View Full Version : bad virus, computer CPU at 100%
abesing44
2014-02-18, 03:00
I am writing this email in safe mode on my computer, because that's the only way it works!! I attempted to download a game for my son, and then wammo. thought I got the virus out but now my computer is very very sluggish and will often shut down due to temperature. I have tried adwcleaner, malwarebytes, every program says i'm clean. I am running windows 7 home edition. please help!
Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop.
Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment.
No need for that though ..... just post it as you would any other log.
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Important! Please do not perform any fix options offered in aswMBR
abesing44
2014-02-18, 18:26
thank you for assisting me! Attached are the logs as requested
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
*********************************************
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
please post these logs. If you can, can you copy and paste to your reply instead of attach.
abesing44
2014-02-18, 23:40
can I do this in safe mode? otherwise it's really slow in normal boot mode.
more then one way to do this
You can download from a different computer and save to a USB, then use on the sick computer
download from normal, then boot into safe mode to do the scans
abesing44
2014-02-19, 03:28
I was able to run them in normal boot mode. Here are the logs:
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 02/18/2014 07:22:30 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 02/18/2014 07:22:44 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Andy Besing (administrator) on ANDYBESING-PC on 18-02-2014 19:16:27
Running from C:\Users\Andy Besing\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Affinegy, Inc.) C:\Program Files (x86)\TWC\DigiDo\TrayApp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Affinegy, Inc.) C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-01-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-07-16] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-10-08] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [DigiDo] - C:\Program Files (x86)\TWC\DigiDo\TrayApp.exe [1458544 2011-10-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [] - [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1125724057-2074268439-1374579803-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\S-1-5-21-1125724057-2074268439-1374579803-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {CE4487AD-3505-4DAF-9F03-7FA53F88005A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://sc1.checkpoint.com/sc/update/CSHELL/extender.cab
DPF: HKLM-x32 {B4CB50E4-0309-4906-86EA-10B6641C8392} https://vpn.grubb-ellis.com/extender.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No File
FF Extension: No Name - C:\Users\Andy Besing\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-02-12]
FF Extension: No Name - C:\Users\Andy Besing\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-02-12]
FF Extension: Magnet Downloader - C:\Users\Andy Besing\AppData\Roaming\Mozilla\Firefox\profiles\extensions\b026053c-c151-481a-a83e-4fb8d5b1b1a4@cb8a450e-83dd-422a-b921-028b1cbf9831.com.xpi [2013-11-05]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-30]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (PDFlite Browser Plugin) - C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
CHR Plugin: (Windows LiveŽ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Andy Besing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-03]
CHR Extension: (Google Drive) - C:\Users\Andy Besing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03]
CHR Extension: (YouTube) - C:\Users\Andy Besing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-03]
CHR Extension: (Google Search) - C:\Users\Andy Besing\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-03]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Andy Besing\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-01-03]
CHR Extension: (Google Wallet) - C:\Users\Andy Besing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03]
CHR Extension: (Gmail) - C:\Users\Andy Besing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [dfcfkhnlpcoafpoepljegijlkinbhjgb] - C:\Program Files (x86)\Magnet.TV\magnet-downloader10.crx [2013-11-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
==================== Services (Whitelisted) =================
R2 AffinegyService; C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe [580464 2011-10-17] (Affinegy, Inc.)
R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [353672 2009-04-02] (Check Point Software Technologies)
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] ()
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-10-22] (Alcatel-Lucent)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
R0 70817744; C:\Windows\System32\DRIVERS\70817744.sys [460888 2013-11-20] (Kaspersky Lab ZAO)
R1 7999121drv; C:\Windows\System32\DRIVERS\7999121drv.sys [556632 2013-11-20] (Kaspersky Lab)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-12] (AVG Technologies)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-04-02] (Check Point Software Technologies)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-18 19:16 - 2014-02-18 19:16 - 00022362 _____ () C:\Users\Andy Besing\Desktop\FRST.txt
2014-02-18 19:16 - 2014-02-18 19:16 - 00000000 ____D () C:\FRST
2014-02-18 19:07 - 2014-02-18 19:15 - 00002122 _____ () C:\Users\Andy Besing\Desktop\Rkill.txt
2014-02-18 19:06 - 2014-02-18 19:06 - 02153472 _____ (Farbar) C:\Users\Andy Besing\Desktop\FRST64.exe
2014-02-18 19:05 - 2014-02-18 19:05 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Andy Besing\Desktop\rkill.scr
2014-02-18 10:24 - 2014-02-18 10:12 - 00025856 _____ () C:\Users\Andy Besing\Desktop\attach - Copy.txt
2014-02-18 10:20 - 2014-02-18 10:20 - 00001925 _____ () C:\Users\Andy Besing\Desktop\aswMBR.txt
2014-02-18 10:20 - 2014-02-18 10:20 - 00000512 _____ () C:\Users\Andy Besing\Desktop\MBR.dat
2014-02-18 10:14 - 2014-02-18 10:14 - 04745728 _____ (AVAST Software) C:\Users\Andy Besing\Downloads\aswMBR.exe
2014-02-18 10:12 - 2014-02-18 10:12 - 00025856 _____ () C:\Users\Andy Besing\Desktop\attach.txt
2014-02-18 10:12 - 2014-02-18 10:12 - 00018354 _____ () C:\Users\Andy Besing\Desktop\dds.txt
2014-02-18 10:10 - 2014-02-18 10:10 - 00688992 ____R (Swearware) C:\Users\Andy Besing\Downloads\dds (1).scr
2014-02-18 10:10 - 2014-02-18 10:10 - 00688992 _____ (Swearware) C:\Users\Andy Besing\Downloads\dds.scr
2014-02-18 09:20 - 2013-12-21 03:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-18 09:20 - 2013-12-21 01:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-18 08:58 - 2014-02-18 08:58 - 00000085 _____ () C:\Windows\wininit.ini
2014-02-18 08:58 - 2014-02-18 08:58 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-18 08:54 - 2014-02-18 08:54 - 00023889 _____ () C:\ComboFix.txt
2014-02-17 18:23 - 2014-02-17 18:23 - 00024164 _____ () C:\Users\Andy Besing\Desktop\combofix report.txt
2014-02-17 18:08 - 2014-02-18 08:44 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 18:08 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-17 18:08 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-17 18:08 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-17 18:08 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-17 18:08 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-17 18:08 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-17 18:08 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-17 18:08 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-17 18:07 - 2014-02-17 18:07 - 05183112 ____R (Swearware) C:\Users\Andy Besing\Downloads\ComboFix.exe
2014-02-17 18:06 - 2014-02-17 18:06 - 00543016 _____ (Fusion Install ) C:\Users\Andy Besing\Downloads\Setup.exe
2014-02-17 18:05 - 2014-02-17 18:06 - 00000000 ____D () C:\Users\Andy Besing\AppData\Roaming\GetRightToGo
2014-02-17 18:05 - 2014-02-17 18:05 - 00610798 _____ (Max Secure Software) C:\Users\Andy Besing\Desktop\MaxSDDMnew.exe
2014-02-17 18:05 - 2014-02-17 18:05 - 00368256 _____ (RegNow.com) C:\Users\Andy Besing\Downloads\Download_MaxSDDMnew.exe
2014-02-17 18:02 - 2014-02-17 18:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andy Besing\Downloads\tdsskiller (1).exe
2014-02-17 18:02 - 2014-02-17 18:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andy Besing\Desktop\tdsskiller.exe
2014-02-17 16:08 - 2014-02-17 16:08 - 00000000 ____D () C:\42069860f03033add3eeae
2014-02-17 15:54 - 2014-02-17 15:52 - 00002117 _____ () C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2014-02-17 15:49 - 2014-02-17 15:49 - 00265752 _____ (Secure By Design Inc.) C:\Users\Andy Besing\Downloads\Ninite Essentials Installer.exe
2014-02-17 15:40 - 2014-02-17 15:41 - 155264904 _____ (AVG Technologies) C:\Users\Andy Besing\Downloads\avg_free_x64_all_2014_4335a7045.exe
2014-02-17 15:38 - 2014-02-17 15:38 - 04462384 _____ (AVG Technologies) C:\Users\Andy Besing\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-02-17 15:36 - 2014-02-17 15:48 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-17 15:36 - 2014-02-17 15:36 - 00000000 ____D () C:\Users\Andy Besing\AppData\Local\MFAData
