.1.10.64)

TOSHIBA ConfigFree (x32 Version: 8.0.37)

TOSHIBA Disc Creator (Version: 2.1.0.6 for x64)

TOSHIBA eco Utility (Version: 1.2.24.64)

TOSHIBA Face Recognition (Version: 3.1.8.64)

TOSHIBA Face Recognition (x32 Version: 3.1.8.64)

TOSHIBA Hardware Setup (Version: 4.07.02.00)

TOSHIBA Hardware Setup (x32 Version: 4.07.02.00)

TOSHIBA HDD/SSD Alert (Version: 3.1.64.7)

TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7)

Toshiba Manuals (x32 Version: 10.02)

TOSHIBA Online Product Information (x32 Version: 4.01.0000)

TOSHIBA PC Health Monitor (Version: 1.7.4.64)

TOSHIBA Places Icon Utility (x32 Version: 1.1.1.4)

TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.10010)

TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)

TOSHIBA ReelTime (Version: 1.7.17.64)

TOSHIBA ReelTime (x32 Version: 1.7.17.64)

TOSHIBA Service Station (x32 Version: 2.2.9)

TOSHIBA Sleep Utility (x32 Version: 1.4.2.7)

TOSHIBA Supervisor Password (Version: 4.07.02.00)

TOSHIBA Supervisor Password (x32 Version: 4.07.02.00)

TOSHIBA TEMPRO (x32 Version: 3.35)

TOSHIBA Value Added Package (Version: 1.5.3.64)

TOSHIBA Value Added Package (x32 Version: 1.5.3.64)

TOSHIBA Web Camera Application (x32 Version: 2.0.0.13)

TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.2)

TRORMCLauncher (Version: 1.0.0.10)

TRORMCLauncher (x32 Version: )

Trusteer Endpoint Protection (x32 Version: 3.5.1302.61)

Unity Web Player (HKCU Version: )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

u*******Control_v2 Toolbar (x32 Version: 6.9.0.16)

Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)

Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3538.0513)

Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)

Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)

Windows Liven sähköposti (x32 Version: 15.4.3502.0922)

Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)

Windows Mobile Device Updater Component (Version: 04.08.2345.00)

Zune (Version: 04.08.2345.00)

Zune Language Pack (CHS) (Version: 04.08.2345.00)

Zune Language Pack (CHT) (Version: 04.08.2345.00)

Zune Language Pack (CSY) (Version: 04.08.2345.00)

Zune Language Pack (DAN) (Version: 04.08.2345.00)

Zune Language Pack (DEU) (Version: 04.08.2345.00)

Zune Language Pack (ELL) (Version: 04.08.2345.00)

Zune Language Pack (ESP) (Version: 04.08.2345.00)

Zune Language Pack (FIN) (Version: 04.08.2345.00)

Zune Language Pack (FRA) (Version: 04.08.2345.00)

Zune Language Pack (HUN) (Version: 04.08.2345.00)

Zune Language Pack (IND) (Version: 04.08.2345.00)

Zune Language Pack (ITA) (Version: 04.08.2345.00)

Zune Language Pack (JPN) (Version: 04.08.2345.00)

Zune Language Pack (KOR) (Version: 04.08.2345.00)

Zune Language Pack (MSL) (Version: 04.08.2345.00)

Zune Language Pack (NLD) (Version: 04.08.2345.00)

Zune Language Pack (NOR) (Version: 04.08.2345.00)

Zune Language Pack (PLK) (Version: 04.08.2345.00)

Zune Language Pack (PTB) (Version: 04.08.2345.00)

Zune Language Pack (PTG) (Version: 04.08.2345.00)

Zune Language Pack (RUS) (Version: 04.08.2345.00)

Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points =========================

09-11-2013 16:01:53 Windows Update

09-11-2013 16:03:32 Restore Operation

09-11-2013 16:10:44 Windows Update

09-11-2013 22:19:06 Language Pack Removal

12-11-2013 18:50:24 Windows Update

13-11-2013 22:40:03 Windows Update

16-11-2013 10:00:20 Restore Operation

16-11-2013 10:38:13 Windows Update

16-11-2013 13:32:28 Installed AVG 2014

16-11-2013 13:33:06 Installed AVG 2014

16-11-2013 14:18:50 Removed AVG 2014

16-11-2013 14:24:47 Removed AVG 2014

16-11-2013 15:20:17 Restore Operation

16-11-2013 15:30:24 Windows Update

16-11-2013 18:30:13 Installed AVG 2014

16-11-2013 18:30:44 Installed AVG 2014

16-11-2013 18:38:20 Installed AVG PC TuneUp 2014

==================== Hosts content: ==========================

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {23E237ED-F18E-439C-9E61-C4D75B144834} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)

Task: {58119944-88CA-44CC-9AFE-1E3465DD4B96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08] (Google Inc.)

Task: {65EFE015-3109-424F-BC77-BFA1583444BA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000Core => C:\Users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-20] (Facebook Inc.)

Task: {8F4893E3-7F3E-4F86-AC27-CD3485139956} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)

Task: {928AB052-8037-46CB-95C5-F51631A81A96} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)

Task: {BB940332-75E7-487A-98C4-FD71D13C5520} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe

Task: {BC74A85C-7B3A-41B7-8489-048486CFB275} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000UA => C:\Users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-20] (Facebook Inc.)

Task: {C4B732D6-AE1C-4050-912E-11FB6991329E} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)

Task: {C5893F19-19C4-46D6-B332-7660FD9C88A7} - System32\Tasks\{FF835B1B-B119-48EC-B38E-F5ED88D67C3D} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23] (Microsoft Corporation)

Task: {D10C64DF-900A-48FC-8BCC-673A42D8E506} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08] (Google Inc.)

Task: {EBCD99FE-5E9B-41E0-95AA-01D39672A0C3} - System32\Tasks\{22A4902F-C97D-4F98-B541-8509AD5853F9} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23] (Microsoft Corporation)

Task: {FCC2C2DA-01B6-4BD5-8787-CBD8E818C6A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000Core.job => C:\Users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000UA.job => C:\Users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-18 15:18 - 2010-11-18 15:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll

2010-12-15 13:19 - 2010-12-15 13:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll

2011-09-08 09:01 - 2011-02-22 10:06 - 00563576 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\en\Humphrey.resources.dll

2011-09-08 09:25 - 2011-12-15 14:55 - 00063360 _____ () C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll

2010-12-08 13:42 - 2010-12-08 13:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

2012-11-15 18:01 - 2013-08-06 18:20 - 00991984 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll

2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 02452992 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtCore4.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00375808 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtXml4.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00322048 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\log4cplus.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00013312 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\featureController.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 01008640 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtNetwork4.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00195584 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\libgsoap.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00062464 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\zlib1.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00400384 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\sqlite3.dll

2012-07-24 15:35 - 2011-04-19 18:05 - 03622128 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\plugin\libbizlplugin.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\config:!

AlternateDataStreams: C:\ProgramData\TEMP:884C7316

AlternateDataStreams: C:\ProgramData\TEMP:B88DC997

==================== Safe Mode (whitelisted) ===================

 

==================== Faulty Device Manager Devices =============

 

==================== Event log errors: =========================

Application errors:

==================

Error: (11/17/2013 10:29:41 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2013 10:29:19 AM) (Source: Windows Search Service) (User: )

Description: The index cannot be initialized.

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2013 10:29:19 AM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

Context: Windows Application

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2013 10:29:19 AM) (Source: Windows Search Service) (User: )

Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2013 10:29:19 AM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 

Details:

Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (11/17/2013 10:29:14 AM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2013 10:29:13 AM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/17/2013 10:29:12 AM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2013 10:29:12 AM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2013 10:29:12 AM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot open the Jet property store.

 

Details:

0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

 

System errors:

=============

Error: (11/17/2013 10:29:19 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/17/2013 10:29:19 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (11/16/2013 06:40:49 PM) (Source: Service Control Manager) (User: )

Description: The AVG Theme Extension service failed to start due to the following error:

%%1083

Error: (11/16/2013 06:32:18 PM) (Source: Service Control Manager) (User: )

Description: The AVG Firewall service terminated with service-specific error %%-536805289.

