iexplorer keeps replicating creating large files

Status
Not open for further replies.
FRST again!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Colleen (administrator) on COLLEEN-PC on 16-07-2014 15:06:08
Running from C:\Users\Colleen\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
( Advanced Software Technologies) C:\Windows\System32\AstSrv.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
( ) C:\Windows\System32\lxcjcoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfagent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
() C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Easy Dock] => [X]
HKLM\...\Run: [LXCJCATS] => C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1497120 2013-04-29] (SPAMfighter ApS)
HKLM\...\Run: [sfagent] => C:\Program Files\Fighters\SPAMfighter\sfagent.exe [1065504 2013-06-14] (SPAMfighter ApS)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [EfficientPIM] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\realplayer\update\realsched.exe [295512 2014-03-12] (RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Easy Dock] => [X]
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Google Update] => C:\Users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-01-24] (Google Inc.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cdloader] => C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Advanced SystemCare 6] => C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Amazon Cloud Player] => C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072 2014-06-27] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [gkbqtgfq] => C:\Users\Colleen\AppData\Local\soisaqtj.exe [88064 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Ummuyqdayb] => C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe [348160 2007-02-24] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {0f57a5df-ad60-11df-acb7-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {22c098ed-bbc9-11df-b0fe-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {69ac5fda-0d5d-11df-ba7b-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {93e9c021-d11b-11e2-a15f-0016d48ced5c} - E:\menu.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!

Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EfficientPIM.lnk
ShortcutTarget: EfficientPIM.lnk -> C:\Program Files\EfficientPIM\EfficientPIM.exe (Efficient Software)
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - Yahoo! URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5-F373-46B8-B35A-B3DEFCDD880B}&mid=c69ac0678e2d6391eb38988c0bd4732a-43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&pr=fr&d=2013-06-04 11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toolbox.webex.com/client/T26L10NSP49EP8/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\system\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files\PDFlite\npPdfViewer.dll No File
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Colleen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-12]

Chrome:
=======
CHR HomePage: hxxp://my.netzero.net/start/sp.do
CHR Plugin: (Shockwave Flash) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Colleen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RealDownloader) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-12]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2013-08-16]
CHR Extension: (FastestFox for Chrome) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-10-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-15]
CHR Extension: (Google Wallet) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Readability) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-04-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-06-04]

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 astcc; C:\Windows\system32\AstSrv.exe [53248 2008-06-11] ( Advanced Software Technologies) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [537520 2007-02-08] ( )
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [216608 2013-06-14] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1281568 2013-05-29] (SPAMfighter ApS)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07-20] () [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [425648 2006-11-22] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [77824 2006-10-31] (TOSHIBA CORPORATION) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-29] (Malwarebytes Corporation)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [68168 2010-05-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [68204 2005-09-12] (Microsoft Corporation) [File not signed]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:15 - 00026810 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 21:16 - 2014-07-11 21:16 - 00002300 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-11 21:16 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 20:35 - 2014-07-12 10:00 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:32 - 2014-07-10 13:37 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:29 - 2014-07-10 13:36 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:26 - 2014-07-16 15:06 - 00000000 ____D () C:\FRST
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ () C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 13:07 - 2014-07-16 15:03 - 01077248 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-10 12:55 - 2014-07-10 12:56 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:21 - 2014-07-08 16:22 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:47 - 2014-07-01 10:48 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-11 14:57 - 00000000 ____D () C:\Windows\ERDNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-07-12 10:00 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:28 - 2014-06-27 17:26 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:26 - 2006-09-18 14:41 - 00000736 _____ () C:\Windows\system32\Drivers\etc\hosts.20140627-172634.backup
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:31 - 2014-07-16 15:01 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2014-06-27 21:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 16:29 - 2014-06-27 17:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-27 16:24 - 2014-06-27 16:26 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:21 - 2014-06-27 16:22 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:18 - 2014-06-27 16:20 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ () C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:32 - 2014-07-11 15:36 - 00004606 _____ () C:\Windows\PFRO.log
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 14:59 - 2014-06-27 15:00 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 12:54 - 2014-06-27 14:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 17:59 - 2014-07-11 16:00 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:49 - 2014-06-26 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 13:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:34 - 2014-06-24 10:35 - 01116105 _____ () C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts! Tuesday June 24th 10 am and Noon EST.zip
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-20-14.zip
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to 6-15-14.zip

==================== One Month Modified Files and Folders =======

2014-07-16 15:43 - 2013-06-04 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 15:34 - 2014-03-06 13:01 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
2014-07-16 15:30 - 2009-06-30 21:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
2014-07-16 15:22 - 2013-08-18 10:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-16 15:21 - 2006-11-02 03:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-16 15:15 - 2014-07-16 15:06 - 00026810 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:12 - 2007-09-01 08:47 - 00000256 _____ () C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:10 - 2007-01-10 15:30 - 01283861 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:06 - 2014-07-10 13:26 - 00000000 ____D () C:\FRST
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-16 15:03 - 2014-07-10 13:07 - 01077248 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-16 15:01 - 2014-06-27 16:31 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-16 15:00 - 2009-12-22 23:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 15:00 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 15:00 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 15:00 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 10:06 - 2006-11-02 06:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-12 10:00 - 2014-07-11 20:35 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-12 10:00 - 2014-06-27 17:29 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-07-12 10:00 - 2009-12-22 23:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-12 09:59 - 2014-03-12 10:59 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-07-11 21:16 - 2014-07-11 21:16 - 00002300 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-11 21:16 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 20:47 - 2007-08-10 05:54 - 00001356 _____ () C:\Users\Colleen\AppData\Local\d3d9caps.dat
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 17:06 - 2014-02-10 10:42 - 00000000 ____D () C:\Users\Colleen\Documents\Efficient Organizer AutoBackup
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:54 - 2006-11-02 04:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-11 16:43 - 2013-06-04 11:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 16:43 - 2013-06-04 11:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 16:00 - 2014-06-26 17:59 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:36 - 2014-06-27 15:32 - 00004606 _____ () C:\Windows\PFRO.log
2014-07-11 15:36 - 2013-10-03 22:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-11 15:36 - 2013-06-18 21:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-11 15:36 - 2009-04-04 09:34 - 00000000 ____D () C:\Program Files\AVG
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-11 14:59 - 2007-11-17 14:48 - 00000000 ____D () C:\Program Files\lx_Cats
2014-07-11 14:57 - 2014-07-01 10:04 - 00000000 ____D () C:\Windows\ERDNT
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:37 - 2014-07-10 13:32 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:36 - 2014-07-10 13:29 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ () C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 12:56 - 2014-07-10 12:55 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:14 - 2007-07-02 20:03 - 06866952 ____R () C:\Users\Colleen\Documents\My Money Backup.mbf
2014-07-10 11:14 - 2007-07-01 17:52 - 06864896 _____ () C:\Users\Colleen\Documents\My Money.mny
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:22 - 2014-07-08 16:21 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:48 - 2014-07-01 10:47 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:08 - 2010-06-07 15:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:59 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 21:50 - 2009-06-30 21:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
2014-06-27 21:32 - 2014-06-27 16:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 17:30 - 2014-06-27 17:29 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:26 - 2014-06-27 17:28 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:18 - 2014-06-27 16:31 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 17:18 - 2014-06-27 16:31 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:14 - 2014-06-27 16:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:26 - 2014-06-27 16:24 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:22 - 2014-06-27 16:21 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:20 - 2014-06-27 16:18 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ () C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:43 - 2014-04-21 15:05 - 00000000 ____D () C:\Users\Colleen\Documents\A NexRep
2014-06-27 15:32 - 2006-11-30 17:44 - 00000000 ____D () C:\Program Files\Google
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 15:00 - 2014-06-27 14:59 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 14:32 - 2007-05-26 14:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Mozilla
2014-06-27 14:32 - 2007-05-26 14:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\Program Files\TOSHIBA Games
2014-06-27 14:30 - 2006-11-02 03:23 - 00000375 _____ () C:\Windows\win.ini
2014-06-27 14:15 - 2006-11-30 17:39 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-27 14:01 - 2014-06-27 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 13:07 - 2006-11-30 16:26 - 00000000 ____D () C:\Windows\Panther
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-27 12:35 - 2007-02-04 10:28 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Google
2014-06-27 12:35 - 2006-11-30 17:44 - 00000000 ____D () C:\ProgramData\Google
2014-06-26 17:30 - 2009-04-05 13:18 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\IObit
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:50 - 2014-06-26 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2010-06-07 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 11:14 - 2014-06-26 11:12 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-26 10:59 - 2014-03-12 11:59 - 00000040 _____ () C:\Users\Colleen\AppData\Roaming\WB.CFG
2014-06-25 12:04 - 2014-04-24 13:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Five9
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:35 - 2014-06-24 10:34 - 01116105 _____ () C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts! Tuesday June 24th 10 am and Noon EST.zip
2014-06-23 15:22 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-23 14:49 - 2013-12-02 10:59 - 50753536 _____ () C:\Windows\system32\config\software.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 38883328 _____ () C:\Windows\system32\config\components.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00274432 _____ () C:\Windows\system32\config\default.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00057344 _____ () C:\Windows\system32\config\sam.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-20-14.zip
2014-06-21 14:58 - 2014-05-23 10:57 - 00000000 ____D () C:\Users\Colleen\DocumentA NexRep
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to 6-15-14.zip
2014-06-18 07:56 - 2013-06-05 14:31 - 00000000 ____D () C:\Program Files\Opera
2014-06-16 20:18 - 2010-01-02 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Bible Explorer 4
2014-06-16 08:12 - 2014-02-10 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EfficientPIM
2014-06-16 08:12 - 2014-02-10 10:29 - 00000000 ____D () C:\Program Files\EfficientPIM