2014-02-17 15:36 - 2014-02-17 15:36 - 00000000 ____D () C:\Users\Andy Besing\AppData\Local\Avg2014
2014-02-17 15:35 - 2014-02-17 15:35 - 00265752 _____ (Secure By Design Inc.) C:\Users\Andy Besing\Downloads\Ninite AVG Installer.exe
2014-02-17 15:33 - 2013-12-18 21:10 - 00877480 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-02-17 15:33 - 2013-12-18 21:10 - 00800168 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-02-17 15:30 - 2014-02-17 15:30 - 00003214 _____ () C:\Windows\System32\Tasks\IHUninstallTrackingTASK
2014-02-17 15:29 - 2014-02-17 15:29 - 00003214 _____ () C:\Windows\System32\Tasks\IHSelfDeleteTASK
2014-02-17 15:29 - 2014-02-17 15:29 - 00000000 ____D () C:\ProgramData\Motive
2014-02-17 13:19 - 2014-02-17 13:22 - 00001468 _____ () C:\Windows\KB937882.log
2014-02-17 13:13 - 2014-02-17 20:41 - 00007600 _____ () C:\Users\Andy Besing\AppData\Local\Resmon.ResmonCfg
2014-02-17 10:05 - 2014-02-17 10:06 - 00000000 ____D () C:\640ce3d826caedf57a1b497ade
2014-02-16 08:46 - 2014-02-01 03:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-16 08:46 - 2014-02-01 03:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-16 08:46 - 2014-02-01 03:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-16 08:46 - 2014-02-01 03:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-16 08:46 - 2014-02-01 01:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-16 08:46 - 2014-02-01 01:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-16 08:46 - 2014-02-01 01:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-16 08:46 - 2014-02-01 01:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-16 08:46 - 2014-02-01 01:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-16 08:46 - 2014-02-01 00:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-16 08:46 - 2014-02-01 00:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-15 18:19 - 2014-02-18 09:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 18:19 - 2014-02-18 08:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-15 18:19 - 2014-02-15 18:19 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-15 18:19 - 2014-02-15 18:19 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-15 18:19 - 2014-02-15 18:19 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-02-15 18:17 - 2014-02-15 18:18 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Andy Besing\Downloads\spybot-2.2.exe
2014-02-15 18:14 - 2014-02-15 18:14 - 00000010 _____ () C:\Users\Andy Besing\AppData\Local\sponge.last.runtime.cache
2014-02-15 18:13 - 2014-02-15 18:13 - 00185800 _____ (Лаборатория Касперского) C:\Users\Andy Besing\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-15 18:10 - 2014-02-15 18:10 - 02049128 _____ (Trend Micro Inc.) C:\Users\Andy Besing\Downloads\HousecallLauncher.exe
2014-02-15 18:10 - 2014-02-15 18:10 - 00000036 _____ () C:\Users\Andy Besing\AppData\Local\housecall.guid.cache
2014-02-15 18:01 - 2014-02-15 18:01 - 01166132 _____ () C:\Users\Andy Besing\Downloads\AdwCleaner.exe
2014-02-15 17:59 - 2014-02-15 17:59 - 00001436 _____ () C:\Users\Andy Besing\Desktop\JRT.txt
2014-02-15 17:55 - 2014-02-15 17:55 - 01037530 _____ (Thisisu) C:\Users\Andy Besing\Downloads\JRT (1).exe
2014-02-15 17:36 - 2014-02-15 17:54 - 00000000 ____D () C:\Users\Andy Besing\Desktop\mbar
2014-02-15 17:36 - 2014-02-15 17:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-15 17:36 - 2014-02-15 17:36 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-15 17:36 - 2014-02-15 17:36 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-15 17:35 - 2014-02-15 17:35 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Andy Besing\Downloads\mbar-1.07.0.1009.exe
2014-02-15 16:44 - 2014-02-15 16:44 - 01402880 _____ () C:\Users\Andy Besing\Downloads\HijackThis.msi
2014-02-15 16:06 - 2014-02-18 09:04 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-15 16:03 - 2014-02-15 16:03 - 13670584 _____ (Microsoft Corporation) C:\Users\Andy Besing\Downloads\mseinstall.exe
2014-02-15 15:57 - 2014-02-15 15:58 - 102354712 _____ (Microsoft Corporation) C:\Users\Andy Besing\Downloads\msert.exe
2014-02-13 07:49 - 2014-02-15 19:07 - 00000000 ____D () C:\665be9cda96a2768561cbcac0ba2bf
2014-02-13 07:32 - 2014-02-13 07:32 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (4).exe
2014-02-12 23:35 - 2014-02-12 23:35 - 00000000 ____D () C:\Users\Public\Desktop\TrendMicro_TAV_17.10_en-US_32-bit
2014-02-12 23:24 - 2014-02-12 23:24 - 01293496 _____ () C:\Users\Andy Besing\Downloads\PDFCreatorSetup.exe
2014-02-12 23:21 - 2014-02-12 23:21 - 00664864 _____ () C:\Users\Andy Besing\Downloads\UltimateCodec.exe
2014-02-12 23:21 - 2014-02-12 23:21 - 00001095 _____ () C:\Users\Andy Besing\Desktop\Continue Codec Pack Installation.lnk
2014-02-12 23:01 - 2014-02-12 23:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Andy Besing\Downloads\HijackThis (1).exe
2014-02-12 22:50 - 2014-02-12 22:50 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (3).exe
2014-02-12 22:46 - 2014-02-12 22:46 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-CleanUp-SEO-10727454.exe
2014-02-12 22:38 - 2014-02-12 22:38 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (2).exe
2014-02-12 21:59 - 2014-02-12 21:59 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (1).exe
2014-02-12 21:18 - 2014-02-12 21:18 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221.exe
2014-02-12 20:21 - 2014-02-12 20:26 - 00000000 ____D () C:\Users\Andy Besing\AppData\Roaming\.minecraft
2014-02-12 20:21 - 2014-02-12 20:21 - 00675988 _____ () C:\Users\Andy Besing\Downloads\Minecraft.exe
2014-02-12 20:11 - 2014-02-12 20:11 - 00675988 _____ () C:\Users\Andy Besing\Downloads\Minecraft-Installer.exe
2014-02-12 20:11 - 2014-02-12 20:11 - 00000392 _____ () C:\Users\Andy Besing\Desktop\FREE Games.url
2014-02-12 20:11 - 2014-02-12 20:11 - 00000047 _____ () C:\Users\Andy Besing\AppData\Roaming\WB.CFG
2014-02-12 20:10 - 2014-02-12 20:10 - 00619024 _____ ( ) C:\Users\Andy Besing\Downloads\Minecraft Download Manager.exe
2014-02-12 20:00 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 20:00 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 20:00 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 20:00 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 20:00 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 20:00 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 20:00 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 20:00 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 20:00 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 20:00 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 20:00 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 20:00 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 20:00 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 20:00 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 20:00 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 20:00 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 20:00 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 20:00 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 20:00 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 20:00 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 20:00 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 20:00 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 20:00 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 20:00 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 20:00 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 20:00 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 20:00 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 20:00 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-08 11:52 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-08 11:52 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-08 11:52 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-08 11:52 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-08 11:51 - 2014-02-08 11:52 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-31 17:41 - 2014-02-08 10:27 - 00027136 _____ () C:\Users\Andy Besing\Desktop\Blakely Birthday Invites 2014.xls
2014-01-31 08:36 - 2014-01-31 08:36 - 00606272 _____ () C:\Users\Andy Besing\Downloads\PDFlite-0.11.2.exe
2014-01-31 08:36 - 2014-01-31 08:36 - 00606272 _____ () C:\Users\Andy Besing\Downloads\PDFlite-0.11.2 (1).exe
2014-01-27 16:45 - 2014-01-27 17:03 - 00046592 _____ () C:\Users\Andy Besing\Documents\Barrett's 7th Birthday Invite.pub
2014-01-27 14:26 - 2014-01-28 20:56 - 00000000 ____D () C:\Users\Andy Besing\Documents\Laugh for Lymphoma
2014-01-25 13:01 - 2014-01-25 13:01 - 07141688 _____ () C:\Users\Andy Besing\Downloads\Laugh for Lymphoma Presentation.zip
2014-01-24 12:30 - 2014-02-12 20:40 - 00026112 _____ () C:\Users\Andy Besing\Desktop\Barrett Birthday Invites 2014.xls
==================== One Month Modified Files and Folders =======
2014-02-18 19:16 - 2014-02-18 19:16 - 00022362 _____ () C:\Users\Andy Besing\Desktop\FRST.txt
2014-02-18 19:16 - 2014-02-18 19:16 - 00000000 ____D () C:\FRST
2014-02-18 19:15 - 2014-02-18 19:07 - 00002122 _____ () C:\Users\Andy Besing\Desktop\Rkill.txt
2014-02-18 19:14 - 2010-08-15 17:34 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-18 19:11 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 19:11 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 19:10 - 2010-05-23 02:27 - 02029990 _____ () C:\Windows\WindowsUpdate.log