Error: (11/16/2013 06:32:02 PM) (Source: Service Control Manager) (User: )

Description: The AVG Firewall service terminated with service-specific error %%-536805289.

Error: (11/16/2013 03:02:33 PM) (Source: Service Control Manager) (User: )

Description: The Windows Defender service terminated with the following error:

%%-2147024891

Error: (11/16/2013 03:02:33 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error:

%%5

Error: (11/16/2013 03:02:30 PM) (Source: Service Control Manager) (User: )

Description: The Windows Defender service terminated with the following error:

%%-2147024891

Error: (11/16/2013 03:02:30 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error:

%%5

Error: (11/16/2013 03:02:27 PM) (Source: Service Control Manager) (User: )

Description: The Windows Defender service terminated with the following error:

%%-2147024891

 

Microsoft Office Sessions:

=========================

Error: (11/17/2013 10:29:41 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2013 10:29:19 AM) (Source: Windows Search Service)(User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2013 10:29:19 AM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2013 10:29:19 AM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2013 10:29:19 AM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

Element not found. (HRESULT : 0x80070490) (0x80070490)

Search.TripoliIndexer

Error: (11/17/2013 10:29:14 AM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Search.JetPropStore

Error: (11/17/2013 10:29:13 AM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/17/2013 10:29:12 AM) (Source: Windows Search Service)(User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

The catalog is corrupt

Error: (11/17/2013 10:29:12 AM) (Source: Windows Search Service)(User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

4700

Error: (11/17/2013 10:29:12 AM) (Source: Windows Search Service)(User: )

Description:

Details:

0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

 

==================== Memory info ===========================

Percentage of memory in use: 37%

Total physical RAM: 5941.86 MB

Available physical RAM: 3716.14 MB

Total Pagefile: 11881.9 MB

Available Pagefile: 9278.47 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:340.82 GB) (Free:260.71 GB) NTFS

Drive d: (Data) (Fixed) (Total:357.42 GB) (Free:343.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 662363C9)

Partition 1: (Active) - (Size=400 MB) - (Type=27)

Partition 2: (Not Active) - (Size=341 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=357 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Armageddon Newbie

Armageddon

Posted
Posted
Hi theres a fair bit there to be going at for the Security guys , please be patient one of the will be along to advise soon

Google is your friend

 

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

 

 

Starbuck Newbie

Starbuck

Posted
Posted (edited)

Hi blkburnbandit

 

Sorry for the delay, i was away for the weekend.

 

There's quite a bit there to sort out.... let's try it the easy way first.

 

 

P2P Warning

Please note that as long as you're using any form of Peer-to-Peer networking ( Frost wire, Uto rrent, Bit To rrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. That is no longer true.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

 

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

 

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.

If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

 

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

 

 

Step 1

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AVG or MSSE.

 

If you are blocked from removing MSSE, don't worry.

Remove AVG and we'll correct MSSE in the next fix if needed.

 

 

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

 

Step 3

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop..... Make sure it is saved to the Desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
     
    Then:
     
    Double click on Combo-Fix.exe & follow the prompts.
     
    Vista/Win7 users should right click on the icon and select Run as Administrator.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

 

 

In your next reply, please submit:

JRT.txt

AdwCleaner report

Combofix.txt

 

 

Thanks.

Edited by Starbuck

Member of:

UNITE

blkburnbandit Newbie

blkburnbandit

Posted
  • Author
Posted

hi

Ive removed utorrent for my comp and down the 3 scans.

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\browserconnection.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnsbho.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchqumediabartb

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3220468

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\GH-SherlockHolmes_TheHoundofTheBaskervilles_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\GH-SherlockHolmes_TheHoundofTheBaskervilles_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\GH-SherlockHolmes_TheHoundofTheBaskervilles_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\GH-SherlockHolmes_TheHoundofTheBaskervilles_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ABD6AA51-0630-4B35-AA08-A1E2182A70E6}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\bcool"

Successfully deleted: [Folder] "C:\ProgramData\big fish games"

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\partner"

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\ProgramData\trymedia"

Successfully deleted: [Folder] "C:\Users\lee\appdata\local\apn"

Successfully deleted: [Folder] "C:\Users\lee\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\lee\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\lee\appdata\local\ilivid player"

Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\datamngr"

Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\ilividtoolbarguid"

Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\searchqutoolbar"

Successfully deleted: [Folder] "C:\Users\lee\appdata\locallow\utorrentcontrol_v2"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\pc speed up"

Successfully deleted: [Folder] "C:\Program Files (x86)\search results toolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentcontrol_v2"

Successfully deleted: [Empty Folder] C:\Users\lee\appdata\local\{0618CEDC-D394-4E72-835B-33F470757B07}

Successfully deleted: [Empty Folder] C:\Users\lee\appdata\local\{1BEB1731-7D5E-4324-B2EF-7B55BB21572D}

Successfully deleted: [Empty Folder] C:\Users\lee\appdata\local\{47617DB1-F5B4-40A1-AD3A-363099EB10D9}

Successfully deleted: [Empty Folder] C:\Users\lee\appdata\local\{49851DF7-543C-44DA-9E64-F150F868A5F5}

Successfully deleted: [Empty Folder] C:\Users\lee\appdata\local\{66FF3591-788B-43DD-8B17-5422017890BD}

Successfully deleted: [Empty Folder] C:\Users\lee\appdata\local\{706C1286-E40D-4C0F-87F8-AF59C88ECBE4}

Successfully deleted: [Empty Folder] C:\Users\lee\appdata\local\{9FBF92AF-0F76-4A79-B0D4-995C909B03FD}

Successfully deleted: [Empty Folder] C:\Users\lee\appdata\local\{A3385611-D03D-45D7-B959-74D4BB9DED9F}

Successfully deleted: [Empty Folder] C:\Users\lee\appdata\local\{BCB063A9-6184-405C-9D4D-2E1A27135E83}

Successfully deleted: [Empty Folder] C:\Users\lee\appdata\local\{F5A8C7C4-D2AD-4C21-954E-1F5A7BDE34BA}

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\lee\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18/11/2013 at 22:19:41.34

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------------------------------------------------------------------------

# AdwCleaner v3.012 - Report created 18/11/2013 at 22:25:12

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : lee - LEE-TOSH

# Running from : C:\Users\lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFSFIB17\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

 

***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5A4E79A-EC44-48C6-BC1A-7DCF1D7FE9C1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE03B75D-EDFA-499E-8DB5-2FD563767570}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKCU\Software\uTorrentControl_v2

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2

Key Deleted : HKLM\Software\uTorrentControl_v2

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar

Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

 

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4070 octets] - [18/11/2013 22:22:23]

AdwCleaner[s0].txt - [3452 octets] - [18/11/2013 22:25:12]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3512 octets] ##########

-----------------------------------------------------------------------------

ComboFix 13-11-18.01 - lee 18/11/2013 22:42:50.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5942.3722 [GMT 0:00]

Running from: c:\users\lee\Downloads\ComboFix.exe

AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Google\Desktop\Install

c:\program files (x86)\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\9519~1\A535~1\E628~1\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\@

c:\program files (x86)\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\9519~1\A535~1\E628~1\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\L\00000004.@

c:\program files (x86)\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\9519~1\A535~1\E628~1\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\L\201d3dde

c:\program files (x86)\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\9519~1\A535~1\E628~1\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\L\76603ac3

c:\program files (x86)\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\9519~1\A535~1\E628~1\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\U\00000004.@

c:\program files (x86)\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\9519~1\A535~1\E628~1\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\U\00000008.@

c:\program files (x86)\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\9519~1\A535~1\E628~1\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\U\000000cb.@

c:\program files (x86)\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\9519~1\A535~1\E628~1\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\U\80000000.@

c:\program files (x86)\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\9519~1\A535~1\E628~1\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\U\80000032.@

c:\program files (x86)\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\9519~1\A535~1\E628~1\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\U\80000064.@

c:\users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopkkceehnncolpbcaklchacffmdmbcl

c:\users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopkkceehnncolpbcaklchacffmdmbcl\2_0\509c0cb25fe571352404146.js

c:\users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopkkceehnncolpbcaklchacffmdmbcl\2_0\background.html

c:\users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopkkceehnncolpbcaklchacffmdmbcl\2_0\content.js

c:\users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopkkceehnncolpbcaklchacffmdmbcl\2_0\lsdb.js

c:\users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopkkceehnncolpbcaklchacffmdmbcl\2_0\manifest.json

c:\users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopkkceehnncolpbcaklchacffmdmbcl\2_0\sqlite.js

c:\users\lee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nopkkceehnncolpbcaklchacffmdmbcl_0.localstorage

c:\users\lee\AppData\Local\Google\Chrome\User Data\Default\preferences

.