Files to move or delete:
====================
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll


Some content of TEMP:
====================
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223-EDC0089639EC}.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-16 15:47

==================== End Of Log ============================
 
Changes

Hello OCD,

When I rebooted computer today microsoft's malicious software program came up after some microsoft update.
i ran it. also spybot located the culprits that have been replicating. What I am noticing is that this program merely changes the name of the virus and starts replicating again. i had spybot quarantine the viruses it found.

Also a popup keeps coming up called

UPDATEFLASHPLAYER_9664FC94.EXE asking to update it shows as an unidenfied publisher.
how can i get rid of this as well?

i am going to rerun both of your requested programs again after i restart the computer to see if that virus is still working.

thanks
blueskygal
 
FRST run today

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Colleen (administrator) on COLLEEN-PC on 17-07-2014 15:42:40
Running from C:\Users\Colleen\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
( Advanced Software Technologies) C:\Windows\System32\AstSrv.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
( ) C:\Windows\System32\lxcjcoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(SPAMfighter ApS) C:\Program Files\Fighters\Tray\FightersTray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfagent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
(SPAMfighter ApS) C:\Program Files\Fighters\SPAMfighter\sfus.exe
(SPAMfighter ApS) C:\Program Files\Fighters\FighterSuiteService.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Efficient Software) C:\Program Files\EfficientPIM\EfficientPIM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Masnesaft Corporation) C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe
(Masnesaft Corporation) C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe
(Masnesaft Corporation) C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Easy Dock] => [X]
HKLM\...\Run: [LXCJCATS] => C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [CommonToolkitTray] => C:\Program Files\Fighters\Tray\FightersTray.exe [1497120 2013-04-29] (SPAMfighter ApS)
HKLM\...\Run: [sfagent] => C:\Program Files\Fighters\SPAMfighter\sfagent.exe [1065504 2013-06-14] (SPAMfighter ApS)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [EfficientPIM] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\realplayer\update\realsched.exe [295512 2014-03-12] (RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Easy Dock] => [X]
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Google Update] => C:\Users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-01-24] (Google Inc.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cdloader] => C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Advanced SystemCare 6] => C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Amazon Cloud Player] => C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072 2014-07-17] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [gkbqtgfq] => C:\Users\Colleen\AppData\Local\soisaqtj.exe [88064 2014-07-17] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Ummuyqdayb] => C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe [348160 2014-07-17] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [wfkguuqr] => C:\Users\Colleen\AppData\Local\smqnnerw.exe [87040 2014-07-16] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Zeureqte] => C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe [433378 2008-04-06] (Masnesaft Corporation)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [ikudaofn] => C:\Users\Colleen\AppData\Local\xwaieusa.exe [101376 2014-07-17] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {0f57a5df-ad60-11df-acb7-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {22c098ed-bbc9-11df-b0fe-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {69ac5fda-0d5d-11df-ba7b-0016d48ced5c} - E:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\MountPoints2: {93e9c021-d11b-11e2-a15f-0016d48ced5c} - E:\menu.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!

Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EfficientPIM.lnk
ShortcutTarget: EfficientPIM.lnk -> C:\Program Files\EfficientPIM\EfficientPIM.exe (Efficient Software)
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - Yahoo! URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5-F373-46B8-B35A-B3DEFCDD880B}&mid=c69ac0678e2d6391eb38988c0bd4732a-43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&pr=fr&d=2013-06-04 11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toolbox.webex.com/client/T26L10NSP49EP8/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\system\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files\PDFlite\npPdfViewer.dll No File
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Colleen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-12]

Chrome:
=======
CHR HomePage: hxxp://my.netzero.net/start/sp.do
CHR Plugin: (Shockwave Flash) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Colleen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RealDownloader) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-12]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2013-08-16]
CHR Extension: (FastestFox for Chrome) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-10-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-15]
CHR Extension: (Google Wallet) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Readability) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-04-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-06-04]