2014-02-18 19:06 - 2014-02-18 19:06 - 02153472 _____ (Farbar) C:\Users\Andy Besing\Desktop\FRST64.exe
2014-02-18 19:05 - 2014-02-18 19:05 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Andy Besing\Desktop\rkill.scr
2014-02-18 19:02 - 2010-08-15 17:34 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-18 19:02 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 19:02 - 2009-07-13 22:51 - 00070562 _____ () C:\Windows\setupact.log
2014-02-18 10:20 - 2014-02-18 10:20 - 00001925 _____ () C:\Users\Andy Besing\Desktop\aswMBR.txt
2014-02-18 10:20 - 2014-02-18 10:20 - 00000512 _____ () C:\Users\Andy Besing\Desktop\MBR.dat
2014-02-18 10:14 - 2014-02-18 10:14 - 04745728 _____ (AVAST Software) C:\Users\Andy Besing\Downloads\aswMBR.exe
2014-02-18 10:12 - 2014-02-18 10:24 - 00025856 _____ () C:\Users\Andy Besing\Desktop\attach - Copy.txt
2014-02-18 10:12 - 2014-02-18 10:12 - 00025856 _____ () C:\Users\Andy Besing\Desktop\attach.txt
2014-02-18 10:12 - 2014-02-18 10:12 - 00018354 _____ () C:\Users\Andy Besing\Desktop\dds.txt
2014-02-18 10:10 - 2014-02-18 10:10 - 00688992 ____R (Swearware) C:\Users\Andy Besing\Downloads\dds (1).scr
2014-02-18 10:10 - 2014-02-18 10:10 - 00688992 _____ (Swearware) C:\Users\Andy Besing\Downloads\dds.scr
2014-02-18 09:55 - 2012-11-20 20:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-18 09:19 - 2009-07-13 23:13 - 00744902 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-18 09:05 - 2014-02-15 18:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-18 09:05 - 2010-08-13 11:37 - 00328572 _____ () C:\Windows\PFRO.log
2014-02-18 09:04 - 2014-02-15 16:06 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-18 08:58 - 2014-02-18 08:58 - 00000085 _____ () C:\Windows\wininit.ini
2014-02-18 08:58 - 2014-02-18 08:58 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-18 08:58 - 2014-02-15 18:19 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-18 08:54 - 2014-02-18 08:54 - 00023889 _____ () C:\ComboFix.txt
2014-02-18 08:54 - 2009-07-23 00:11 - 00000000 ____D () C:\Qoobox
2014-02-18 08:46 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-18 08:44 - 2014-02-17 18:08 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 20:41 - 2014-02-17 13:13 - 00007600 _____ () C:\Users\Andy Besing\AppData\Local\Resmon.ResmonCfg
2014-02-17 18:23 - 2014-02-17 18:23 - 00024164 _____ () C:\Users\Andy Besing\Desktop\combofix report.txt
2014-02-17 18:17 - 2010-08-13 12:40 - 00000000 ____D () C:\Users\Andy Besing
2014-02-17 18:07 - 2014-02-17 18:07 - 05183112 ____R (Swearware) C:\Users\Andy Besing\Downloads\ComboFix.exe
2014-02-17 18:06 - 2014-02-17 18:06 - 00543016 _____ (Fusion Install ) C:\Users\Andy Besing\Downloads\Setup.exe
2014-02-17 18:06 - 2014-02-17 18:05 - 00000000 ____D () C:\Users\Andy Besing\AppData\Roaming\GetRightToGo
2014-02-17 18:05 - 2014-02-17 18:05 - 00610798 _____ (Max Secure Software) C:\Users\Andy Besing\Desktop\MaxSDDMnew.exe
2014-02-17 18:05 - 2014-02-17 18:05 - 00368256 _____ (RegNow.com) C:\Users\Andy Besing\Downloads\Download_MaxSDDMnew.exe
2014-02-17 18:02 - 2014-02-17 18:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andy Besing\Downloads\tdsskiller (1).exe
2014-02-17 18:02 - 2014-02-17 18:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Andy Besing\Desktop\tdsskiller.exe
2014-02-17 16:08 - 2014-02-17 16:08 - 00000000 ____D () C:\42069860f03033add3eeae
2014-02-17 15:52 - 2014-02-17 15:54 - 00002117 _____ () C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2014-02-17 15:49 - 2014-02-17 15:49 - 00265752 _____ (Secure By Design Inc.) C:\Users\Andy Besing\Downloads\Ninite Essentials Installer.exe
2014-02-17 15:48 - 2014-02-17 15:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-17 15:47 - 2011-05-18 08:58 - 00000000 ____D () C:\Users\Andy Besing\Tracing
2014-02-17 15:41 - 2014-02-17 15:40 - 155264904 _____ (AVG Technologies) C:\Users\Andy Besing\Downloads\avg_free_x64_all_2014_4335a7045.exe
2014-02-17 15:38 - 2014-02-17 15:38 - 04462384 _____ (AVG Technologies) C:\Users\Andy Besing\Downloads\avg_free_stb_all_2014_4335_cnet.exe
2014-02-17 15:36 - 2014-02-17 15:36 - 00000000 ____D () C:\Users\Andy Besing\AppData\Local\MFAData
2014-02-17 15:36 - 2014-02-17 15:36 - 00000000 ____D () C:\Users\Andy Besing\AppData\Local\Avg2014
2014-02-17 15:35 - 2014-02-17 15:35 - 00265752 _____ (Secure By Design Inc.) C:\Users\Andy Besing\Downloads\Ninite AVG Installer.exe
2014-02-17 15:33 - 2010-05-15 00:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-17 15:31 - 2010-05-14 23:07 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-17 15:30 - 2014-02-17 15:30 - 00003214 _____ () C:\Windows\System32\Tasks\IHUninstallTrackingTASK
2014-02-17 15:29 - 2014-02-17 15:29 - 00003214 _____ () C:\Windows\System32\Tasks\IHSelfDeleteTASK
2014-02-17 15:29 - 2014-02-17 15:29 - 00000000 ____D () C:\ProgramData\Motive
2014-02-17 15:12 - 2010-08-15 17:34 - 00000000 ____D () C:\Program Files\Google
2014-02-17 15:12 - 2010-08-15 17:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-17 15:11 - 2010-08-15 17:34 - 00000000 ____D () C:\Users\Andy Besing\AppData\Local\Google
2014-02-17 15:11 - 2010-08-15 17:33 - 00000000 ____D () C:\ProgramData\Google
2014-02-17 13:37 - 2009-07-13 23:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-02-17 13:37 - 2009-07-13 23:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-02-17 13:22 - 2014-02-17 13:19 - 00001468 _____ () C:\Windows\KB937882.log
2014-02-17 10:06 - 2014-02-17 10:05 - 00000000 ____D () C:\640ce3d826caedf57a1b497ade
2014-02-16 10:20 - 2013-07-23 13:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 09:08 - 2011-02-03 21:06 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 19:08 - 2010-08-30 18:48 - 00000000 ____D () C:\ProgramData\Recovery
2014-02-15 19:07 - 2014-02-13 07:49 - 00000000 ____D () C:\665be9cda96a2768561cbcac0ba2bf
2014-02-15 19:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-15 19:06 - 2013-11-20 08:12 - 00000000 ____D () C:\Users\Andy Besing\Downloads\backups
2014-02-15 18:19 - 2014-02-15 18:19 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-15 18:19 - 2014-02-15 18:19 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-15 18:19 - 2014-02-15 18:19 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-02-15 18:18 - 2014-02-15 18:17 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Andy Besing\Downloads\spybot-2.2.exe
2014-02-15 18:14 - 2014-02-15 18:14 - 00000010 _____ () C:\Users\Andy Besing\AppData\Local\sponge.last.runtime.cache
2014-02-15 18:13 - 2014-02-15 18:13 - 00185800 _____ (Лаборатория Касперского) C:\Users\Andy Besing\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-15 18:10 - 2014-02-15 18:10 - 02049128 _____ (Trend Micro Inc.) C:\Users\Andy Besing\Downloads\HousecallLauncher.exe
2014-02-15 18:10 - 2014-02-15 18:10 - 00000036 _____ () C:\Users\Andy Besing\AppData\Local\housecall.guid.cache
2014-02-15 18:05 - 2013-11-25 07:50 - 00000000 ____D () C:\AdwCleaner
2014-02-15 18:01 - 2014-02-15 18:01 - 01166132 _____ () C:\Users\Andy Besing\Downloads\AdwCleaner.exe
2014-02-15 17:59 - 2014-02-15 17:59 - 00001436 _____ () C:\Users\Andy Besing\Desktop\JRT.txt
2014-02-15 17:55 - 2014-02-15 17:55 - 01037530 _____ (Thisisu) C:\Users\Andy Besing\Downloads\JRT (1).exe
2014-02-15 17:54 - 2014-02-15 17:36 - 00000000 ____D () C:\Users\Andy Besing\Desktop\mbar
2014-02-15 17:54 - 2014-02-15 17:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-15 17:36 - 2014-02-15 17:36 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-15 17:36 - 2014-02-15 17:36 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-15 17:35 - 2014-02-15 17:35 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Andy Besing\Downloads\mbar-1.07.0.1009.exe
2014-02-15 16:44 - 2014-02-15 16:44 - 01402880 _____ () C:\Users\Andy Besing\Downloads\HijackThis.msi
2014-02-15 16:31 - 2011-05-15 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-15 16:03 - 2014-02-15 16:03 - 13670584 _____ (Microsoft Corporation) C:\Users\Andy Besing\Downloads\mseinstall.exe
2014-02-15 15:58 - 2014-02-15 15:57 - 102354712 _____ (Microsoft Corporation) C:\Users\Andy Besing\Downloads\msert.exe
2014-02-15 10:35 - 2010-08-13 16:59 - 00000000 ____D () C:\Users\Andy Besing\AppData\Roaming\HpUpdate
2014-02-13 07:32 - 2014-02-13 07:32 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (4).exe
2014-02-13 00:08 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-02-12 23:35 - 2014-02-12 23:35 - 00000000 ____D () C:\Users\Public\Desktop\TrendMicro_TAV_17.10_en-US_32-bit
2014-02-12 23:24 - 2014-02-12 23:24 - 01293496 _____ () C:\Users\Andy Besing\Downloads\PDFCreatorSetup.exe
2014-02-12 23:21 - 2014-02-12 23:21 - 00664864 _____ () C:\Users\Andy Besing\Downloads\UltimateCodec.exe
2014-02-12 23:21 - 2014-02-12 23:21 - 00001095 _____ () C:\Users\Andy Besing\Desktop\Continue Codec Pack Installation.lnk
2014-02-12 23:02 - 2013-11-20 08:09 - 00014555 _____ () C:\Users\Andy Besing\Downloads\hijackthis.log
2014-02-12 23:01 - 2014-02-12 23:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Andy Besing\Downloads\HijackThis (1).exe
2014-02-12 22:50 - 2014-02-12 22:50 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (3).exe
2014-02-12 22:46 - 2014-02-12 22:46 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-CleanUp-SEO-10727454.exe