.

((((((((((((((((((((((((( Files Created from 2013-10-18 to 2013-11-18 )))))))))))))))))))))))))))))))

.

.

2013-11-18 23:00 . 2013-11-18 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-18 22:27 . 2013-11-18 22:27 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{146E26F9-F1B3-49A4-8045-FC0B4CF34036}\offreg.dll

2013-11-18 22:22 . 2013-11-18 22:25 -------- d-----w- C:\AdwCleaner

2013-11-18 22:08 . 2013-11-18 22:08 -------- d-----w- c:\windows\ERUNT

2013-11-18 22:02 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{146E26F9-F1B3-49A4-8045-FC0B4CF34036}\mpengine.dll

2013-11-18 21:52 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-17 10:42 . 2013-11-17 10:42 -------- d-----w- C:\FRST

2013-11-16 21:32 . 2013-11-18 21:50 -------- d-----w- c:\program files (x86)\Skype

2013-11-16 18:38 . 2013-11-16 18:38 -------- d-----w- c:\users\lee\AppData\Roaming\AVG

2013-11-16 18:38 . 2013-11-18 21:48 -------- d-----w- c:\programdata\AVG

2013-11-16 18:38 . 2013-11-18 21:51 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2013-11-16 18:31 . 2013-11-16 18:31 -------- d-----w- C:\$AVG

2013-11-16 18:30 . 2013-11-18 21:48 -------- d-----w- c:\program files (x86)\AVG

2013-11-16 18:28 . 2013-11-17 17:32 -------- d-----w- c:\users\lee\AppData\Local\Avg2014

2013-11-16 15:28 . 2013-10-16 00:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BE1372C-8065-4E0A-8CE6-DC0D51F29563}\mpengine.dll

2013-11-16 14:50 . 2013-11-16 14:50 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-11-16 14:23 . 2013-11-18 21:49 -------- d-----w- c:\users\lee\AppData\Roaming\Malwarebytes

2013-11-16 14:22 . 2013-11-16 14:22 -------- d-----w- c:\programdata\Malwarebytes

2013-11-16 14:22 . 2013-11-16 14:22 -------- d-----w- c:\users\lee\AppData\Local\Programs

2013-11-16 14:16 . 2013-11-16 14:50 -------- d-----w- c:\programdata\HitmanPro

2013-11-16 13:34 . 2013-11-16 13:34 -------- d-----w- c:\users\lee\AppData\Roaming\TuneUp Software

2013-11-16 13:30 . 2013-11-18 21:59 -------- d-----w- c:\programdata\MFAData

2013-11-16 13:30 . 2013-11-16 13:30 -------- d--h--w- c:\programdata\Common Files

2013-11-16 13:30 . 2013-11-16 13:30 -------- d-----w- c:\users\lee\AppData\Local\MFAData

2013-11-16 10:52 . 2013-11-16 10:52 -------- d-----w- c:\programdata\ErrorEND64

2013-11-16 10:36 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-11-16 10:36 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-11-16 10:36 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-11-16 10:36 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll

2013-11-16 10:36 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-11-16 10:36 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll

2013-11-16 10:36 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll

2013-11-16 10:36 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll

2013-11-16 10:36 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll

2013-11-16 10:33 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-11-16 10:32 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-11-16 10:32 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-11-16 10:32 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-11-16 10:32 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-11-16 10:32 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-11-16 10:32 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-11-09 16:13 . 2013-10-19 13:53 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3094304-1FE2-4BF0-9C21-DE19D39CF1AF}\gapaengine.dll

2013-11-02 16:56 . 2013-11-16 15:44 -------- d-----w- c:\users\lee\AppData\Local\ElevatedDiagnostics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-16 15:31 . 2012-08-13 20:13 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-10-19 13:53 . 2012-10-02 17:51 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-10-12 16:00 . 2012-08-26 17:47 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-12 16:00 . 2012-08-26 17:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-27 09:53 . 2013-09-27 09:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-09-27 09:53 . 2013-09-27 09:53 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-09-26 09:44 . 2013-09-26 09:44 57144 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys

2013-09-25 21:07 . 2013-09-25 21:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys

2013-09-10 22:18 . 2012-11-15 18:01 295696 ----a-w- c:\windows\system32\drivers\RapportKE64.sys

2013-09-08 22:11 . 2013-09-08 22:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2013-09-08 02:30 . 2013-10-12 15:40 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:27 . 2013-10-12 15:40 327168 ----a-w- c:\windows\system32\mswsock.dll

2013-09-08 02:03 . 2013-10-12 15:40 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2013-09-03 13:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-09-02 10:59 . 2013-09-02 10:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2013-09-02 10:29 . 2013-09-02 10:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys

2013-09-02 10:26 . 2013-09-02 10:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2013-09-02 10:26 . 2013-09-02 10:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-08-29 02:17 . 2013-10-12 15:40 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 02:16 . 2013-10-12 15:40 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 02:16 . 2013-10-12 15:40 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-29 02:16 . 2013-10-12 15:40 859648 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 02:13 . 2013-10-12 15:40 878080 ----a-w- c:\windows\system32\advapi32.dll

2013-08-29 01:51 . 2013-10-12 15:40 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51 . 2013-10-12 15:40 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50 . 2013-10-12 15:39 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-29 01:50 . 2013-10-12 15:40 79872 ----a-w- c:\users\lee\AppData\Roaming\Other.res

2013-08-29 01:50 . 2013-10-12 15:40 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-29 01:50 . 2013-10-12 15:40 619520 ----a-w- c:\windows\SysWow64\tdh.dll

2013-08-29 01:48 . 2013-10-12 15:40 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

2013-08-29 01:48 . 2013-10-12 15:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-29 00:49 . 2013-10-12 15:39 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-29 00:49 . 2013-10-12 15:39 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-29 00:49 . 2013-10-12 15:39 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-29 00:49 . 2013-10-12 15:39 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-08-28 01:21 . 2013-10-12 15:40 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-08-28 01:12 . 2013-10-11 19:18 461312 ----a-w- c:\windows\system32\scavengeui.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-08 39408]

"Facebook Update"="c:\users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-20 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]

"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"KNOWHOW APP CENTRE"="c:\program files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk" [2012-07-24 1274]

"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]

Toshiba Places Icon Utility.lnk - c:\program files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-9-8 1492352]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 chiokrql;chiokrql;c:\windows\system32\drivers\chiokrql.sys;c:\windows\SYSNATIVE\drivers\chiokrql.sys [x]

R1 dldntqub;dldntqub;c:\windows\system32\drivers\dldntqub.sys;c:\windows\SYSNATIVE\drivers\dldntqub.sys [x]

R1 kimhhppp;kimhhppp;c:\windows\system32\drivers\kimhhppp.sys;c:\windows\SYSNATIVE\drivers\kimhhppp.sys [x]

R1 mgxpldch;mgxpldch;c:\windows\system32\drivers\mgxpldch.sys;c:\windows\SYSNATIVE\drivers\mgxpldch.sys [x]

R1 opevsddg;opevsddg;c:\windows\system32\drivers\opevsddg.sys;c:\windows\SYSNATIVE\drivers\opevsddg.sys [x]

R1 rocerlsp;rocerlsp;c:\windows\system32\drivers\rocerlsp.sys;c:\windows\SYSNATIVE\drivers\rocerlsp.sys [x]

R1 snzascki;snzascki;c:\windows\system32\drivers\snzascki.sys;c:\windows\SYSNATIVE\drivers\snzascki.sys [x]

R1 tfnyklkd;tfnyklkd;c:\windows\system32\drivers\tfnyklkd.sys;c:\windows\SYSNATIVE\drivers\tfnyklkd.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]

R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [x]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]

S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-19 14:04 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 16:00]

.