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 astcc; C:\Windows\system32\AstSrv.exe [53248 2008-06-11] ( Advanced Software Technologies) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [537520 2007-02-08] ( )
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SPAMfighter Update Service; C:\Program Files\Fighters\SPAMfighter\sfus.exe [216608 2013-06-14] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files\Fighters\FighterSuiteService.exe [1281568 2013-05-29] (SPAMfighter ApS)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07-20] () [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [425648 2006-11-22] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [77824 2006-10-31] (TOSHIBA CORPORATION) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-29] (Malwarebytes Corporation)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [68168 2010-05-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [68204 2005-09-12] (Microsoft Corporation) [File not signed]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION)
U3 aswMBR; \??\C:\Users\Colleen\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Colleen\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-17 15:14 - 2014-07-17 15:14 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 388022737.job
2014-07-17 15:14 - 2014-07-17 15:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Wyezro
2014-07-17 14:59 - 2014-07-17 15:00 - 00000000 ____D () C:\Users\Colleen\Documents\My Money
2014-07-17 14:55 - 2014-07-17 15:00 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 1860252774.job
2014-07-17 14:55 - 2014-07-17 14:55 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Untuyr
2014-07-17 13:38 - 2014-07-17 13:38 - 00101376 _____ () C:\Users\Colleen\AppData\Local\xwaieusa.exe
2014-07-17 13:26 - 2014-07-17 15:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 464613837.job
2014-07-17 13:26 - 2014-07-17 13:26 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Imcega
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-17 15:43 - 00027829 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 21:16 - 2014-07-17 15:31 - 00005021 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-17 15:31 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 20:35 - 2014-07-17 15:00 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:29 - 2014-06-06 17:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 16:29 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 16:29 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 16:29 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 16:29 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 16:29 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 16:29 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 16:29 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-11 16:29 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 16:29 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-11 16:29 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-11 16:29 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-11 16:29 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 16:29 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-11 16:29 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-11 16:29 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 16:29 - 2014-05-29 23:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 15:46 - 2014-07-17 13:19 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:32 - 2014-07-10 13:37 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:29 - 2014-07-10 13:36 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:26 - 2014-07-17 15:43 - 00000000 ____D () C:\FRST
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ () C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 13:07 - 2014-07-16 15:03 - 01077248 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-10 12:55 - 2014-07-10 12:56 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:21 - 2014-07-08 16:22 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:47 - 2014-07-01 10:48 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-11 14:57 - 00000000 ____D () C:\Windows\ERDNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-07-17 15:00 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:28 - 2014-06-27 17:26 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:26 - 2006-09-18 14:41 - 00000736 _____ () C:\Windows\system32\Drivers\etc\hosts.20140627-172634.backup
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:31 - 2014-07-17 13:57 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2014-06-27 21:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 16:29 - 2014-06-27 17:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-27 16:24 - 2014-06-27 16:26 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:21 - 2014-06-27 16:22 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:18 - 2014-06-27 16:20 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ () C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:32 - 2014-07-11 15:36 - 00004606 _____ () C:\Windows\PFRO.log
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 14:59 - 2014-06-27 15:00 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 13:31 - 2014-07-17 13:19 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-27 12:54 - 2014-06-27 14:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 17:59 - 2014-07-11 16:00 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:49 - 2014-06-26 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 13:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:34 - 2014-06-24 10:35 - 01116105 _____ () C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts! Tuesday June 24th 10 am and Noon EST.zip
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-20-14.zip
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to 6-15-14.zip

==================== One Month Modified Files and Folders =======

2014-07-17 15:43 - 2014-07-16 15:06 - 00027829 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-17 15:43 - 2014-07-10 13:26 - 00000000 ____D () C:\FRST
2014-07-17 15:43 - 2013-06-04 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 15:34 - 2014-03-06 13:01 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
2014-07-17 15:31 - 2014-07-11 21:16 - 00005021 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-17 15:31 - 2014-07-11 21:16 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-17 15:27 - 2009-06-30 21:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
2014-07-17 15:14 - 2014-07-17 15:14 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 388022737.job
2014-07-17 15:14 - 2014-07-17 15:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Wyezro
2014-07-17 15:12 - 2007-09-01 08:47 - 00000256 _____ () C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-07-17 15:06 - 2007-01-10 15:30 - 01339115 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 15:00 - 2014-07-17 14:59 - 00000000 ____D () C:\Users\Colleen\Documents\My Money
2014-07-17 15:00 - 2014-07-17 14:55 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 1860252774.job
2014-07-17 15:00 - 2014-07-17 13:26 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 464613837.job
2014-07-17 15:00 - 2014-07-11 20:35 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 3528313281.job
2014-07-17 15:00 - 2014-06-27 17:29 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1680377330.job
2014-07-17 15:00 - 2007-07-01 17:52 - 06885376 _____ () C:\Users\Colleen\Documents\My Money.mny
2014-07-17 14:59 - 2014-03-12 10:59 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-07-17 14:58 - 2009-12-22 23:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 14:55 - 2014-07-17 14:55 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Untuyr
2014-07-17 13:58 - 2009-12-22 23:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 13:57 - 2014-06-27 16:31 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-17 13:56 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 13:56 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 13:56 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 13:43 - 2006-11-02 06:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-17 13:38 - 2014-07-17 13:38 - 00101376 _____ () C:\Users\Colleen\AppData\Local\xwaieusa.exe
2014-07-17 13:26 - 2014-07-17 13:26 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Imcega
2014-07-17 13:19 - 2014-07-11 15:46 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-17 13:19 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-07-17 13:19 - 2013-08-18 10:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-17 13:07 - 2006-11-02 05:47 - 00383968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 16:13 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 15:21 - 2006-11-02 03:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-16 15:03 - 2014-07-16 15:03 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-16 15:03 - 2014-07-10 13:07 - 01077248 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 20:47 - 2007-08-10 05:54 - 00001356 _____ () C:\Users\Colleen\AppData\Local\d3d9caps.dat
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 17:06 - 2014-02-10 10:42 - 00000000 ____D () C:\Users\Colleen\Documents\Efficient Organizer AutoBackup
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:54 - 2006-11-02 04:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-11 16:43 - 2013-06-04 11:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 16:43 - 2013-06-04 11:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 16:00 - 2014-06-26 17:59 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:36 - 2014-06-27 15:32 - 00004606 _____ () C:\Windows\PFRO.log
2014-07-11 15:36 - 2013-10-03 22:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-11 15:36 - 2013-06-18 21:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-11 15:36 - 2009-04-04 09:34 - 00000000 ____D () C:\Program Files\AVG
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-11 14:59 - 2007-11-17 14:48 - 00000000 ____D () C:\Program Files\lx_Cats
2014-07-11 14:57 - 2014-07-01 10:04 - 00000000 ____D () C:\Windows\ERDNT
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:37 - 2014-07-10 13:32 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:36 - 2014-07-10 13:29 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:18 - 2014-07-10 13:18 - 00000437 _____ () C:\Users\Colleen\Desktop\FRST.exe - Shortcut.lnk
2014-07-10 12:56 - 2014-07-10 12:55 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:14 - 2007-07-02 20:03 - 06866952 ____R () C:\Users\Colleen\Documents\My Money Backup.mbf
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:22 - 2014-07-08 16:21 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:48 - 2014-07-01 10:47 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:08 - 2010-06-07 15:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:59 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 21:50 - 2009-06-30 21:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
2014-06-27 21:32 - 2014-06-27 16:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 17:30 - 2014-06-27 17:29 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 17:26 - 2014-06-27 17:28 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:18 - 2014-06-27 16:31 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 17:18 - 2014-06-27 16:31 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:14 - 2014-06-27 16:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:26 - 2014-06-27 16:24 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:22 - 2014-06-27 16:21 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:20 - 2014-06-27 16:18 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:14 - 2014-06-27 16:14 - 00001190 _____ () C:\Windows\IE9_main.log
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:43 - 2014-04-21 15:05 - 00000000 ____D () C:\Users\Colleen\Documents\A NexRep
2014-06-27 15:32 - 2006-11-30 17:44 - 00000000 ____D () C:\Program Files\Google
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 15:00 - 2014-06-27 14:59 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 14:32 - 2007-05-26 14:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Mozilla
2014-06-27 14:32 - 2007-05-26 14:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\Program Files\TOSHIBA Games
2014-06-27 14:30 - 2006-11-02 03:23 - 00000375 _____ () C:\Windows\win.ini
2014-06-27 14:15 - 2006-11-30 17:39 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-27 14:01 - 2014-06-27 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 13:07 - 2006-11-30 16:26 - 00000000 ____D () C:\Windows\Panther
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-27 12:35 - 2007-02-04 10:28 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Google
2014-06-27 12:35 - 2006-11-30 17:44 - 00000000 ____D () C:\ProgramData\Google
2014-06-26 17:30 - 2009-04-05 13:18 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\IObit
2014-06-26 13:50 - 2014-06-26 13:50 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 13:50 - 2014-06-26 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2014-06-26 13:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-26 13:49 - 2010-06-07 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 11:14 - 2014-06-26 11:12 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-26 10:59 - 2014-03-12 11:59 - 00000040 _____ () C:\Users\Colleen\AppData\Roaming\WB.CFG
2014-06-25 12:04 - 2014-04-24 13:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Five9
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-06-24 10:35 - 2014-06-24 10:34 - 01116105 _____ () C:\Users\Colleen\Downloads\Copper Wear Campaign Breakouts! Tuesday June 24th 10 am and Noon EST.zip
2014-06-23 15:22 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-23 14:49 - 2013-12-02 10:59 - 50753536 _____ () C:\Windows\system32\config\software.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 38883328 _____ () C:\Windows\system32\config\components.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00274432 _____ () C:\Windows\system32\config\default.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00057344 _____ () C:\Windows\system32\config\sam.iobit
2014-06-23 14:49 - 2013-12-02 10:59 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-06-21 14:58 - 2014-06-21 14:58 - 00019364 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-20-14.zip
2014-06-21 14:58 - 2014-05-23 10:57 - 00000000 ____D () C:\Users\Colleen\DocumentA NexRep
2014-06-19 15:45 - 2014-06-19 15:45 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14 (1).zip
2014-06-19 15:40 - 2014-06-19 15:40 - 00019286 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-16-14 to 6-17-14.zip
2014-06-19 15:39 - 2014-06-19 15:39 - 00020314 _____ () C:\Users\Colleen\Downloads\IOB Agent Performance Report 6-9-14 to 6-15-14.zip
2014-06-18 07:56 - 2013-06-05 14:31 - 00000000 ____D () C:\Program Files\Opera