2014-02-12 22:38 - 2014-02-12 22:38 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (2).exe
2014-02-12 21:59 - 2014-02-12 21:59 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (1).exe
2014-02-12 21:51 - 2013-11-25 08:47 - 10820032 _____ (SurfRight B.V.) C:\Users\Andy Besing\Desktop\HitmanPro_x64.exe
2014-02-12 21:18 - 2014-02-12 21:18 - 00930440 _____ (CNET Download.com) C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221.exe
2014-02-12 20:40 - 2014-01-24 12:30 - 00026112 _____ () C:\Users\Andy Besing\Desktop\Barrett Birthday Invites 2014.xls
2014-02-12 20:26 - 2014-02-12 20:21 - 00000000 ____D () C:\Users\Andy Besing\AppData\Roaming\.minecraft
2014-02-12 20:21 - 2014-02-12 20:21 - 00675988 _____ () C:\Users\Andy Besing\Downloads\Minecraft.exe
2014-02-12 20:11 - 2014-02-12 20:11 - 00675988 _____ () C:\Users\Andy Besing\Downloads\Minecraft-Installer.exe
2014-02-12 20:11 - 2014-02-12 20:11 - 00000392 _____ () C:\Users\Andy Besing\Desktop\FREE Games.url
2014-02-12 20:11 - 2014-02-12 20:11 - 00000047 _____ () C:\Users\Andy Besing\AppData\Roaming\WB.CFG
2014-02-12 20:10 - 2014-02-12 20:10 - 00619024 _____ ( ) C:\Users\Andy Besing\Downloads\Minecraft Download Manager.exe
2014-02-12 19:45 - 2011-10-26 08:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-12 19:45 - 2010-08-24 08:45 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-11 07:09 - 2010-08-15 17:34 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 07:09 - 2010-08-15 17:34 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-09 14:19 - 2013-11-12 10:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-08 11:52 - 2014-02-08 11:51 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-08 10:27 - 2014-01-31 17:41 - 00027136 _____ () C:\Users\Andy Besing\Desktop\Blakely Birthday Invites 2014.xls
2014-02-08 07:37 - 2012-11-20 20:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-08 07:37 - 2012-11-20 20:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-08 07:37 - 2012-11-20 20:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-03 20:19 - 2014-01-03 09:55 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-01 03:20 - 2014-02-16 08:46 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 03:19 - 2014-02-16 08:46 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 03:19 - 2014-02-16 08:46 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 03:18 - 2014-02-16 08:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 01:58 - 2014-02-16 08:46 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 01:58 - 2014-02-16 08:46 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 01:57 - 2014-02-16 08:46 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 01:40 - 2014-02-16 08:46 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 01:34 - 2014-02-16 08:46 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 00:45 - 2014-02-16 08:46 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-01 00:38 - 2014-02-16 08:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-31 08:36 - 2014-01-31 08:36 - 00606272 _____ () C:\Users\Andy Besing\Downloads\PDFlite-0.11.2.exe
2014-01-31 08:36 - 2014-01-31 08:36 - 00606272 _____ () C:\Users\Andy Besing\Downloads\PDFlite-0.11.2 (1).exe
2014-01-28 20:56 - 2014-01-27 14:26 - 00000000 ____D () C:\Users\Andy Besing\Documents\Laugh for Lymphoma
2014-01-27 17:03 - 2014-01-27 16:45 - 00046592 _____ () C:\Users\Andy Besing\Documents\Barrett's 7th Birthday Invite.pub
2014-01-25 13:01 - 2014-01-25 13:01 - 07141688 _____ () C:\Users\Andy Besing\Downloads\Laugh for Lymphoma Presentation.zip
2014-01-19 01:33 - 2010-08-15 16:30 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Files to move or delete:
====================
C:\Users\Andy Besing\gotomypc_437.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 17:36
==================== End Of Log ============================
abesing44
2014-02-19, 03:29
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by Andy Besing at 2014-02-18 19:17:27
Running from C:\Users\Andy Besing\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Acrobat XI Pro (x32 Version: 11.0.06 - Adobe Systems)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player (x32 Version: 11.5.1.601 - Adobe Systems, Inc.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AVG SafeGuard toolbar (x32 Version: 17.1.2.1 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden
Check Point Deployment Shell (x32 Version: 8.00.0000 - Check Point)
Check Point SSL Network Extender (x32 Version: 7.01.0000 - CheckPoint)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 4.1.3419 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3419 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1110 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1110 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.0.2201 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2201 - CyberLink Corp.) Hidden
DigiDo (x32 Version: - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
FlipShare (x32 Version: 5.10.25.0 - Flip Video)
Font Installer Packages (HKCU Version: - ) <==== ATTENTION
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (x32 Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (x32 Version: 1.0.0.80 - WildTangent)
HP Quick Launch (Version: 1.0.18 - Hewlett-Packard)
HP Setup (x32 Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Software Framework (x32 Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 6.1.12.1 - Hewlett-Packard Company)
HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0183 (x32 Version: 1.01.0001 - Hewlett-Packard)
HP Wireless Assistant (x32 Version: 3.50.12.1 - Hewlett-Packard)
iCloud (Version: 3.0.2.163 - Apple Inc.)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2086 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002 - Intel Corporation)
IntelŽ Matrix Storage Manager (Version: - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
LightScribe System Software (x32 Version: 1.18.16.1 - LightScribe)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.4.0 - Apple Inc.)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
muvee Reveal (x32 Version: 7.0.43.11502 - muvee Technologies Pte Ltd)
Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden
Norton Online Backup (x32 Version: 1.2.20.0 - Symantec)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (x32 Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
RtVOsd (Version: 1.0.6 - Realtek Semiconductor Corp.)
Safari (x32 Version: 5.34.57.2 - Apple Inc.)
Skype Click to Call (x32 Version: 5.6.8312 - Skype Technologies S.A.)
Skype 6.0 (x32 Version: 6.0.126 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 15.1.6.64 - Synaptics Incorporated)
TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VUDU To Go (x32 Version: 2.0.7 - Vudu)
VUDU To Go (x32 Version: 2.0.7 - Vudu) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Yahoo! Install Manager (x32 Version: - )
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden
==================== Restore Points =========================
13-01-2014 22:46:43 Scheduled Checkpoint
16-01-2014 14:00:35 Windows Update
27-01-2014 23:53:57 Scheduled Checkpoint
08-02-2014 17:51:05 Installed Java 7 Update 51
13-02-2014 13:43:05 Windows Update
15-02-2014 22:07:44 Windows Update
16-02-2014 14:45:04 Windows Update
17-02-2014 16:04:41 Windows Update
17-02-2014 21:30:45 Removed Acrobat.com
17-02-2014 21:31:27 Removed Java(TM) 6 Update 17 (64-bit)
17-02-2014 21:33:04 Removed Java(TM) 6 Update 32
17-02-2014 22:03:04 Windows Update
18-02-2014 15:15:28 Windows Update
==================== Hosts content: ==========================
2009-07-13 20:34 - 2014-02-18 08:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2F4B3AC0-763A-4FCD-A1F5-E78CADCB0D53} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: {2F4FE1B4-8009-45BE-8012-88450399C4F3} - System32\Tasks\{5D1BA6F0-A8ED-4EBD-A862-3B8D8A2719F9} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.104.259/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
Task: {3C72638D-0E65-404F-8CAD-354C50E49EB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {44DB3672-50A5-44E5-A0C1-5F4E912BED28} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {4691130B-DD84-4F9F-B978-194884F8EF23} - \BackgroundContainer Startup Task No Task File
Task: {49E0D65B-1D71-4EB9-9948-39F765B15E3C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {706B7452-B067-4E1C-9A0F-EF8451F871C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {76360560-7DCB-476F-91E9-71DF98C07B9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {82AA3C49-A9FC-46A1-B7EA-2BC2C73AB145} - System32\Tasks\{AD3C96A3-E875-4FF4-8E0B-18921AC62062} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)
Task: {83E05DAC-8090-4ECD-AF97-6F016FFA3AAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {84364589-2956-4448-8967-C5AC43D883B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08] (Adobe Systems Incorporated)
Task: {9183254F-F09A-4436-A0C6-8DC6F687F859} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {9B5226EE-595C-470C-ABEB-97574082D78C} - \MySearchDial No Task File
Task: {A860E6AB-3BFD-4C8E-BC47-820C573FF221} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {B02D9F57-EE10-4E12-81C5-9435029E1A54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15] (Google Inc.)