2013-11-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000Core.job

- c:\users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-20 20:01]

.

2013-11-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000UA.job

- c:\users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-20 20:01]

.

2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 09:26]

.

2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 09:26]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-30 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-30 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-30 417304]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2011-09-08 150992]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKCU-Run-kHvRZCyh9LdumU9eZVy9 - c:\users\lee\AppData\Roaming\Adobe\Adobe PDF\convert.exe

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-11-18 23:03:59

ComboFix-quarantined-files.txt 2013-11-18 23:03

.

Pre-Run: 280,496,115,712 bytes free

Post-Run: 280,052,256,768 bytes free

.

- - End Of File - - FAADFF12CA1F2126043EBFA2BEA1CA6C

Starbuck Newbie

Starbuck

Posted
Posted

Hi blkburnbandit

 

The reports are showing that both Anti Virus programs are still installed.

One of these has to be removed.

You may find it easier to remove AVG.

 

Once one of the Anti Virus programs has been removed, please run another scan using FRST.

Make sure that there's a tick against 'Addition.txt' under the Optional scans list before running the scan.

That way both reports will be produced.

 

Thanks

Member of:

UNITE

blkburnbandit Newbie

blkburnbandit

Posted
  • Author
Posted

Hi

 

removed AVG.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013

Ran by lee (administrator) on LEE-TOSH on 19-11-2013 17:38:13

Running from C:\Users\lee\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

() C:\ProgramData\MobileBrServ\mbbservice.exe

(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe

(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe

(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Toshiba) C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Intel Corporation) C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [571304 2010-12-09] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] - C:\Program Files\Toshiba\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)

HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)

HKLM\...\Run: [Teco] - C:\Program Files\Toshiba\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] - C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [150992 2011-09-08] (Toshiba Europe GmbH)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-08] (Google Inc.)

HKCU\...\Run: [Facebook Update] - C:\Users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-20] (Facebook Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)

HKLM-x32\...\Run: [iTSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [KNOWHOW APP CENTRE] - C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk [1274 2012-07-24] ()

HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)

HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [846936 2011-05-16] (TOSHIBA)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

Chrome:

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR Extension: (Chrome In-App Payments service) - C:\Users\lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR HKLM-x32\...\Chrome\Extension: [nopkkceehnncolpbcaklchacffmdmbcl] - C:\ProgramData\SaveAs\nopkkceehnncolpbcaklchacffmdmbcl.crx

==================== Services (Whitelisted) =================

R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1435928 2013-09-10] (Trusteer Ltd.)

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-08-06] ()

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.)

S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [295696 2013-09-10] (Trusteer Ltd.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S1 chiokrql; \??\C:\Windows\system32\drivers\chiokrql.sys [x]

S1 dldntqub; \??\C:\Windows\system32\drivers\dldntqub.sys [x]

S1 kimhhppp; \??\C:\Windows\system32\drivers\kimhhppp.sys [x]

S1 mgxpldch; \??\C:\Windows\system32\drivers\mgxpldch.sys [x]

S1 opevsddg; \??\C:\Windows\system32\drivers\opevsddg.sys [x]

S1 rocerlsp; \??\C:\Windows\system32\drivers\rocerlsp.sys [x]

S1 snzascki; \??\C:\Windows\system32\drivers\snzascki.sys [x]

S1 tfnyklkd; \??\C:\Windows\system32\drivers\tfnyklkd.sys [x]

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2013-11-19 17:38 - 2013-11-19 17:38 - 00013178 _____ C:\Users\lee\Desktop\FRST.txt

2013-11-19 17:37 - 2013-11-19 17:37 - 01957964 _____ (Farbar) C:\Users\lee\Desktop\FRST64.exe

2013-11-19 17:16 - 2013-11-19 17:26 - 00011096 _____ C:\Windows\PFRO.log

2013-11-18 23:20 - 2013-11-19 17:26 - 00000215 _____ C:\Windows\setupact.log

2013-11-18 23:20 - 2013-11-18 23:20 - 00000000 _____ C:\Windows\setuperr.log

2013-11-18 23:04 - 2013-11-18 23:04 - 00030763 _____ C:\ComboFix.txt

2013-11-18 22:36 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe

2013-11-18 22:36 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe

2013-11-18 22:36 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-11-18 22:36 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-11-18 22:36 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-11-18 22:36 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe

2013-11-18 22:36 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe

2013-11-18 22:36 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe

2013-11-18 22:35 - 2013-11-18 23:04 - 00000000 ____D C:\Qoobox

2013-11-18 22:35 - 2013-11-18 23:01 - 00000000 ____D C:\Windows\erdnt

2013-11-18 22:31 - 2013-11-18 22:32 - 05146764 ____R (Swearware) C:\Users\lee\Downloads\ComboFix.exe

2013-11-18 22:22 - 2013-11-18 22:25 - 00000000 ____D C:\AdwCleaner

2013-11-18 22:19 - 2013-11-18 22:19 - 00007997 _____ C:\Users\lee\Desktop\JRT.txt

2013-11-18 22:08 - 2013-11-18 22:08 - 00000000 ____D C:\Windows\ERUNT

2013-11-17 10:43 - 2013-11-17 10:44 - 00024974 _____ C:\Users\lee\Downloads\Addition.txt

2013-11-17 10:42 - 2013-11-17 10:44 - 00041502 _____ C:\Users\lee\Downloads\FRST.txt

2013-11-17 10:42 - 2013-11-17 10:42 - 00000000 ____D C:\FRST

2013-11-16 21:32 - 2013-11-18 21:50 - 00000000 ____D C:\Program Files (x86)\Skype

2013-11-16 18:38 - 2013-11-18 21:51 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2013-11-16 18:38 - 2013-11-18 21:48 - 00000000 ____D C:\ProgramData\AVG

2013-11-16 18:38 - 2013-11-16 18:38 - 00000000 ____D C:\Users\lee\AppData\Roaming\AVG

2013-11-16 18:30 - 2013-11-19 17:25 - 00000000 ____D C:\Program Files (x86)\AVG

2013-11-16 15:34 - 2013-10-12 08:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-16 15:34 - 2013-10-12 08:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-16 15:34 - 2013-10-12 08:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-16 15:34 - 2013-10-12 08:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-16 15:34 - 2013-10-12 08:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-16 15:34 - 2013-10-12 07:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-16 15:34 - 2013-10-12 07:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-16 15:34 - 2013-10-12 07:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-16 15:34 - 2013-10-12 06:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-16 15:34 - 2013-10-12 06:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-16 15:34 - 2013-10-12 05:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-16 15:34 - 2013-10-12 05:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-16 15:00 - 2013-11-16 15:00 - 00002970 _____ C:\Windows\System32\Tasks\{FF835B1B-B119-48EC-B38E-F5ED88D67C3D}

2013-11-16 14:59 - 2013-11-16 14:59 - 00002970 _____ C:\Windows\System32\Tasks\{22A4902F-C97D-4F98-B541-8509AD5853F9}

2013-11-16 14:50 - 2013-11-16 14:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2013-11-16 14:23 - 2013-11-18 21:49 - 00000000 ____D C:\Users\lee\AppData\Roaming\Malwarebytes

2013-11-16 14:22 - 2013-11-16 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-16 14:16 - 2013-11-16 14:50 - 00000000 ____D C:\ProgramData\HitmanPro

2013-11-16 13:34 - 2013-11-16 18:32 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute

2013-11-16 13:34 - 2013-11-16 13:34 - 00000000 ____D C:\Users\lee\AppData\Roaming\TuneUp Software

2013-11-16 13:30 - 2013-11-19 17:26 - 00000000 ____D C:\ProgramData\MFAData

2013-11-16 13:30 - 2013-11-16 13:30 - 00000000 ____D C:\Users\lee\AppData\Local\MFAData

2013-11-16 10:52 - 2013-11-16 10:52 - 00000000 ____D C:\ProgramData\ErrorEND64

2013-11-16 10:40 - 2013-11-16 10:40 - 00000000 ____D C:\Windows\system32\config\amd64