Files to move or delete:
====================
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll


Some content of TEMP:
====================
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_0cddd156.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_69fc6670.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6ce0d775.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_f395e78b.exe
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223-EDC0089639EC}.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-17 14:16

==================== End Of Log ============================
 
ambswr rerun today multiple problems

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-11 20:28:29
-----------------------------
20:28:29.080 OS Version: Windows 6.0.6002 Service Pack 2
20:28:29.080 Number of processors: 2 586 0xE0C
20:28:29.080 ComputerName: COLLEEN-PC UserName: Colleen
20:28:30.609 Initialize success
20:28:30.624 VM: initialized successfully
20:28:30.687 VM: Intel CPU virtualization not supported
20:29:42.431 AVAST engine defs: 14071000
20:30:15.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:15.425 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
20:30:15.612 Disk 0 MBR read successfully
20:30:15.628 Disk 0 MBR scan
20:30:15.675 Disk 0 Windows VISTA default MBR code
20:30:15.706 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:30:15.722 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
20:30:15.737 Disk 0 scanning sectors +195371008
20:30:16.096 Disk 0 scanning C:\Windows\system32\drivers
20:30:45.284 Service scanning
20:31:27.996 Modules scanning
20:31:53.939 Disk 0 trace - called modules:
20:31:53.970 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:31:53.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a60ac8]
20:31:54.002 3 CLASSPNP.SYS[889ae8b3] -> nt!IofCallDriver -> [0x851e6b48]
20:31:54.002 5 acpi.sys[82e566bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e0b98]
20:31:55.156 AVAST engine scan C:\Windows
20:32:03.499 AVAST engine scan C:\Windows\system32
20:53:14.790 AVAST engine scan C:\Windows\system32\drivers
20:55:40.541 AVAST engine scan C:\Users\Colleen
20:55:46.981 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
21:05:21.784 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
21:05:30.600 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:Rootkit-gen [Rtk]
21:16:23.462 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
21:16:23.477 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-17 14:31:07
-----------------------------
14:31:07.125 OS Version: Windows 6.0.6002 Service Pack 2
14:31:07.125 Number of processors: 2 586 0xE0C
14:31:07.125 ComputerName: COLLEEN-PC UserName: Colleen
14:31:09.325 Initialize success
14:31:09.325 VM: initialized successfully
14:31:09.341 VM: Intel CPU virtualization not supported
14:32:34.422 AVAST engine defs: 14071701
14:33:51.331 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:33:51.346 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
14:33:51.674 Disk 0 MBR read successfully
14:33:51.674 Disk 0 MBR scan
14:33:51.721 Disk 0 Windows VISTA default MBR code
14:33:51.752 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:33:51.767 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
14:33:51.799 Disk 0 scanning sectors +195371008
14:33:52.298 Disk 0 scanning C:\Windows\system32\drivers
14:34:32.155 Service scanning
14:35:23.820 Modules scanning
14:35:50.151 Disk 0 trace - called modules:
14:35:50.186 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:35:50.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a19ac8]
14:35:50.214 3 CLASSPNP.SYS[889b08b3] -> nt!IofCallDriver -> [0x85210918]
14:35:50.230 5 acpi.sys[82e4d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e0b98]
14:35:53.650 AVAST engine scan C:\Windows
14:36:21.680 AVAST engine scan C:\Windows\system32
14:49:58.902 AVAST engine scan C:\Windows\system32\drivers
14:51:28.254 AVAST engine scan C:\Users\Colleen
14:51:30.033 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
14:51:57.208 File: C:\Users\Colleen\AppData\Local\atmjwxqq.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:52:18.268 File: C:\Users\Colleen\AppData\Local\flqidrgp.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:54:40.711 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
14:54:48.502 File: C:\Users\Colleen\AppData\Local\kbiqnamh.exe **INFECTED** Win32:CeeInject-AR [Trj]
14:54:48.689 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:AnglerEK-I [Trj]
14:54:48.876 File: C:\Users\Colleen\AppData\Local\ljvwdkwk.exe **INFECTED** Win32:CeeInject-AR [Trj]
15:31:20.446 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
15:31:20.477 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"
 
Hi blueskygal,

Please refrain from running tools unless requested. Removing items in the incorrect order may make the cleaning process more difficult.

Malwarebytes Anti-Rootkit
  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

  • Please click by the introduction screen on the Next button to continue.

  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

  • When the update has finished, click on the Next button.