Task: {B1DE9884-D62E-46F5-853B-069D2413D791} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {BBC0E7A3-7409-4C20-B9FC-9C60472280E8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {C0C8140C-CF4C-473A-A161-014334B1DE00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15] (Google Inc.)
Task: {E3737029-A22E-4503-ACF7-007AB63585B9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) =============
2013-11-11 16:49 - 2013-08-26 06:12 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2010-12-15 13:31 - 2010-12-15 13:31 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2010-12-15 13:22 - 2010-12-15 13:22 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
2010-01-18 16:04 - 2010-01-18 16:04 - 00020480 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2010-05-14 23:31 - 2009-07-06 13:20 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 ____R () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2012-08-10 16:08 - 2011-10-17 13:04 - 00022896 _____ () C:\Program Files (x86)\TWC\DigiDo\AffinegyServicePS.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2010-12-15 13:31 - 2010-12-15 13:31 - 04300800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2010-12-15 13:26 - 2010-12-15 13:26 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
2010-06-16 11:48 - 2010-06-16 11:48 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-06-16 11:48 - 2010-06-16 11:48 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-06-16 11:48 - 2010-06-16 11:48 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-10 16:08 - 2010-08-11 19:29 - 00325632 _____ () C:\Program Files (x86)\TWC\DigiDo\QtXml4.dll
2012-08-10 16:08 - 2010-08-11 19:29 - 01954304 _____ () C:\Program Files (x86)\TWC\DigiDo\QtCore4.dll
2012-08-10 16:08 - 2010-08-11 19:29 - 07187456 _____ () C:\Program Files (x86)\TWC\DigiDo\QtGui4.dll
2012-08-10 16:08 - 2010-08-11 19:29 - 00847360 _____ () C:\Program Files (x86)\TWC\DigiDo\QtNetwork4.dll
2012-08-10 16:08 - 2011-10-17 12:49 - 00333824 _____ () C:\Program Files (x86)\TWC\DigiDo\DigiDoFlavor.dll
2012-08-10 16:08 - 2010-12-09 17:34 - 00119808 _____ () C:\Program Files (x86)\TWC\DigiDo\imageformats\qjpeg4.dll
2012-08-10 16:08 - 2011-10-17 12:54 - 01686016 _____ () C:\Program Files (x86)\TWC\DigiDo\gateways\ArrisTG852GLOC.dll
2014-02-03 20:19 - 2014-02-01 17:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-03 20:19 - 2014-02-01 17:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-03 20:19 - 2014-02-01 17:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-03 20:19 - 2014-02-01 17:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-03 20:19 - 2014-02-01 17:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Program Files (x86)\DoylesRoom:MID
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: FromDocToPDF Home Page Guard 64 bit => "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/18/2014 10:02:17 AM) (Source: Bonjour Service) (User: )
Description: 596: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (02/18/2014 10:02:17 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 10:02:15 AM) (Source: Bonjour Service) (User: )
Description: 588: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (02/18/2014 10:02:15 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 10:02:13 AM) (Source: Bonjour Service) (User: )
Description: 580: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (02/18/2014 10:02:13 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 10:02:11 AM) (Source: Bonjour Service) (User: )
Description: 708: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (02/18/2014 10:02:11 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 10:02:10 AM) (Source: Bonjour Service) (User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (02/18/2014 10:02:10 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
System errors:
=============
Error: (02/18/2014 07:02:50 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.1.2 service failed to start due to the following error:
%%2
Error: (02/18/2014 10:36:48 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/18/2014 10:36:48 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/18/2014 10:36:48 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/18/2014 10:36:40 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/18/2014 10:36:40 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/18/2014 10:36:40 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/18/2014 10:34:46 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/18/2014 10:34:46 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/18/2014 10:34:46 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (02/18/2014 10:02:17 AM) (Source: Bonjour Service)(User: )
Description: 596: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (02/18/2014 10:02:17 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 10:02:15 AM) (Source: Bonjour Service)(User: )
Description: 588: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (02/18/2014 10:02:15 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 10:02:13 AM) (Source: Bonjour Service)(User: )
Description: 580: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (02/18/2014 10:02:13 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 10:02:11 AM) (Source: Bonjour Service)(User: )
Description: 708: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (02/18/2014 10:02:11 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/18/2014 10:02:10 AM) (Source: Bonjour Service)(User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (02/18/2014 10:02:10 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
CodeIntegrity Errors:
===================================
Date: 2014-02-18 08:43:00.147
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-18 08:42:59.819
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-18 08:42:59.460
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-18 08:42:59.070
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-17 18:17:45.604
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-17 18:17:45.386
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-05-15 19:47:38.827
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 3893.86 MB
Available physical RAM: 2315.23 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5861.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:283.53 GB) (Free:96.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.27 GB) (Free:2.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 59EF7CDD)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
I can see you have run ComboFix, I would like to see the log it created.
C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.
How about c:\Combofix\combofix.txt <-- is it here?
~~~~~~~~~~~~~~~~~~`
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
SearchScopes: HKLM-x32 - {CE4487AD-3505-4DAF-9F03-7FA53F88005A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
FF Plugin-x32: /YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No File
C:\Users\Andy Besing\gotomypc_437.exe
Task: {4691130B-DD84-4F9F-B978-194884F8EF23} - \BackgroundContainer Startup Task No Task File
Task: {9B5226EE-595C-470C-ABEB-97574082D78C} - \MySearchDial No Task File
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Please post:
Fixlog.txt
C:\qoobox\quarantined_files.txt
C:\Combofix\combofix.txt
Also, please tell me how the computer is at the moment.
abesing44
2014-02-19, 05:31
first, here's the combofix log:
ComboFix 09-07-26.01 - Sylvia 07/26/2009 22:15.1.2 - NTFSx86
Running from: c:\users\Sylvia\Desktop\Combo-Fix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3057243524-1546335025-3298230726-500
c:\$recycle.bin\S-1-5-21-3897157022-4226029525-1121493721-500
c:\windows\Installer\28b6e0.msi
c:\windows\Installer\336ed42.msi
c:\windows\Installer\65c04.msi
c:\windows\Installer\7c918.msi
c:\windows\Installer\819a7.msi
c:\windows\Installer\8e10b.msi
c:\windows\Installer\a315c.msi
c:\windows\system32\drivers\ESQULfdthbiyqctjovogbtvgvfccnquvbwvih.sys
c:\windows\system32\ESQULaiodrcmdruwbeomkixpnxthpbkwlriwi.dll
c:\windows\system32\ESQULppnsepiapgxvvwxqttbpgeadjtwrtcdw.dll
c:\windows\system32\ESQULzcounter
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ESQULserv.sys
-------\Service_ESQULserv.sys
((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.
2009-07-27 03:27 . 2009-07-27 03:30 -------- d-----w- c:\users\Sylvia\AppData\Local\temp
2009-07-27 03:10 . 2009-07-27 03:10 -------- d-sh--w- C:\found.000
2009-07-24 02:55 . 2009-07-27 03:36 117760 ----a-w- c:\users\Sylvia\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-24 02:55 . 2009-07-24 02:55 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2009-07-23 17:54 . 2009-07-23 17:54 -------- d-----w- c:\users\Sylvia\AppData\Roaming\Malwarebytes
2009-07-23 17:46 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 17:46 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 17:46 . 2009-07-23 17:50 -------- d-----w- c:\program files\abesing43
2009-07-23 17:24 . 2009-07-23 17:41 -------- d-----w- c:\program files\abesing44.exe
2009-07-23 14:07 . 2009-07-23 14:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-23 06:48 . 2009-07-24 02:55 -------- d-----w- c:\program files\SUPER-AntiSpyware
2009-07-23 06:48 . 2009-07-23 06:48 -------- d-----w- c:\users\Sylvia\AppData\Roaming\SUPERAntiSpyware.com
2009-07-23 04:49 . 2009-07-23 04:49 203632 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-23 01:41 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-23 01:41 . 2009-07-23 01:41 -------- d-----w- c:\program files\Panda Security
2009-07-23 01:28 . 2009-07-27 02:49 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-22 22:50 . 2009-07-24 04:57 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-22 22:50 . 2009-07-23 07:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-22 22:44 . 2009-07-22 22:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 17:40 . 2009-07-22 17:40 -------- d-----w- c:\users\Sylvia\AppData\Roaming\Yahoo!