2013-11-16 10:40 - 2013-10-23 18:23 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll

2013-11-16 10:40 - 2013-10-23 17:14 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll

2013-11-16 10:36 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-16 10:36 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-16 10:36 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-16 10:36 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-16 10:36 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-16 10:36 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-16 10:36 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-16 10:36 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-16 10:36 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-16 10:35 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-16 10:35 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-16 10:35 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-16 10:35 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-16 10:35 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-16 10:35 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-16 10:35 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-16 10:35 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-16 10:35 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-16 10:35 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-16 10:35 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-16 10:35 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-16 10:35 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-16 10:35 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-16 10:33 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-16 10:32 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-16 10:32 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-16 10:32 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-16 10:32 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-16 10:32 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-16 10:32 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-13 20:02 - 2013-11-13 20:03 - 00012600 _____ C:\ProgramData\r0zjr8z0.bxx

2013-11-13 20:01 - 2013-11-13 20:01 - 00000000 _____ C:\ProgramData\r0zjr8z0.fvv

2013-11-12 20:26 - 2013-11-12 20:26 - 00000000 _____ C:\ProgramData\mqlfmqvlfb.fvv

2013-11-10 20:22 - 2013-11-10 20:22 - 00000000 _____ C:\ProgramData\brj6wl0lf.fvv

2013-11-09 18:25 - 2013-11-09 18:30 - 00012600 _____ C:\ProgramData\odafrdji.bxx

2013-11-09 18:22 - 2013-11-09 18:22 - 00000000 _____ C:\ProgramData\odafrdji.fvv

2013-10-28 17:38 - 2013-10-28 17:38 - 00000000 _____ C:\ProgramData\7t8hrjzjt.fvv

==================== One Month Modified Files and Folders =======

2013-11-19 17:38 - 2013-11-19 17:38 - 00013178 _____ C:\Users\lee\Desktop\FRST.txt

2013-11-19 17:37 - 2013-11-19 17:37 - 01957964 _____ (Farbar) C:\Users\lee\Desktop\FRST64.exe

2013-11-19 17:34 - 2009-07-14 04:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-19 17:34 - 2009-07-14 04:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-19 17:30 - 2012-11-15 17:44 - 01623495 _____ C:\Windows\WindowsUpdate.log

2013-11-19 17:27 - 2012-08-26 17:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-11-19 17:27 - 2011-09-08 09:26 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-19 17:26 - 2013-11-19 17:16 - 00011096 _____ C:\Windows\PFRO.log

2013-11-19 17:26 - 2013-11-18 23:20 - 00000215 _____ C:\Windows\setupact.log

2013-11-19 17:26 - 2013-11-16 13:30 - 00000000 ____D C:\ProgramData\MFAData

2013-11-19 17:26 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-19 17:25 - 2013-11-16 18:30 - 00000000 ____D C:\Program Files (x86)\AVG

2013-11-18 23:20 - 2013-11-18 23:20 - 00000000 _____ C:\Windows\setuperr.log

2013-11-18 23:04 - 2013-11-18 23:04 - 00030763 _____ C:\ComboFix.txt

2013-11-18 23:04 - 2013-11-18 22:35 - 00000000 ____D C:\Qoobox

2013-11-18 23:04 - 2011-09-08 09:26 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-18 23:01 - 2013-11-18 22:35 - 00000000 ____D C:\Windows\erdnt

2013-11-18 23:00 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini

2013-11-18 22:35 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-11-18 22:32 - 2013-11-18 22:31 - 05146764 ____R (Swearware) C:\Users\lee\Downloads\ComboFix.exe

2013-11-18 22:25 - 2013-11-18 22:22 - 00000000 ____D C:\AdwCleaner

2013-11-18 22:19 - 2013-11-18 22:19 - 00007997 _____ C:\Users\lee\Desktop\JRT.txt

2013-11-18 22:08 - 2013-11-18 22:08 - 00000000 ____D C:\Windows\ERUNT

2013-11-18 21:52 - 2012-08-09 17:31 - 00000000 ____D C:\Users\lee

2013-11-18 21:51 - 2013-11-16 18:38 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2013-11-18 21:51 - 2012-07-24 15:34 - 00000000 ____D C:\Users\Public\Desktop\Desktop Shortcuts

2013-11-18 21:50 - 2013-11-16 21:32 - 00000000 ____D C:\Program Files (x86)\Skype

2013-11-18 21:50 - 2012-11-08 18:51 - 00000000 ____D C:\Program Files (x86)\uTorrent

2013-11-18 21:50 - 2012-08-09 17:50 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-11-18 21:50 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration

2013-11-18 21:49 - 2013-11-16 14:23 - 00000000 ____D C:\Users\lee\AppData\Roaming\Malwarebytes

2013-11-18 21:49 - 2012-08-28 10:24 - 00000000 ____D C:\Users\lee\AppData\Roaming\Skype

2013-11-18 21:48 - 2013-11-16 18:38 - 00000000 ____D C:\ProgramData\AVG

2013-11-18 21:48 - 2011-09-08 09:04 - 00000000 ____D C:\ProgramData\Skype

2013-11-17 10:44 - 2013-11-17 10:43 - 00024974 _____ C:\Users\lee\Downloads\Addition.txt

2013-11-17 10:44 - 2013-11-17 10:42 - 00041502 _____ C:\Users\lee\Downloads\FRST.txt

2013-11-17 10:42 - 2013-11-17 10:42 - 00000000 ____D C:\FRST

2013-11-17 00:34 - 2011-09-08 07:58 - 00000000 ____D C:\Windows\Panther

2013-11-16 18:38 - 2013-11-16 18:38 - 00000000 ____D C:\Users\lee\AppData\Roaming\AVG

2013-11-16 18:32 - 2013-11-16 13:34 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute

2013-11-16 18:06 - 2012-10-20 20:01 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000UA.job

2013-11-16 16:24 - 2012-08-09 17:51 - 00002057 _____ C:\Windows\epplauncher.mif

2013-11-16 15:33 - 2013-08-16 21:15 - 00000000 ____D C:\Windows\system32\MRT

2013-11-16 15:31 - 2012-08-13 20:13 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-11-16 15:03 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF

2013-11-16 15:00 - 2013-11-16 15:00 - 00002970 _____ C:\Windows\System32\Tasks\{FF835B1B-B119-48EC-B38E-F5ED88D67C3D}

2013-11-16 14:59 - 2013-11-16 14:59 - 00002970 _____ C:\Windows\System32\Tasks\{22A4902F-C97D-4F98-B541-8509AD5853F9}

2013-11-16 14:50 - 2013-11-16 14:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2013-11-16 14:50 - 2013-11-16 14:16 - 00000000 ____D C:\ProgramData\HitmanPro

2013-11-16 14:22 - 2013-11-16 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-16 13:34 - 2013-11-16 13:34 - 00000000 ____D C:\Users\lee\AppData\Roaming\TuneUp Software

2013-11-16 13:30 - 2013-11-16 13:30 - 00000000 ____D C:\Users\lee\AppData\Local\MFAData

2013-11-16 10:52 - 2013-11-16 10:52 - 00000000 ____D C:\ProgramData\ErrorEND64

2013-11-16 10:40 - 2013-11-16 10:40 - 00000000 ____D C:\Windows\system32\config\amd64

2013-11-16 10:39 - 2012-08-09 17:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-11-16 10:23 - 2012-08-09 17:37 - 00000000 ____D C:\Users\lee\AppData\Local\Toshiba

2013-11-16 10:23 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-11-16 10:22 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-11-13 20:03 - 2013-11-13 20:02 - 00012600 _____ C:\ProgramData\r0zjr8z0.bxx

2013-11-13 20:01 - 2013-11-13 20:01 - 00000000 _____ C:\ProgramData\r0zjr8z0.fvv

2013-11-12 20:26 - 2013-11-12 20:26 - 00000000 _____ C:\ProgramData\mqlfmqvlfb.fvv

2013-11-12 18:39 - 2012-08-09 17:31 - 00000000 ___RD C:\Users\lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-10 21:06 - 2012-10-20 20:01 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000Core.job