  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code: 
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072 2014-06-27] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [gkbqtgfq] => C:\Users\Colleen\AppData\Local\soisaqtj.exe [88064 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Ummuyqdayb] => C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe [348160 2007-02-24] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5-F373-46B8-B35A-B3DEFCDD880B}&mid=c69ac0678e2d6391eb38988c0bd4732a-43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&pr=fr&d=2013-06-04 11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-26 17:59 - 2014-07-11 16:00 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223-EDC0089639EC}.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Zeureqte] => C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe [433378 2008-04-06] (Masnesaft Corporation)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [ikudaofn] => C:\Users\Colleen\AppData\Local\xwaieusa.exe [101376 2014-07-17] ()
2014-07-17 15:14 - 2014-07-17 15:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Wyezro
2014-07-17 14:55 - 2014-07-17 14:55 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Untuyr
2014-07-17 13:38 - 2014-07-17 13:38 - 00101376 _____ () C:\Users\Colleen\AppData\Local\xwaieusa.exe
2014-07-17 13:26 - 2014-07-17 13:26 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Imcega
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_0cddd156.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_69fc6670.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6ce0d775.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_f395e78b.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

ComboFix

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:
  • system-log.txt
  • mbar-log
  • Fixlog.txt
  • ComboFix.txt
 
Still need help

OCD, Takes me a little longer to do things due to schedule.

Reran MSWmbr today will post here as it is a complete log.
Just finished Malwarebytes run tonight.
I am going to post logs.
It looks like the java bug is still running, replicating.
Let me know if you want me to proceed with code fix you have written.

Thanks so much.
Blueskygal
 
aswMBR txt from today

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-11 20:28:29
-----------------------------
20:28:29.080 OS Version: Windows 6.0.6002 Service Pack 2
20:28:29.080 Number of processors: 2 586 0xE0C
20:28:29.080 ComputerName: COLLEEN-PC UserName: Colleen
20:28:30.609 Initialize success
20:28:30.624 VM: initialized successfully
20:28:30.687 VM: Intel CPU virtualization not supported
20:29:42.431 AVAST engine defs: 14071000
20:30:15.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:15.425 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
20:30:15.612 Disk 0 MBR read successfully
20:30:15.628 Disk 0 MBR scan
20:30:15.675 Disk 0 Windows VISTA default MBR code
20:30:15.706 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:30:15.722 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
20:30:15.737 Disk 0 scanning sectors +195371008
20:30:16.096 Disk 0 scanning C:\Windows\system32\drivers
20:30:45.284 Service scanning
20:31:27.996 Modules scanning
20:31:53.939 Disk 0 trace - called modules:
20:31:53.970 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:31:53.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a60ac8]
20:31:54.002 3 CLASSPNP.SYS[889ae8b3] -> nt!IofCallDriver -> [0x851e6b48]
20:31:54.002 5 acpi.sys[82e566bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e0b98]
20:31:55.156 AVAST engine scan C:\Windows
20:32:03.499 AVAST engine scan C:\Windows\system32
20:53:14.790 AVAST engine scan C:\Windows\system32\drivers
20:55:40.541 AVAST engine scan C:\Users\Colleen
20:55:46.981 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
21:05:21.784 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
21:05:30.600 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:Rootkit-gen [Rtk]
21:16:23.462 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
21:16:23.477 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-17 14:31:07
-----------------------------
14:31:07.125 OS Version: Windows 6.0.6002 Service Pack 2
14:31:07.125 Number of processors: 2 586 0xE0C
14:31:07.125 ComputerName: COLLEEN-PC UserName: Colleen
14:31:09.325 Initialize success
14:31:09.325 VM: initialized successfully
14:31:09.341 VM: Intel CPU virtualization not supported
14:32:34.422 AVAST engine defs: 14071701
14:33:51.331 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:33:51.346 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
14:33:51.674 Disk 0 MBR read successfully
14:33:51.674 Disk 0 MBR scan
14:33:51.721 Disk 0 Windows VISTA default MBR code
14:33:51.752 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:33:51.767 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
14:33:51.799 Disk 0 scanning sectors +195371008
14:33:52.298 Disk 0 scanning C:\Windows\system32\drivers
14:34:32.155 Service scanning
14:35:23.820 Modules scanning
14:35:50.151 Disk 0 trace - called modules:
14:35:50.186 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
14:35:50.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a19ac8]
14:35:50.214 3 CLASSPNP.SYS[889b08b3] -> nt!IofCallDriver -> [0x85210918]
14:35:50.230 5 acpi.sys[82e4d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e0b98]
14:35:53.650 AVAST engine scan C:\Windows
14:36:21.680 AVAST engine scan C:\Windows\system32
14:49:58.902 AVAST engine scan C:\Windows\system32\drivers
14:51:28.254 AVAST engine scan C:\Users\Colleen
14:51:30.033 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
14:51:57.208 File: C:\Users\Colleen\AppData\Local\atmjwxqq.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:52:18.268 File: C:\Users\Colleen\AppData\Local\flqidrgp.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:54:40.711 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
14:54:48.502 File: C:\Users\Colleen\AppData\Local\kbiqnamh.exe **INFECTED** Win32:CeeInject-AR [Trj]
14:54:48.689 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:AnglerEK-I [Trj]
14:54:48.876 File: C:\Users\Colleen\AppData\Local\ljvwdkwk.exe **INFECTED** Win32:CeeInject-AR [Trj]
15:31:20.446 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
15:31:20.477 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-21 15:39:41
-----------------------------
15:39:41.554 OS Version: Windows 6.0.6002 Service Pack 2
15:39:41.679 Number of processors: 2 586 0xE0C
15:39:41.710 ComputerName: COLLEEN-PC UserName: Colleen
15:40:14.954 Initialize success
15:40:15.110 VM: initialized successfully
15:40:15.219 VM: Intel CPU virtualization not supported
15:49:01.282 AVAST engine defs: 14072101
15:49:41.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:49:41.917 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC7DP Size: 95396MB BusType: 3
15:49:43.180 Disk 0 MBR read successfully
15:49:43.196 Disk 0 MBR scan
15:49:44.023 Disk 0 Windows VISTA default MBR code
15:49:46.332 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:49:46.457 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 93895 MB offset 3074048
15:49:46.551 Disk 0 scanning sectors +195371008
15:49:47.487 Disk 0 scanning C:\Windows\system32\drivers
15:51:54.187 Service scanning
16:01:38.978 Modules scanning
16:03:09.192 Disk 0 trace - called modules:
16:03:09.517 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
16:03:09.538 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8540a1d8]
16:03:09.792 3 CLASSPNP.SYS[889b48b3] -> nt!IofCallDriver -> [0x8520d918]
16:03:09.823 5 acpi.sys[82e546bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851deb98]
16:03:47.519 AVAST engine scan C:\Windows
16:05:25.145 AVAST engine scan C:\Windows\system32
16:27:58.534 AVAST engine scan C:\Windows\system32\drivers
16:30:19.541 AVAST engine scan C:\Users\Colleen
16:30:30.816 File: C:\Users\Colleen\AppData\Local\aeqltsel.exe **INFECTED** Win32:Malware-gen
16:31:21.176 File: C:\Users\Colleen\AppData\Local\atmjwxqq.exe **INFECTED** Win32:Rootkit-gen [Rtk]
16:32:20.178 File: C:\Users\Colleen\AppData\Local\flqidrgp.exe **INFECTED** Win32:Rootkit-gen [Rtk]
16:40:55.259 File: C:\Users\Colleen\AppData\Local\iogossul.exe **INFECTED** Win32:Malware-gen
16:41:07.448 File: C:\Users\Colleen\AppData\Local\kbiqnamh.exe **INFECTED** Win32:CeeInject-AR [Trj]
16:41:07.808 File: C:\Users\Colleen\AppData\Local\knxdsdhe.exe **INFECTED** Win32:AnglerEK-I [Trj]
16:41:08.035 File: C:\Users\Colleen\AppData\Local\ljvwdkwk.exe **INFECTED** Win32:CeeInject-AR [Trj]
17:50:03.327 File: C:\Users\Colleen\AppData\Local\qxnqwijv.exe **INFECTED** Win32:Rootkit-gen [Rtk]
17:50:07.882 File: C:\Users\Colleen\AppData\Local\smqnnerw.exe **INFECTED** Win32:Malware-gen
17:50:55.079 File: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe **INFECTED** Win32:Necurs-S [Trj]
17:54:14.599 File: C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe **INFECTED** Win32:Necurs-S [Trj]
18:20:01.999 AVAST engine scan C:\ProgramData
18:26:20.131 Scan finished successfully
18:26:44.546 Disk 0 MBR has been saved successfully to "C:\Users\Colleen\Desktop\MBR.dat"
18:26:44.675 The log file has been saved successfully to "C:\Users\Colleen\Desktop\aswMBR.txt"
 