2009-07-22 17:40 . 2009-07-22 17:40 -------- d-----w- c:\program files\CCleaner
2009-07-22 17:28 . 2009-07-22 17:28 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-22 17:28 . 2009-07-23 06:28 -------- d-----w- c:\program files\mb
2009-07-22 17:22 . 2009-07-22 17:22 -------- d-----w- c:\program files\Carbonite
2009-07-22 17:19 . 2009-07-22 17:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 17:10 . 2009-07-22 17:10 -------- d-----w- c:\progra~2\McAfee
2009-07-22 13:46 . 2009-07-22 13:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-22 13:46 . 2009-07-22 13:46 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-22 13:46 . 2009-07-22 13:46 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-22 13:46 . 2009-07-22 13:46 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-22 13:46 . 2009-07-26 22:41 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-22 13:46 . 2009-07-22 13:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-22 13:46 . 2009-07-22 13:47 -------- d-----w- c:\progra~2\AVG Security Toolbar
2009-07-22 13:46 . 2009-07-22 13:46 -------- d-----w- c:\program files\AVG
2009-07-22 13:46 . 2009-07-22 13:46 -------- d-----w- c:\progra~2\avg8
2009-07-22 13:36 . 2009-07-22 13:36 -------- d-----w- c:\users\Sylvia\AppData\Roaming\AVG8
2009-07-22 05:40 . 2009-07-22 05:43 -------- d-----w- c:\program files\Trend Micro
2009-07-22 05:03 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-22 04:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-22 04:25 . 2009-07-22 04:25 -------- dc-h--w- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-22 04:25 . 2009-07-22 04:29 -------- d-----w- c:\progra~2\Lavasoft
2009-07-22 04:25 . 2009-07-22 04:25 -------- d-----w- c:\program files\Lavasoft
2009-07-15 10:40 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 10:40 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 10:40 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 10:40 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-11 14:18 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-11 14:18 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 03:28 . 2007-09-21 15:14 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-24 05:01 . 2007-10-17 18:20 -------- d-----w- c:\progra~2\Yahoo! Companion
2009-07-22 18:09 . 2008-01-08 10:09 680 ----a-w- c:\users\Sylvia\AppData\Local\d3d9caps.dat
2009-07-22 17:16 . 2007-07-25 13:03 -------- d-----w- c:\program files\Java
2009-07-17 13:40 . 2008-01-18 20:15 130806 ----a-w- c:\windows\hpoins18.dat
2009-07-16 08:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 02:49 . 2008-02-26 13:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-30 20:36 . 2009-07-15 21:02 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe
2009-06-30 20:10 . 2009-07-15 21:02 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe
2009-06-30 20:03 . 2009-07-15 21:02 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe
2009-06-30 17:44 . 2009-07-15 21:02 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe
2009-06-26 23:36 . 2009-07-15 21:02 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe
2009-06-12 08:11 . 2007-07-25 12:15 -------- d-----w- c:\program files\Microsoft Works
2009-06-01 02:29 . 2009-06-01 02:28 -------- d-----w- c:\users\Sylvia\AppData\Roaming\Image Zone Express
2009-06-01 02:29 . 2009-06-01 02:28 -------- d-----w- c:\users\Sylvia\AppData\Roaming\Printer Info Cache
2009-04-30 12:37 . 2009-06-13 18:35 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-13 18:35 428544 ----a-w- c:\windows\system32\EncDec.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-27 19:35 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPER-AntiSpyware\bug.exe" [2009-06-23 1830128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"StarzTray"="c:\program files\Vongo\VongoTray.exe" [2007-12-12 385024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-05-19 181744]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-06-13 554552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-19 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-19 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-19 8462336]
"MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-06-25 283792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-22 1948440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPER-AntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPER-AntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{36891B2F-5C11-4905-AADE-21B3967AD26D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADF6C260-7712-48A5-A01E-268F87B58425}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27AB2FCC-ECCE-4EDB-A911-6EB057F565D4}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{F2C27B35-909D-4904-80C7-52AD20DF8B5E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8470189F-6F70-42D9-8ACD-BC6AE5B4E95F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4BD43095-B682-4288-8CDC-3D67CBEB816D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{54051A4B-5A08-42B6-AC17-D8245F94F131}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E946F12E-C43A-488A-B21E-613CF6F903DF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1EDD8845-D07C-4514-9FA3-884F8B771BFE}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7AD59B55-E581-425C-AC65-4BB58662909B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{B0B13C8E-CAAE-43EB-ACD1-E31AA5A3B2C9}c:\\program files\\vongo\\vongotray.exe"= UDP:c:\program files\vongo\vongotray.exe:StarzTray
"UDP Query User{5F8C6C55-B8AC-4A30-AE50-E08804794C16}c:\\program files\\vongo\\vongotray.exe"= TCP:c:\program files\vongo\vongotray.exe:StarzTray
"TCP Query User{C33FEA7C-1B22-4968-8C5E-E7920FF5294A}c:\\program files\\vongo\\vongo.exe"= UDP:c:\program files\vongo\vongo.exe:Vongo
"UDP Query User{5702F3BC-E0FC-42BA-AF32-5B8DB6E2D647}c:\\program files\\vongo\\vongo.exe"= TCP:c:\program files\vongo\vongo.exe:Vongo
"TCP Query User{56062997-94A8-4D44-9699-3BD04A10B4D3}c:\\program files\\vongo\\vongotray.exe"= UDP:c:\program files\vongo\vongotray.exe:StarzTray
"UDP Query User{5A1807F5-D395-43EA-91D7-F19AEB9D2ABB}c:\\program files\\vongo\\vongotray.exe"= TCP:c:\program files\vongo\vongotray.exe:StarzTray
"{1FED1F73-93D6-4F91-8719-CAF75090EFEC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{845E5B1C-EA1C-4A0C-9B01-B213E4509E04}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3896C5A3-3975-4534-9720-12BDABBAB4C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89E085AD-028B-4177-B01F-1E7C13044059}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C67EFF80-696B-4CD9-BFEC-93393BEF3934}"= c:\program files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE:VPN-1 SecuRemote/SecureClient service
"{9945B6BF-BA5F-4F06-9CC6-4FE4B92ABD70}"= c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:VPN-1 SecuRemote/SecureClient application
"{88606D93-786D-44A0-8B58-4383F0DBFF7E}"= c:\program files\CheckPoint\SecuRemote\bin\SCC.EXE:VPN-1 SecuRemote/SecureClient command line
"{8BFD3353-54CB-4293-A13D-EA7011C96EA8}"= c:\program files\CheckPoint\SecuRemote\bin\SR_DIAGNOSTICS.EXE:VPN-1 SecuRemote/SecureClient diagnostics
"{C749E103-B6B7-463E-869D-437323E9B9EF}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{3B4B71C3-E2D3-4DA3-BE06-29810872FE6E}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{FA6E9B7A-13EB-4999-A02F-968E6A86AA64}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{E74148F0-AF1A-46A5-9C4D-E4C1BA98F91A}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{4C5667DD-5B78-43C7-8932-975CED4462E6}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [7/22/2009 8:46 AM 12552]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/21/2009 11:29 PM 64160]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [7/22/2009 8:41 PM 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7/22/2009 8:46 AM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7/22/2009 8:46 AM 108552]
R1 FW1;SecuRemote Miniport;c:\windows\System32\drivers\fw.sys [5/24/2007 10:13 AM 2234800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPER-AntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPER-AntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/22/2009 8:46 AM 298776]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\System32\drivers\omdrv.sys [5/24/2007 10:13 AM 36368]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [7/22/2009 5:50 PM 1153368]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\System32\drivers\vnasc.sys [5/24/2007 10:13 AM 110032]
R2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [5/24/2007 10:13 AM 673456]
R3 SASENUM;SASENUM;c:\program files\SUPER-AntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\System32\drivers\BTHPRINT.SYS [6/17/2008 10:04 AM 29696]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SASENUM
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 22:32
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Sylvia\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5208)
c:\windows\system32\btncopy.dll
c:\program files\Adobe\Reader 8.0\Reader\viewerps.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\Maxtor\Utils\SyncServices.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\System32\dllhost.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Hewlett-Packard\HP Advisor\SSDK04.exe
.
**************************************************************************
.
Completion time: 2009-07-27 22:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-27 03:51
Pre-Run: 100,230,381,568 bytes free
Post-Run: 100,059,262,976 bytes free
308 --- E O F --- 2009-07-23 14:33
abesing44
2014-02-19, 05:40
here is the FRST log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Andy Besing at 2014-02-18 21:38:04 Run:1
Running from C:\Users\Andy Besing\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
SearchScopes: HKLM-x32 - {CE4487AD-3505-4DAF-9F03-7FA53F88005A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
FF Plugin-x32: /YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No File
C:\Users\Andy Besing\gotomypc_437.exe
Task: {4691130B-DD84-4F9F-B978-194884F8EF23} - \BackgroundContainer Startup Task No Task File
Task: {9B5226EE-595C-470C-ABEB-97574082D78C} - \MySearchDial No Task File
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
end
*****************
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CE4487AD-3505-4DAF-9F03-7FA53F88005A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CE4487AD-3505-4DAF-9F03-7FA53F88005A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\/YahooActiveXPluginBridge;version=1.0.0.1 => Key not found.
C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll not found.