2013-11-10 20:22 - 2013-11-10 20:22 - 00000000 _____ C:\ProgramData\brj6wl0lf.fvv

2013-11-10 18:27 - 2009-07-14 05:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-10 12:30 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\LiveKernelReports

2013-11-10 11:09 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache

2013-11-09 22:53 - 2010-11-21 07:17 - 00000000 ____D C:\Program Files\Windows Journal

2013-11-09 22:53 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\winrm

2013-11-09 22:53 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\WCN

2013-11-09 22:53 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr

2013-11-09 22:53 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts

2013-11-09 22:53 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-11-09 22:53 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2013-11-09 22:53 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar

2013-11-09 22:53 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2013-11-09 22:53 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-11-09 22:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\MUI

2013-11-09 22:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz

2013-11-09 22:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Dism

2013-11-09 22:53 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\System

2013-11-09 22:52 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\winrm

2013-11-09 22:52 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\WCN

2013-11-09 22:52 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\slmgr

2013-11-09 22:52 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\com

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\sysprep

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\oobe

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\MUI

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\migwiz

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Dism

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\com

2013-11-09 22:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\IME

2013-11-09 22:51 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\servicing

2013-11-09 18:30 - 2013-11-09 18:25 - 00012600 _____ C:\ProgramData\odafrdji.bxx

2013-11-09 18:22 - 2013-11-09 18:22 - 00000000 _____ C:\ProgramData\odafrdji.fvv

2013-11-09 16:07 - 2012-08-13 19:15 - 00000000 ____D C:\Windows\SysWOW64\Adobe

2013-10-28 17:38 - 2013-10-28 17:38 - 00000000 _____ C:\ProgramData\7t8hrjzjt.fvv

2013-10-23 18:23 - 2013-11-16 10:40 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll

2013-10-23 17:14 - 2013-11-16 10:40 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll

ZeroAccess:

C:\Users\lee\AppData\Local\Google\Desktop\Install

Files to move or delete:

====================

C:\ProgramData\7t8hrjzjt.fvv

C:\ProgramData\brj6wl0lf.fvv

C:\ProgramData\mqlfmqvlfb.fvv

C:\ProgramData\odafrdji.bxx

C:\ProgramData\odafrdji.fvv

C:\ProgramData\r0zjr8z0.bxx

C:\ProgramData\r0zjr8z0.fvv

 

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

 

LastRegBack: 2013-11-09 22:12

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013

Ran by lee at 2013-11-19 17:39:15

Running from C:\Users\lee\Desktop

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

ActiveX-kontroll för fjärran****ningar för Windows Live Mesh (x32 Version: 15.4.5722.2)

Adobe AIR (x32 Version: 3.2.0.2070)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Photoshop Elements 7.0 (x32 Version: 7.0)

Adobe Photoshop Elements 7.0 (x32 Version: 7.0.0.3)

Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)

Atheros Bluetooth Filter Driver Package (Version: 1.00.0004)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.1.42)

Atheros Driver Installation Program (x32 Version: 9.2)

AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.204)

BBC iPlayer Desktop (x32 Version: 3.2.15)

Bluetooth Stack for Windows by Toshiba (Version: v8.00.04(T))

CCleaner (Version: 3.24)

Conexant HD Audio (Version: 8.51.1.0)

D3DX10 (x32 Version: 15.4.2368.0902)

Driving Theory Test Professional v3.1.0.0 (x32)

Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)

Google Chrome (x32 Version: 31.0.1650.57)

Google Earth (x32 Version: 7.1.1.1888)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)

Google Update Helper (x32 Version: 1.3.21.165)

High-Definition Video Playback (x32 Version: 7.3.10900.8.0)

Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2281)

Intel® Management Engine Components (x32 Version: 6.0.0.1179)

Intel® Rapid Storage Technology (x32 Version: 9.6.1.1001)

Java Auto Updater (x32 Version: 2.0.2.1)

Java 6 Update 20 (x32 Version: 6.0.200)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

KNOWHOW APP CENTRE (x32 Version: 22447)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office XP Professional with FrontPage (x32 Version: 10.0.6626.0)

Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022)

Microsoft Security Client (Version: 4.4.0304.0)

Microsoft Security Essentials (Version: 4.4.304.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)

Mobile Broadband HL Service (x32 Version: 22.001.14.01.105)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0)

Nero BackItUp 10 (x32 Version: 5.8.10900.8.100)

Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700)

Nero BurnRights 10 (x32 Version: 4.4.10400.2.100)

Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700)

Nero Control Center 10 (x32 Version: 10.6.12700.0.7)

Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800)

Nero Core Components 10 (x32 Version: 2.0.20000.9.12)

Nero Express 10 (x32 Version: 10.6.10700.5.100)

Nero Express 10 Help (CHM) (x32 Version: 10.6.10700)

Nero InfoTool 10 (x32 Version: 7.4.10300.1.100)

Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700)

Nero Kwik Media (x32 Version: 1.6.15100.59.100)

Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10300)

Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100)

Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800)

Nero StartSmart 10 (x32 Version: 10.6.10500.3.100)

Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700)

Nero Update (x32 Version: 1.0.10900.31.0)

NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900)

PlayReady PC Runtime amd64 (Version: 1.3.0)

Rapport (x32 Version: 3.5.1302.61)

Realtek USB 2.0 Reader Driver (x32 Version: 1.0.0.12)

swMSM (x32 Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 15.2.11.1)

TOSHIBA Assist (x32 Version: 4.02.02)

TOSHIBA Bulletin Board (Version: 2.1.10.64)

TOSHIBA Bulletin Board (x32 Version: 2.1.10.64)

TOSHIBA ConfigFree (x32 Version: 8.0.37)

TOSHIBA Disc Creator (Version: 2.1.0.6 for x64)

TOSHIBA eco Utility (Version: 1.2.24.64)

TOSHIBA Face Recognition (Version: 3.1.8.64)

TOSHIBA Face Recognition (x32 Version: 3.1.8.64)

TOSHIBA Hardware Setup (Version: 4.07.02.00)

TOSHIBA Hardware Setup (x32 Version: 4.07.02.00)

TOSHIBA HDD/SSD Alert (Version: 3.1.64.7)

TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7)

Toshiba Manuals (x32 Version: 10.02)

TOSHIBA Online Product Information (x32 Version: 4.01.0000)

TOSHIBA PC Health Monitor (Version: 1.7.4.64)

TOSHIBA Places Icon Utility (x32 Version: 1.1.1.4)

TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.10010)

TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)

TOSHIBA ReelTime (Version: 1.7.17.64)

TOSHIBA ReelTime (x32 Version: 1.7.17.64)

TOSHIBA Service Station (x32 Version: 2.2.9)

TOSHIBA Sleep Utility (x32 Version: 1.4.2.7)

TOSHIBA Supervisor Password (Version: 4.07.02.00)

TOSHIBA Supervisor Password (x32 Version: 4.07.02.00)

TOSHIBA TEMPRO (x32 Version: 3.35)

TOSHIBA Value Added Package (Version: 1.5.3.64)

TOSHIBA Value Added Package (x32 Version: 1.5.3.64)

TOSHIBA Web Camera Application (x32 Version: 2.0.0.13)

TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.2)

TRORMCLauncher (Version: 1.0.0.10)

TRORMCLauncher (x32 Version: )

Trusteer Endpoint Protection (x32 Version: 3.5.1302.61)

Unity Web Player (HKCU Version: )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)

Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3538.0513)

Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)

Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)

Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)

Windows Liven sähköposti (x32 Version: 15.4.3502.0922)

Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)

Windows Mobile Device Updater Component (Version: 04.08.2345.00)

Zune (Version: 04.08.2345.00)

Zune Language Pack (CHS) (Version: 04.08.2345.00)

Zune Language Pack (CHT) (Version: 04.08.2345.00)

Zune Language Pack (CSY) (Version: 04.08.2345.00)

Zune Language Pack (DAN) (Version: 04.08.2345.00)

Zune Language Pack (DEU) (Version: 04.08.2345.00)

Zune Language Pack (ELL) (Version: 04.08.2345.00)

Zune Language Pack (ESP) (Version: 04.08.2345.00)