Hi blueskygal,

Please review my instructions, I didn't ask for an aswMBR log. Complete all the steps requested and post the logs that are generated.
 
systemlog

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 2136346624, free: 577273856

Downloaded database version: v2014.07.22.11
Downloaded database version: v2014.07.17.01
=======================================
Initializing...
------------ Kernel report ------------
07/22/2014 16:53:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\drivers\tifm21.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\elagopro.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\elaunidr.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys
\??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff858eb708
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff851e0b98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff858eb708, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff858eb328, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff858eb708, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff851e6830, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff851e0b98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BBA44A8

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 192296960
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 100030242816 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-195351568-195371568)...
Done!
Infected: C:\Users\Colleen\AppData\Roaming\Cuanhoe\ufoqd.exe --> [Trojan.FakeJav]
Infected: HKU\S-1-5-21-2114738196-1747254254-1146559385-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Zeyqaqupi --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Roaming\Cuanhoe\ufoqd.exe --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe --> [Spyware.Zbot.MSXGen]
Infected: HKU\S-1-5-21-2114738196-1747254254-1146559385-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tutimox --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Roaming\Epokzyu\iplozy.exe --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Roaming\Navovy\someazr.exe --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6245cbb3.exe --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_7594fd13.exe --> [Trojan.FakeJav]
Infected: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_b7ea92bf.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_dcfc098d.exe --> [Spyware.Zbot.MSXGen]
Infected: C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_01f3c46a.exe --> [Trojan.FakeJav]
Infected: C:\Windows\Tasks\Security Center Update - 3385068857.job --> [Trojan.Agent.RvGen]
Infected: C:\Windows\Tasks\Security Center Update - 4280870395.job --> [Trojan.Agent.RvGen]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
mbar log

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.07.22.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Colleen :: COLLEEN-PC [administrator]

7/22/2014 4:55:23 PM
mbar-log-2014-07-22 (16-55-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 270027
Time elapsed: 1 hour(s), 13 minute(s), 3 second(s)

Memory Processes Detected: 5
C:\Users\Colleen\AppData\Roaming\Cuanhoe\ufoqd.exe (Trojan.FakeJav) -> 3484 -> Delete on reboot. [c5dc9d033249ad89c1d7bfe0ec15b64a]
C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe (Spyware.Zbot.MSXGen) -> 5728 -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]
C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe (Spyware.Zbot.MSXGen) -> 2676 -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]
C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe (Spyware.Zbot.MSXGen) -> 3468 -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]
C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe (Spyware.Zbot.MSXGen) -> 1664 -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Zeyqaqupi (Trojan.FakeJav) -> Data: C:\Users\Colleen\AppData\Roaming\Cuanhoe\ufoqd.exe -> Delete on reboot. [c5dc9d033249ad89c1d7bfe0ec15b64a]
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tutimox (Spyware.Zbot.MSXGen) -> Data: C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\Users\Colleen\AppData\Roaming\Cuanhoe\ufoqd.exe (Trojan.FakeJav) -> Delete on reboot. [c5dc9d033249ad89c1d7bfe0ec15b64a]
C:\Users\Colleen\AppData\Roaming\Ezwuan\wyidwyu.exe (Spyware.Zbot.MSXGen) -> Delete on reboot. [6a37158bfc7f81b5277bb0e9c938ef11]
C:\Users\Colleen\AppData\Roaming\Epokzyu\iplozy.exe (Trojan.FakeJav) -> Delete on reboot. [960bb6ea1b60e74f41575b44b34ef60a]
C:\Users\Colleen\AppData\Roaming\Navovy\someazr.exe (Trojan.FakeJav) -> Delete on reboot. [861b6040a8d3c2743a5e752aa06114ec]
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6245cbb3.exe (Trojan.FakeJav) -> Delete on reboot. [831e5f412259e4528e0a7b2406fbee12]
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_7594fd13.exe (Trojan.FakeJav) -> Delete on reboot. [0d942a76cbb00f27b3e5e3bc5ba66c94]
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_b7ea92bf.exe (Spyware.Zbot.MSXGen) -> Delete on reboot. [0b96346c2a519f97d8cabcddae53ce32]
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_dcfc098d.exe (Spyware.Zbot.MSXGen) -> Delete on reboot. [acf5d5cb7cff67cff3afb8e100013dc3]
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_01f3c46a.exe (Trojan.FakeJav) -> Delete on reboot. [643dedb358230531138519869a677a86]
C:\Windows\Tasks\Security Center Update - 3385068857.job (Trojan.Agent.RvGen) -> Delete on reboot. [3c65b6eac0bbec4a4743a54b2bd85da3]
C:\Windows\Tasks\Security Center Update - 4280870395.job (Trojan.Agent.RvGen) -> Delete on reboot. [524fbbe53546330381097b75af54758b]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-07-2014
Ran by Colleen at 2014-07-22 19:28:39 Run:1
Running from C:\Users\Colleen\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [sljwnape] => C:\Users\Colleen\AppData\Local\iogossul.exe [147456 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cqibmelw] => C:\Users\Colleen\AppData\Local\aeqltsel.exe [131072 2014-06-27] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [gkbqtgfq] => C:\Users\Colleen\AppData\Local\soisaqtj.exe [88064 2014-07-11] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Ummuyqdayb] => C:\Users\Colleen\AppData\Roaming\Eporgoeb\eqibb.exe [348160 2007-02-24] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
URLSearchHook: HKLM - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
URLSearchHook: HKCU - (No Name) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E193F4C5-F373-46B8-B35A-B3DEFCDD880B}&mid=c69ac0678e2d6391eb38988c0bd4732a-43718684b57e539fbe5a9a735e71288613c12102&lang=us&ds=AVG&pr=fr&d=2013-06-04 11:40:48&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-AA8F791598CA} - No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-11 15:46 - 2014-07-11 15:46 - 00088064 _____ () C:\Users\Colleen\AppData\Local\soisaqtj.exe
2014-07-11 15:44 - 2014-07-11 15:44 - 00094216 _____ () C:\Users\Colleen\AppData\Local\flqidrgp.exe
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
2014-06-27 17:29 - 2014-06-27 17:30 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Iryhwed
2014-06-27 13:31 - 2014-06-27 13:31 - 00131072 _____ () C:\Users\Colleen\AppData\Local\aeqltsel.exe
2014-06-26 17:59 - 2014-07-11 16:00 - 00147456 _____ () C:\Users\Colleen\AppData\Local\iogossul.exe
2014-06-26 11:12 - 2014-06-26 11:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Keakil
2014-06-25 11:54 - 2014-06-25 11:54 - 00068609 _____ () C:\Users\Colleen\AppData\Local\ffageekw
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
C:\Users\Colleen\lametritonus_en.dll
C:\Users\Colleen\lame_enc_en.dll
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223-EDC0089639EC}.exe
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Zeureqte] => C:\Users\Colleen\AppData\Roaming\Imcega\aziwawy.exe [433378 2008-04-06] (Masnesaft Corporation)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [ikudaofn] => C:\Users\Colleen\AppData\Local\xwaieusa.exe [101376 2014-07-17] ()
2014-07-17 15:14 - 2014-07-17 15:14 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Wyezro
2014-07-17 14:55 - 2014-07-17 14:55 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Untuyr
2014-07-17 13:38 - 2014-07-17 13:38 - 00101376 _____ () C:\Users\Colleen\AppData\Local\xwaieusa.exe
2014-07-17 13:26 - 2014-07-17 13:26 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Imcega
2014-07-16 15:10 - 2014-07-16 15:10 - 00087040 _____ () C:\Users\Colleen\AppData\Local\smqnnerw.exe
2014-07-16 15:08 - 2014-07-16 15:08 - 00094216 _____ () C:\Users\Colleen\AppData\Local\atmjwxqq.exe
2014-07-16 15:06 - 2014-07-16 15:06 - 00094216 _____ () C:\Users\Colleen\AppData\Local\qxnqwijv.exe
2014-07-12 10:04 - 2014-07-12 10:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\kbiqnamh.exe
2014-07-11 20:35 - 2014-07-11 20:35 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Eporgoeb
2014-07-11 15:04 - 2014-07-11 15:04 - 00081928 _____ (Google Inc.) C:\Users\Colleen\AppData\Local\ljvwdkwk.exe
2014-06-28 08:19 - 2014-06-28 08:19 - 00114696 _____ () C:\Users\Colleen\AppData\Local\knxdsdhe.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_0cddd156.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_69fc6670.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6ce0d775.exe
C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_f395e78b.exe
*****************

HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sljwnape => Value not found.
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cqibmelw => Value not found.
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gkbqtgfq => value deleted successfully.
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ummuyqdayb => Value not found.
'HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}' => Key deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9ee802e8-c931-47ab-b570-aa8f791598ca} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9ee802e8-c931-47ab-b570-aa8f791598ca} => value deleted successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}' => Key deleted successfully.
'HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}' => Key deleted successfully.
'HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}' => Key deleted successfully.
'HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => value deleted successfully.
'HKCR\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9EE802E8-C931-47AB-B570-AA8F791598CA} => value deleted successfully.
'HKCR\CLSID\{9EE802E8-C931-47AB-B570-AA8F791598CA}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value deleted successfully.
'HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
'HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
'HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}' => Key deleted successfully.
"C:\Users\Colleen\AppData\Local\smqnnerw.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\atmjwxqq.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\qxnqwijv.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Local\soisaqtj.exe => Moved successfully.
"C:\Users\Colleen\AppData\Local\flqidrgp.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\knxdsdhe.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Roaming\Iryhwed => Moved successfully.
"C:\Users\Colleen\AppData\Local\aeqltsel.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\iogossul.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Roaming\Keakil => Moved successfully.
C:\Users\Colleen\AppData\Local\ffageekw => Moved successfully.
"C:\Users\Colleen\AppData\Local\ljvwdkwk.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\kbiqnamh.exe" => File/Directory not found.
C:\Users\Colleen\lametritonus_en.dll => Moved successfully.
C:\Users\Colleen\lame_enc_en.dll => Moved successfully.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Local\Temp\{5E271BDF-0DFA-41F1-A223-EDC0089639EC}.exe => Moved successfully.
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zeureqte => Value not found.
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ikudaofn => Value not found.
C:\Users\Colleen\AppData\Roaming\Wyezro => Moved successfully.
C:\Users\Colleen\AppData\Roaming\Untuyr => Moved successfully.
"C:\Users\Colleen\AppData\Local\xwaieusa.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Roaming\Imcega => Moved successfully.
"C:\Users\Colleen\AppData\Local\smqnnerw.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\atmjwxqq.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\qxnqwijv.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\kbiqnamh.exe" => File/Directory not found.
C:\Users\Colleen\AppData\Roaming\Eporgoeb => Moved successfully.
"C:\Users\Colleen\AppData\Local\ljvwdkwk.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\knxdsdhe.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_0cddd156.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_2344ce11.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_69fc6670.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_6ce0d775.exe" => File/Directory not found.
"C:\Users\Colleen\AppData\Local\Temp\UpdateFlashPlayer_f395e78b.exe" => File/Directory not found.