C:\Users\Andy Besing\gotomypc_437.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4691130B-DD84-4F9F-B978-194884F8EF23} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4691130B-DD84-4F9F-B978-194884F8EF23} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B5226EE-595C-470C-ABEB-97574082D78C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B5226EE-595C-470C-ABEB-97574082D78C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
C:\ProgramData\Temp => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
==== End of Fixlog ====
abesing44
2014-02-19, 05:41
Here is the FRST log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Andy Besing at 2014-02-18 21:38:04 Run:1
Running from C:\Users\Andy Besing\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
SearchScopes: HKLM-x32 - {CE4487AD-3505-4DAF-9F03-7FA53F88005A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
FF Plugin-x32: /YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No File
C:\Users\Andy Besing\gotomypc_437.exe
Task: {4691130B-DD84-4F9F-B978-194884F8EF23} - \BackgroundContainer Startup Task No Task File
Task: {9B5226EE-595C-470C-ABEB-97574082D78C} - \MySearchDial No Task File
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
end
*****************
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CE4487AD-3505-4DAF-9F03-7FA53F88005A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CE4487AD-3505-4DAF-9F03-7FA53F88005A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\/YahooActiveXPluginBridge;version=1.0.0.1 => Key not found.
C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll not found.
C:\Users\Andy Besing\gotomypc_437.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4691130B-DD84-4F9F-B978-194884F8EF23} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4691130B-DD84-4F9F-B978-194884F8EF23} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B5226EE-595C-470C-ABEB-97574082D78C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B5226EE-595C-470C-ABEB-97574082D78C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
C:\ProgramData\Temp => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
==== End of Fixlog ====
abesing44
2014-02-19, 05:46
sorry, here's the combofix log:
ComboFix 14-02-16.01 - Andy Besing 02/18/2014 8:28.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1735 [GMT -6:00]
Running from: c:\users\Andy Besing\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andy Besing\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\ANDYBE~1\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-01-18 to 2014-02-18 )))))))))))))))))))))))))))))))
.
.
2014-02-18 14:44 . 2014-02-18 14:44 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-02-18 00:05 . 2014-02-18 00:06 -------- d-----w- c:\users\Andy Besing\AppData\Roaming\GetRightToGo
2014-02-17 22:21 . 2013-10-28 05:41 965000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78D29105-570C-48B4-9E79-D9D16525C7A9}\gapaengine.dll
2014-02-17 22:17 . 2014-02-17 07:32 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B984C84-C4B5-4A78-AED5-13522BFC3C9B}\mpengine.dll
2014-02-17 22:08 . 2014-02-17 22:08 -------- d-----w- C:\42069860f03033add3eeae
2014-02-17 21:50 . 2014-02-17 21:50 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-02-17 21:49 . 2014-02-17 21:53 -------- d-----w- c:\program files\Microsoft Security Client
2014-02-17 21:36 . 2014-02-17 21:48 -------- d-----w- c:\programdata\MFAData
2014-02-17 21:36 . 2014-02-17 21:36 -------- d-----w- c:\users\Andy Besing\AppData\Local\MFAData
2014-02-17 21:36 . 2014-02-17 21:36 -------- d-----w- c:\users\Andy Besing\AppData\Local\Avg2014
2014-02-17 21:33 . 2013-12-19 03:10 877480 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2014-02-17 21:33 . 2013-12-19 03:10 800168 ----a-w- c:\windows\SysWow64\deployJava1.dll
2014-02-17 21:29 . 2014-02-17 21:29 -------- d-----w- c:\programdata\Motive
2014-02-17 16:05 . 2014-02-17 16:06 -------- d-----w- C:\640ce3d826caedf57a1b497ade
2014-02-16 00:19 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-02-16 00:19 . 2014-02-17 19:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-02-16 00:19 . 2014-02-17 19:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-02-15 23:36 . 2014-02-15 23:54 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-15 23:36 . 2014-02-15 23:36 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-15 23:36 . 2014-02-15 23:36 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-13 13:49 . 2014-02-16 01:07 -------- d-----w- C:\665be9cda96a2768561cbcac0ba2bf
2014-02-13 02:21 . 2014-02-13 02:26 -------- d-----w- c:\users\Andy Besing\AppData\Roaming\.minecraft
2014-02-13 02:00 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 02:00 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 02:00 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 02:00 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-08 17:52 . 2013-12-19 03:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-17 17:56 . 2010-12-29 01:45 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-02-17 17:54 . 2010-11-24 04:31 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-02-17 17:53 . 2010-11-24 04:20 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-02-17 17:52 . 2010-11-24 04:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-16 15:08 . 2011-02-04 03:06 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-08 13:37 . 2012-11-21 02:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-08 13:37 . 2012-11-21 02:35 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33 . 2010-08-15 22:30 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-07 00:40 . 2010-11-24 04:31 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-01-07 00:39 . 2014-01-07 00:39 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-01-07 00:39 . 2010-12-29 01:44 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-01-07 00:39 . 2010-12-09 15:28 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-11-27 01:41 . 2014-01-15 13:15 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 13:15 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 13:16 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 13:16 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 13:15 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 13:15 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 13:15 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 13:15 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 13:15 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-25 14:56 . 2013-11-25 14:56 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-11-23 18:26 . 2013-12-12 00:48 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 00:48 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-20 23:34 . 2013-11-20 14:40 556632 ----a-w- c:\windows\system32\drivers\7999121drv.sys
2013-11-20 23:34 . 2013-11-20 14:40 460888 ----a-w- c:\windows\system32\drivers\70817744.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DigiDo"="c:\program files (x86)\TWC\DigiDo\TrayApp.exe" [2011-10-17 1458544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-12-21 3478392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PCloudBroom64.exe \systemroot\system32\BroomData.bit\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 70817744;70817744;c:\windows\system32\DRIVERS\70817744.sys;c:\windows\SYSNATIVE\DRIVERS\70817744.sys [x]
S1 7999121drv;7999121drv;c:\windows\system32\DRIVERS\7999121drv.sys;c:\windows\SYSNATIVE\DRIVERS\7999121drv.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [x]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys;c:\windows\SYSNATIVE\DRIVERS\vna.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 02:16 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 13:37]
.
2014-02-16 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-02-16 16:57]
.
2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 23:34]
.
2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 23:34]
.
2014-02-16 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-02-16 16:49]
.
2014-02-16 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-02-16 16:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-07-16 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://sc1.checkpoint.com/sc/update/CSHELL/extender.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TWC\DigiDo\AffinegyService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2014-02-18 08:54:14 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-18 14:54
ComboFix2.txt 2014-02-18 00:21
ComboFix3.txt 2009-07-27 03:51
.
Pre-Run: 103,627,214,848 bytes free
Post-Run: 103,335,415,808 bytes free
.
- - End Of File - - CA877C4E878DD25FCEFADB355A16AD51
30A95EEC7834CCD84883CDD8251E35B3
abesing44
2014-02-19, 05:47
heres the fixlog report, and yes computer is running fine, but haven't rebooted yet! cross fingers.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Andy Besing at 2014-02-18 21:38:04 Run:1
Running from C:\Users\Andy Besing\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
SearchScopes: HKLM-x32 - {CE4487AD-3505-4DAF-9F03-7FA53F88005A} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
FF Plugin-x32: /YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No File
C:\Users\Andy Besing\gotomypc_437.exe
Task: {4691130B-DD84-4F9F-B978-194884F8EF23} - \BackgroundContainer Startup Task No Task File
Task: {9B5226EE-595C-470C-ABEB-97574082D78C} - \MySearchDial No Task File
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
end
*****************
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{CE4487AD-3505-4DAF-9F03-7FA53F88005A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CE4487AD-3505-4DAF-9F03-7FA53F88005A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\/YahooActiveXPluginBridge;version=1.0.0.1 => Key not found.
C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll not found.
C:\Users\Andy Besing\gotomypc_437.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4691130B-DD84-4F9F-B978-194884F8EF23} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4691130B-DD84-4F9F-B978-194884F8EF23} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B5226EE-595C-470C-ABEB-97574082D78C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B5226EE-595C-470C-ABEB-97574082D78C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
C:\ProgramData\Temp => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
==== End of Fixlog ====
At the moment all I see is a couple of entries for Symantec/Nortons on the machine and you use AVG?
Tell me how the computer is now?
abesing44
2014-02-19, 16:15
My IT guy at work installed AVG, I haven't used Norton in a while. Computer running great, but haven't restarted since we did the scans/fixes. Should I restart now?
got to see what happens to know what to do next, please reboot.
And I need to know if this is a personal computer or a work/business computer because we do not offer assistance for business computers or offer IT work, especially if you have an IT department.
abesing44
2014-02-19, 16:29
its my home computer, my IT guy looked at it for me. Here we go, reboot!
abesing44
2014-02-19, 16:37
Quickest restart since it was a new computer, youre a genius, thank you!
LOL
your welcome
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
start
DeleteQuarantine:
end
~~~~~~~~~~~~~~
Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.
Go to Start > Run > copy and paste the full text path in the run box
ComboFix /Uninstall
Note the space between the x and the /U, it needs to be there.
~~~~~~~~~~~~~~~~~~~~
Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg
Click Run
*************
No more questions or issues your good to go!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)
*********************************************
Please read the following safe computing articles..
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
abesing44
2014-02-20, 05:54
Juliet, you are going to kill me or not respond! I thought I was clean, and my son wanted to play his game, minecraft, which I paid for on the Mojang website. Downloaded the game from their site, and there we go again. extremely sluggish computer and CPU running at 100%. So sorry I didn't wait for your reply.