Zune Language Pack (FIN) (Version: 04.08.2345.00)

Zune Language Pack (FRA) (Version: 04.08.2345.00)

Zune Language Pack (HUN) (Version: 04.08.2345.00)

Zune Language Pack (IND) (Version: 04.08.2345.00)

Zune Language Pack (ITA) (Version: 04.08.2345.00)

Zune Language Pack (JPN) (Version: 04.08.2345.00)

Zune Language Pack (KOR) (Version: 04.08.2345.00)

Zune Language Pack (MSL) (Version: 04.08.2345.00)

Zune Language Pack (NLD) (Version: 04.08.2345.00)

Zune Language Pack (NOR) (Version: 04.08.2345.00)

Zune Language Pack (PLK) (Version: 04.08.2345.00)

Zune Language Pack (PTB) (Version: 04.08.2345.00)

Zune Language Pack (PTG) (Version: 04.08.2345.00)

Zune Language Pack (RUS) (Version: 04.08.2345.00)

Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points =========================

09-11-2013 22:19:06 Language Pack Removal

12-11-2013 18:50:24 Windows Update

13-11-2013 22:40:03 Windows Update

16-11-2013 10:00:20 Restore Operation

16-11-2013 10:38:13 Windows Update

16-11-2013 13:32:28 Installed AVG 2014

16-11-2013 13:33:06 Installed AVG 2014

16-11-2013 14:18:50 Removed AVG 2014

16-11-2013 14:24:47 Removed AVG 2014

16-11-2013 15:20:17 Restore Operation

16-11-2013 15:30:24 Windows Update

16-11-2013 18:30:13 Installed AVG 2014

16-11-2013 18:30:44 Installed AVG 2014

16-11-2013 18:38:20 Installed AVG PC TuneUp 2014

18-11-2013 22:40:26 ComboFix created restore point

19-11-2013 17:22:50 Removed AVG 2014

19-11-2013 17:25:03 Removed AVG 2014

==================== Hosts content: ==========================

2009-07-14 02:34 - 2013-11-18 23:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {23E237ED-F18E-439C-9E61-C4D75B144834} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)

Task: {58119944-88CA-44CC-9AFE-1E3465DD4B96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08] (Google Inc.)

Task: {65EFE015-3109-424F-BC77-BFA1583444BA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000Core => C:\Users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-20] (Facebook Inc.)

Task: {928AB052-8037-46CB-95C5-F51631A81A96} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)

Task: {BB940332-75E7-487A-98C4-FD71D13C5520} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe

Task: {BC74A85C-7B3A-41B7-8489-048486CFB275} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000UA => C:\Users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-20] (Facebook Inc.)

Task: {C4B732D6-AE1C-4050-912E-11FB6991329E} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)

Task: {C5893F19-19C4-46D6-B332-7660FD9C88A7} - System32\Tasks\{FF835B1B-B119-48EC-B38E-F5ED88D67C3D} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23] (Microsoft Corporation)

Task: {D10C64DF-900A-48FC-8BCC-673A42D8E506} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08] (Google Inc.)

Task: {EBCD99FE-5E9B-41E0-95AA-01D39672A0C3} - System32\Tasks\{22A4902F-C97D-4F98-B541-8509AD5853F9} => C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23] (Microsoft Corporation)

Task: {FCC2C2DA-01B6-4BD5-8787-CBD8E818C6A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000Core.job => C:\Users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539840281-425623582-1827607020-1000UA.job => C:\Users\lee\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-18 15:18 - 2010-11-18 15:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll

2010-12-15 13:19 - 2010-12-15 13:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll

2011-09-08 09:01 - 2011-02-22 10:06 - 00563576 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\en\Humphrey.resources.dll

2011-09-08 09:25 - 2011-12-15 14:55 - 00063360 _____ () C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll

2010-12-08 13:42 - 2010-12-08 13:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

2012-11-15 18:01 - 2013-08-06 18:20 - 00991984 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll

2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 02452992 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtCore4.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00375808 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtXml4.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00322048 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\log4cplus.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00013312 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\featureController.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 01008640 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtNetwork4.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00195584 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\libgsoap.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00062464 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\zlib1.dll

2012-07-24 15:35 - 2010-12-01 14:26 - 00400384 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\sqlite3.dll

2012-07-24 15:35 - 2011-04-19 18:05 - 03622128 _____ () C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\plugin\libbizlplugin.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\config:!

AlternateDataStreams: C:\ProgramData\TEMP:884C7316

AlternateDataStreams: C:\ProgramData\TEMP:B88DC997

==================== Safe Mode (whitelisted) ===================

 

==================== Faulty Device Manager Devices =============

 

==================== Event log errors: =========================

Application errors:

==================

Error: (11/19/2013 05:28:06 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 05:17:32 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 05:17:26 PM) (Source: Windows Search Service) (User: )

Description: The index cannot be initialized.

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2013 05:17:26 PM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

Context: Windows Application

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2013 05:17:26 PM) (Source: Windows Search Service) (User: )

Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2013 05:17:26 PM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 

Details:

Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (11/19/2013 05:17:23 PM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2013 05:17:23 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/19/2013 05:17:23 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2013 05:17:23 PM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

 

System errors:

=============

Error: (11/19/2013 05:17:51 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service failed to start due to the following error:

%%1053

Error: (11/19/2013 05:17:51 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (11/19/2013 05:17:51 PM) (Source: DCOM) (User: )

Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/19/2013 05:17:26 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/19/2013 05:17:26 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (11/18/2013 11:20:54 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/18/2013 11:00:08 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/18/2013 10:59:02 PM) (Source: Application Popup) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/18/2013 10:48:44 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/18/2013 10:40:35 PM) (Source: Service Control Manager) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:

%%1056

 

Microsoft Office Sessions:

=========================

Error: (11/19/2013 05:28:06 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 05:17:32 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 05:17:26 PM) (Source: Windows Search Service)(User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2013 05:17:26 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2013 05:17:26 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/19/2013 05:17:26 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

Element not found. (HRESULT : 0x80070490) (0x80070490)

Search.TripoliIndexer

Error: (11/19/2013 05:17:23 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Search.JetPropStore

Error: (11/19/2013 05:17:23 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/19/2013 05:17:23 PM) (Source: Windows Search Service)(User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

The catalog is corrupt

Error: (11/19/2013 05:17:23 PM) (Source: Windows Search Service)(User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

4700

 

CodeIntegrity Errors:

===================================

Date: 2013-11-18 22:59:02.251

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-18 22:59:02.158

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

==================== Memory info ===========================

Percentage of memory in use: 33%

Total physical RAM: 5941.86 MB

Available physical RAM: 3952.46 MB

Total Pagefile: 11881.9 MB

Available Pagefile: 9566.84 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:340.82 GB) (Free:261.08 GB) NTFS

Drive d: (Data) (Fixed) (Total:357.42 GB) (Free:343.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 662363C9)

Partition 1: (Active) - (Size=400 MB) - (Type=27)

Partition 2: (Not Active) - (Size=341 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=357 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Starbuck Newbie

Starbuck

Posted
Posted (edited)

Hi blkburnbandit

 

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Re-run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

 

 

[ATTACH]1144.vB5-legacyid=2103[/ATTACH]

fixlist.txt

Edited by Starbuck

Member of:

UNITE

blkburnbandit Newbie

blkburnbandit

Posted
  • Author
Posted

Hi

is this what you want ?

 

Content of fixlist:

*****************

S1 chiokrql; \??\C:\Windows\system32\drivers\chiokrql.sys [x]

S1 dldntqub; \??\C:\Windows\system32\drivers\dldntqub.sys [x]

S1 kimhhppp; \??\C:\Windows\system32\drivers\kimhhppp.sys [x]

S1 mgxpldch; \??\C:\Windows\system32\drivers\mgxpldch.sys [x]

S1 opevsddg; \??\C:\Windows\system32\drivers\opevsddg.sys [x]

S1 rocerlsp; \??\C:\Windows\system32\drivers\rocerlsp.sys [x]

S1 snzascki; \??\C:\Windows\system32\drivers\snzascki.sys [x]

S1 tfnyklkd; \??\C:\Windows\system32\drivers\tfnyklkd.sys [x]

C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

C:\ProgramData\AVG

C:\Users\lee\AppData\Roaming\AVG

C:\Program Files (x86)\AVG

C:\ProgramData\r0zjr8z0.bxx

C:\ProgramData\r0zjr8z0.fvv

C:\ProgramData\mqlfmqvlfb.fvv

C:\ProgramData\brj6wl0lf.fvv

C:\ProgramData\odafrdji.bxx

C:\ProgramData\odafrdji.fvv

C:\ProgramData\7t8hrjzjt.fvv

C:\Program Files (x86)\AVG

C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

C:\Windows\system32\drivers\chiokrql.sys

C:\Windows\system32\drivers\dldntqub.sys

C:\Windows\system32\drivers\kimhhppp.sys

C:\Windows\system32\drivers\mgxpldch.sys

C:\Windows\system32\drivers\opevsddg.sys

C:\Windows\system32\drivers\rocerlsp.sys

C:\Windows\system32\drivers\snzascki.sys

C:\Windows\system32\drivers\tfnyklkd.sys

C:\Users\lee\AppData\Local\Google\Desktop\Install

DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

AlternateDataStreams: C:\ProgramData\TEMP:884C7316

AlternateDataStreams: C:\ProgramData\TEMP:B88DC997

*****************

chiokrql => Service deleted successfully.

dldntqub => Service deleted successfully.

kimhhppp => Service deleted successfully.

mgxpldch => Service deleted successfully.

opevsddg => Service deleted successfully.

rocerlsp => Service deleted successfully.

snzascki => Service deleted successfully.

tfnyklkd => Service deleted successfully.

"C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" => File/Directory not found.

"C:\ProgramData\AVG" => File/Directory not found.

"C:\Users\lee\AppData\Roaming\AVG" => File/Directory not found.

"C:\Program Files (x86)\AVG" => File/Directory not found.

"C:\ProgramData\r0zjr8z0.bxx" => File/Directory not found.

"C:\ProgramData\r0zjr8z0.fvv" => File/Directory not found.

"C:\ProgramData\mqlfmqvlfb.fvv" => File/Directory not found.

"C:\ProgramData\brj6wl0lf.fvv" => File/Directory not found.

"C:\ProgramData\odafrdji.bxx" => File/Directory not found.

"C:\ProgramData\odafrdji.fvv" => File/Directory not found.

"C:\ProgramData\7t8hrjzjt.fvv" => File/Directory not found.

"C:\Program Files (x86)\AVG" => File/Directory not found.

"C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" => File/Directory not found.

"C:\Windows\system32\drivers\chiokrql.sys" => File/Directory not found.

"C:\Windows\system32\drivers\dldntqub.sys" => File/Directory not found.

"C:\Windows\system32\drivers\kimhhppp.sys" => File/Directory not found.

"C:\Windows\system32\drivers\mgxpldch.sys" => File/Directory not found.

"C:\Windows\system32\drivers\opevsddg.sys" => File/Directory not found.

"C:\Windows\system32\drivers\rocerlsp.sys" => File/Directory not found.

"C:\Windows\system32\drivers\snzascki.sys" => File/Directory not found.

"C:\Windows\system32\drivers\tfnyklkd.sys" => File/Directory not found.

"C:\Users\lee\AppData\Local\Google\Desktop\Install" => File/Directory not found.

"C:\Program Files\Microsoft Security Client" => Deleting rep**** point and unlocking started.

"C:\Program Files\Microsoft Security Client" => Deleting rep**** point and unlocking completed.

C:\ProgramData\TEMP => ":884C7316" ADS removed successfully.

C:\ProgramData\TEMP => ":B88DC997" ADS removed successfully.

 

The system needs a manual reboot.

==== End of Fixlog ====

Starbuck Newbie

Starbuck

Posted
Posted

Hi blkburnbandit

 

That's good.

Let's double check a few things now.

 

Step 1

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

 

Step 2

Download RogueKiller and save it to your desktop.

  • Close all the running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

 

Note:

If RogueKiller is blocked, do not hesitate to try running it again.

If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

Member of:

UNITE

blkburnbandit Newbie

blkburnbandit

Posted
  • Author
Posted

RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : lee [Admin rights]

Mode : Scan -- Date : 11/30/2013 21:22:44

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] mbbService.exe -- C:\ProgramData\MobileBrServ\mbbservice.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\lee\AppData\Local\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\?��?��?��\?��?��?��\???ﯹ๛\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\GoogleUpdate.exe" >) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : kHvRZCyh9LdumU9eZVy9 ("C:\Users\lee\AppData\Roaming\Adobe\Adobe PDF\convert.exe" [x]) -> FOUND

[RUN][ZeroAccess] HKUS\S-1-5-21-1539840281-425623582-1827607020-1000\[...]\Run : Google Update ("C:\Users\lee\AppData\Local\Google\Desktop\Install\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\?��?��?��\?��?��?��\???ﯹ๛\{9235481e-fbc7-2010-91bd-f1ae8f0b50b7}\GoogleUpdate.exe" >) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1539840281-425623582-1827607020-1000\[...]\Run : kHvRZCyh9LdumU9eZVy9 ("C:\Users\lee\AppData\Roaming\Adobe\Adobe PDF\convert.exe" [x]) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK7575GSX +++++

--- User ---

[MBR] 16c010d6cd33052cad86123592584ecd

[bSP] 98eff9c53bc24fc875d3847210f2cefd : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 349000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 715573248 | Size: 366002 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_11302013_212244.txt >>

Starbuck Newbie

Starbuck

Posted
Posted

Hi blkburnbandit

 

My apologies for the late reply.

For some strange reason i've only just seen your reply.

But no email notification.

 

  • Close all running processes (Anti Virus etc)
  • Click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Delete button.
  • Please copy and paste the report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

 

Thanks

Member of:

UNITE

blkburnbandit Newbie

blkburnbandit

Posted
  • Author
Posted

After the prescan the delete tab was not highlighted as it didn't seem to find anything. however when I clicked the scan tab and then the delete tab it has given the report below. hope this is correct.

 

 

ogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : lee [Admin rights]

Mode : Remove -- Date : 12/12/2013 16:06:24

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] mbbService.exe -- C:\ProgramData\MobileBrServ\mbbservice.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK7575GSX +++++

--- User ---

[MBR] 16c010d6cd33052cad86123592584ecd

[bSP] 98eff9c53bc24fc875d3847210f2cefd : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 349000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 715573248 | Size: 366002 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_D_12122013_160624.txt >>

RKreport[0]_S_12122013_160614.txt

Starbuck Newbie

Starbuck

Posted
Posted

Hi blkburnbandit

 

however when I clicked the scan tab and then the delete tab it has given the report below. hope this is correct.

Yes, that's fine.

Report looks good.

Earlier when we ran the FRST fix, i included a script to unlock MSSE ( as the malware had locked you out of it) can you confirm that MSSE is working ok now.

 

Thanks

Member of:

UNITE

blkburnbandit Newbie

blkburnbandit

Posted
  • Author
Posted

Hi

 

Yes MSSE is working fine now. Thanks for all your help. Can I ask, do I really need additional security on my comp or is MSSE ok. If not what would you recommend?

 

Thanks again

Lee

Starbuck Newbie

Starbuck

Posted
Posted
do I really need additional security on my comp or is MSSE ok. If not what would you recommend?

On one of my systems i run MSSE, another one runs BitDefender free.

I have no problems with either..... so both seem as good as each other.

I see that MalwareBytes AntiMalware was on your system awhile ago, have you since removed it?

This is a good addition to the security. ( but will need to be run manually after the trial period expires.

 

I'd like you to do an ESET OnlineScan

64Bit users, please see note at the bottom.

 

You may find it beneficial to close your resident AV program before running the scan.

 

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )

To prevent this happening:

When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

 

Enable Anti-Stealth technology

 

http://img.photobucket.com/albums/v708/starbuck50/eset.png

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
     
  • Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
     
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

    [*] Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked

    [*]Click the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

    [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.

    Include the contents of this report in your next reply.

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

    [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

Note:

As you are running a 64bit system:

The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

 

 

Thanks

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...