Do we start over? I am in safe mode again, as its the only way I can write an email without waiting for 5 minutes before it sends.
abesing44
2014-02-20, 07:24
I repeated your instructions and now seem to be running normal again. sorry. let me know if you want any repeat scans. CPU is running well. I deleted the offending minecraft.
Well, thats odd. Wonder if it downloaded extras from that site?
To make sure let's run:
Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish
abesing44
2014-02-21, 06:03
Juliet, sorry for the delay. Eset would hang in normal, so I ran it in safe mode. Looks like we still have some threats.
C:\Users\Andy Besing\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUG4TXV1\spstub[1].exe Win32/Conduit.SearchProtect.L potentially unwanted application
C:\Users\Andy Besing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\17dcbab9-4e40897e a variant of Java/Exploit.CVE-2010-0840.NAN trojan
C:\Users\Andy Besing\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Font Installer Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi145-AdwCleaner-ORG-75851221.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (2).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (3).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (4).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-CleanUp-SEO-10727454.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Andy Besing\Downloads\Minecraft Download Manager.exe a variant of Win32/InstallCore.IO potentially unwanted application
C:\Users\Andy Besing\Downloads\PDFCreatorSetup.exe a variant of Win32/InstallCore.JK potentially unwanted application
C:\Users\Andy Besing\Downloads\PDFlite-0.11.2 (1).exe a variant of Win32/InstallCore.FJ potentially unwanted application
C:\Users\Andy Besing\Downloads\PDFlite-0.11.2.exe a variant of Win32/InstallCore.FJ potentially unwanted application
C:\Users\Andy Besing\Downloads\Setup.exe a variant of Win32/AdWare.iBryte.Q application
C:\Users\Andy Besing\Downloads\UltimateCodec.exe a variant of Win32/InstallCore.JK potentially unwanted application
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081242-809.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081242-994.dll a variant of Win32/BrowseFox.F potentially unwanted application
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081425-738.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Users\Andy Besing\Downloads\backups\backup-20131120-082845-587.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Users\Andy Besing\Downloads\backups\backup-20131120-092331-917.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Users\Andy Besing\Downloads\backups\backup-20131120-093331-326.dll a variant of Win32/BrowseFox.F potentially unwanted application
Let's remove some bad files.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\Users\Andy Besing\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUG4TXV1\spstub[1].exe
C:\Users\Andy Besing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\17dcbab9-4e40897e
C:\Users\Andy Besing\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Font Installer Packages\uninstaller.exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi145-AdwCleaner-ORG-75851221.exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (1).exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (2).exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (3).exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (4).exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221.exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-CleanUp-SEO-10727454.exe
C:\Users\Andy Besing\Downloads\Minecraft Download Manager.exe
C:\Users\Andy Besing\Downloads\PDFCreatorSetup.exe
C:\Users\Andy Besing\Downloads\PDFlite-0.11.2 (1).exe
C:\Users\Andy Besing\Downloads\PDFlite-0.11.2.exe
C:\Users\Andy Besing\Downloads\Setup.exe
C:\Users\Andy Besing\Downloads\UltimateCodec.exe
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081242-809.dll
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081242-994.dll
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081425-738.dll
C:\Users\Andy Besing\Downloads\backups\backup-20131120-082845-587.dll
C:\Users\Andy Besing\Downloads\backups\backup-20131120-092331-917.dll
C:\Users\Andy Besing\Downloads\backups\backup-20131120-093331-326.dll
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Please post the Fixlog when finished.
How is your computer now?
abesing44
2014-02-21, 15:38
Here is the log, I will reboot and let you know!
sFix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-02-2014
Ran by Andy Besing at 2014-02-21 07:36:14 Run:1
Running from C:\Users\Andy Besing\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Users\Andy Besing\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUG4TXV1\spstub[1].exe
C:\Users\Andy Besing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\17dcbab9-4e40897e
C:\Users\Andy Besing\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Font Installer Packages\uninstaller.exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi145-AdwCleaner-ORG-75851221.exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (1).exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (2).exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (3).exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (4).exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221.exe
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-CleanUp-SEO-10727454.exe
C:\Users\Andy Besing\Downloads\Minecraft Download Manager.exe
C:\Users\Andy Besing\Downloads\PDFCreatorSetup.exe
C:\Users\Andy Besing\Downloads\PDFlite-0.11.2 (1).exe
C:\Users\Andy Besing\Downloads\PDFlite-0.11.2.exe
C:\Users\Andy Besing\Downloads\Setup.exe
C:\Users\Andy Besing\Downloads\UltimateCodec.exe
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081242-809.dll
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081242-994.dll
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081425-738.dll
C:\Users\Andy Besing\Downloads\backups\backup-20131120-082845-587.dll
C:\Users\Andy Besing\Downloads\backups\backup-20131120-092331-917.dll
C:\Users\Andy Besing\Downloads\backups\backup-20131120-093331-326.dll
end
*****************
C:\Users\Andy Besing\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUG4TXV1\spstub[1].exe => Moved successfully.
C:\Users\Andy Besing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\17dcbab9-4e40897e => Moved successfully.
C:\Users\Andy Besing\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Font Installer Packages\uninstaller.exe => Moved successfully.
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi145-AdwCleaner-ORG-75851221.exe => Moved successfully.
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (1).exe => Moved successfully.
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (2).exe => Moved successfully.
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (3).exe => Moved successfully.
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221 (4).exe => Moved successfully.
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-AdwCleaner-SEO-75851221.exe => Moved successfully.
C:\Users\Andy Besing\Downloads\cbsidlm-cbsi176-CleanUp-SEO-10727454.exe => Moved successfully.
C:\Users\Andy Besing\Downloads\Minecraft Download Manager.exe => Moved successfully.
C:\Users\Andy Besing\Downloads\PDFCreatorSetup.exe => Moved successfully.
C:\Users\Andy Besing\Downloads\PDFlite-0.11.2 (1).exe => Moved successfully.
C:\Users\Andy Besing\Downloads\PDFlite-0.11.2.exe => Moved successfully.
C:\Users\Andy Besing\Downloads\Setup.exe => Moved successfully.
C:\Users\Andy Besing\Downloads\UltimateCodec.exe => Moved successfully.
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081242-809.dll => Moved successfully.
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081242-994.dll => Moved successfully.
C:\Users\Andy Besing\Downloads\backups\backup-20131120-081425-738.dll => Moved successfully.
C:\Users\Andy Besing\Downloads\backups\backup-20131120-082845-587.dll => Moved successfully.
C:\Users\Andy Besing\Downloads\backups\backup-20131120-092331-917.dll => Moved successfully.
C:\Users\Andy Besing\Downloads\backups\backup-20131120-093331-326.dll => Moved successfully.
==== End of Fixlog ====
abesing44
2014-02-21, 16:22
running great, thanks! Now I need to get protected, any suggestions?
Running good sounds great to me!
Got a question. When going back over your logs I see
AVG your computers antivirus? or Microsoft Security Essentials?, both are OK to use but we need to make sure there is only 1 on the computer or we will run into issues caused by having 2.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
start
DeleteQuarantine:
end
Just delete any other remaining tools with their folders.
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null)))
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)[/*]
*********************************************
Please read the following safe computing articles..
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)[/*]
Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
abesing44
2014-02-21, 22:33
did windows update, then decided to go with MS security essentials. Now slow again!! running ESET in safe mode, stand by.
Could also be a recent Microsoft update?
anxious to hear back from you.
abesing44
2014-02-22, 02:46
ESET found nothing. prior to running it, I uninstalled MS essentials and Flash, as you suggested. Computer seems to be running fine now. I wonder why the MS essentials was slowing it down? What antivirus would you suggest that not going to eat up processing?
I have no idea why other then maybe it was updating?
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
AntiVir Personal:
Tell me whats happening today?
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.
abesing44
2014-02-24, 17:01
HPMSGSVC.exe is the main culprit. I think its the crap that HP loads on new computers. I googled it and I see other users with the same complaint. Do I need it? I see some who have removed it from the start menu and have had no problems.
it is unnecessary to run this program automatically when Windows starts as you can run it manually when necessary.
My old HP came with preinstalled little programs all related to HP, the only one I allow now is for my printer.
You can check your start up programs here http://www.bleepingcomputer.com/startups/?&act=search&st=0&keyword=HPMSGSVC.exe
If you don't know some programs listed there or unsure if they are needed or not, leave them enabled, or use RubberDucky's StartUpLite (http://www.malwarebytes.org/startuplite.php)
This will display all unnecessary startup entries - so actually, everything it displays there is not necessary to start up with Windows.
The choice is up to you whether you need some to start up with Windows (in that case, select "No action" for them) - but you can always start them manually via start > all programs.
(Do not choose the "Remove" checkboxes, because this will delete it from the Registry - only select the "Remove" checkboxes if you are sure you don't want to enable them again in the future)
abesing44
2014-02-25, 02:53
i got the offender, thanks! before your post, I did msconfig and unchecked it from start up. other users did the same thing, working great now. CPU is averaging 16% with just browser open. Maybe that is what caused the antivirus to act up. I think its safe to close the topic, thanks for all your help.
Could be.
I'll leave this topic open for a day or so, something spikes it up again let me know.
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.