==== End of Fixlog ====
 
combofix

ComboFix 14-07-22.01 - Colleen 07/22/2014 20:21:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1160 [GMT -7:00]
Running from: c:\users\Colleen\Desktop\ComboFix.exe
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL227.tmp
c:\programdata\SPL3BF5.tmp
c:\programdata\SPL41D8.tmp
c:\programdata\SPL4924.tmp
c:\programdata\SPL8263.tmp
c:\programdata\SPL9201.tmp
c:\programdata\SPLAB5B.tmp
c:\programdata\SPLAFA5.tmp
c:\programdata\SPLC69E.tmp
c:\programdata\SPLDA2C.tmp
c:\programdata\SPLE071.tmp
c:\programdata\SPLEC0B.tmp
c:\programdata\SPLEDB3.tmp
c:\programdata\SPLF8B9.tmp
c:\users\Colleen\AppData\Local\suftslwg.exe
c:\users\Colleen\Documents\~WRL3512.tmp
c:\users\Colleen\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-06-23 to 2014-07-23 )))))))))))))))))))))))))))))))
.
.
2014-07-23 03:37 . 2014-07-23 03:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-23 02:27 . 2014-07-23 02:27 -------- d-----w- c:\users\Colleen\AppData\Roaming\Uccini
2014-07-23 00:27 . 2014-07-23 00:27 -------- d-----w- c:\users\Colleen\AppData\Roaming\Ewpuzagi
2014-07-22 23:53 . 2014-07-23 02:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-22 23:53 . 2014-07-22 23:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-22 23:50 . 2014-07-22 23:50 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-22 23:46 . 2014-07-23 01:18 -------- d-----w- c:\users\Colleen\AppData\Roaming\Ezwuan
2014-07-22 02:12 . 2014-07-23 01:13 -------- d-----w- c:\users\Colleen\AppData\Roaming\Navovy
2014-07-22 01:56 . 2014-07-23 01:13 -------- d-----w- c:\users\Colleen\AppData\Roaming\Epokzyu
2014-07-22 00:13 . 2014-07-23 01:18 -------- d-----w- c:\users\Colleen\AppData\Roaming\Cuanhoe
2014-07-18 22:12 . 2014-07-22 03:08 -------- d-----w- c:\users\Colleen\AppData\Roaming\Ydukyk
2014-07-18 22:10 . 2014-07-22 03:12 -------- d-----w- c:\users\Colleen\AppData\Roaming\Behymu
2014-07-11 23:02 . 2014-07-11 23:02 -------- d-----w- C:\TDSSKiller_Quarantine
2014-07-10 20:26 . 2014-07-23 02:30 -------- d-----w- C:\FRST
2014-07-01 17:04 . 2014-07-01 17:04 -------- d-----w- c:\program files\ERUNT
2014-06-29 20:07 . 2014-06-29 20:07 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-06-27 23:29 . 2013-09-20 17:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-06-27 23:29 . 2014-06-28 04:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-06-27 23:29 . 2014-06-28 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-06-27 19:54 . 2014-06-27 21:01 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 23:43 . 2013-06-04 18:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 23:43 . 2013-06-04 18:29 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-26 16:01 . 2014-06-11 01:25 502784 ----a-w- c:\windows\system32\usp10.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"Amazon Cloud Player"="c:\users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-05-08 3145536]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-04-25 4566984]
"Ykifowuhmia"="c:\users\Colleen\AppData\Roaming\Uccini\tuizu.exe" [2014-03-15 433298]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 106496]
"CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2013-04-29 1497120]
"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2013-06-14 1065504]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2014-03-12 295512]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-02-14 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
.
c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EfficientPIM.lnk - c:\program files\EfficientPIM\EfficientPIM.exe /startup [2014-2-10 14546088]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Colleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Colleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-11-29 04:05 523952 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2012-02-01 17:36 50592 ----a-w- c:\users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-08 23:13 103344 ----a-w- c:\program files\Lexmark 8300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-25 03:35 133104 ----atw- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 03:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-11-28 20:19 52912 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 16:06 413696 ----a-w- c:\program files\Toshiba\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 03:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 20:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 22:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-12-16 10:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCJCATS]
2006-11-21 20:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcjtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcjmon.exe]
2007-05-08 23:09 205744 ----a-w- c:\program files\Lexmark 8300 Series\lxcjmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 17:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 03:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
2006-07-20 20:45 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-09 17:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-11-20 20:15 446128 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-05-07 00:04 2017280 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-01-19 00:06 421888 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 14:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-11-23 01:08 409264 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 15:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-04 23:43]
.
2014-07-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27 21:14]
.
2014-07-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
2014-07-23 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
- c:\users\Colleen\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-21 23:36]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 06:08]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 06:08]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 03:35]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 03:35]
.
2014-06-28 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-27 21:13]
.
2014-06-28 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-27 21:13]
.
2014-07-23 c:\windows\Tasks\Security Center Update - 3210807196.job
- c:\users\Colleen\AppData\Roaming\Uccini\tuizu.exe [2014-03-15 14:15]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: sirius.com\www
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Easy Dock - (no file)
HKCU-Run-ckjpbxjx - c:\users\Colleen\AppData\Local\suftslwg.exe
HKLM-Run-Easy Dock - (no file)
HKLM-Run-EfficientPIM - (no file)
SafeBoot-38990000.sys
SafeBoot-92061489.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-22 20:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-07-22 20:53:13
ComboFix-quarantined-files.txt 2014-07-23 03:52
.
Pre-Run: 16,586,452,992 bytes free
Post-Run: 24,511,291,392 bytes free
.
- - End Of File - - 2C1D6FB6AFB48750A2E3342DE26ADCC9
5B5E648D12FCADC244C1EC30318E1EB9
 
Hi blueskygal,

ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the code-box below into it:
Code: 
Folder::
c:\users\Colleen\AppData\Roaming\Uccini
c:\users\Colleen\AppData\Roaming\Ewpuzagi
c:\users\Colleen\AppData\Roaming\Ezwuan
c:\users\Colleen\AppData\Roaming\Navovy
c:\users\Colleen\AppData\Roaming\Epokzyu
c:\users\Colleen\AppData\Roaming\Cuanhoe
c:\users\Colleen\AppData\Roaming\Ydukyk
c:\users\Colleen\AppData\Roaming\Behymu

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ykifowuhmia"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif



Referring to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.

=========================


In your next post please provide the following:
  • ComboFix.txt
  • How is the computer running at the moment?
 
Combofix

ComboFix 14-07-22.01 - Colleen 07/23/2014 13:11:24.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1144 [GMT -7:00]
Running from: c:\users\Colleen\Desktop\ComboFix.exe
Command switches used :: c:\users\Colleen\Desktop\CFScript.txt
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Colleen\AppData\Roaming\Behymu
c:\users\Colleen\AppData\Roaming\Cuanhoe
c:\users\Colleen\AppData\Roaming\Epokzyu
c:\users\Colleen\AppData\Roaming\Ewpuzagi
c:\users\Colleen\AppData\Roaming\Ewpuzagi\ykicipr.exe
c:\users\Colleen\AppData\Roaming\Ezwuan
c:\users\Colleen\AppData\Roaming\Navovy
c:\users\Colleen\AppData\Roaming\Uccini
c:\users\Colleen\AppData\Roaming\Uccini\tuizu.exe
c:\users\Colleen\AppData\Roaming\Ydukyk
.
.
((((((((((((((((((((((((( Files Created from 2014-06-23 to 2014-07-23 )))))))))))))))))))))))))))))))
.
.
2014-07-23 20:24 . 2014-07-23 20:26 -------- d-----w- c:\users\Colleen\AppData\Local\temp
2014-07-23 20:24 . 2014-07-23 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-22 23:53 . 2014-07-23 02:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-22 23:53 . 2014-07-22 23:53 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-22 23:50 . 2014-07-22 23:50 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-11 23:02 . 2014-07-11 23:02 -------- d-----w- C:\TDSSKiller_Quarantine
2014-07-10 20:26 . 2014-07-23 02:30 -------- d-----w- C:\FRST
2014-07-01 17:04 . 2014-07-01 17:04 -------- d-----w- c:\program files\ERUNT
2014-06-29 20:07 . 2014-06-29 20:07 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-06-27 23:29 . 2013-09-20 17:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-06-27 23:29 . 2014-06-28 04:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-06-27 23:29 . 2014-06-28 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-06-27 19:54 . 2014-06-27 21:01 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 23:43 . 2013-06-04 18:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 23:43 . 2013-06-04 18:29 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-26 16:01 . 2014-06-11 01:25 502784 ----a-w- c:\windows\system32\usp10.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
"HP Deskjet 3510 series (NET)"="c:\program files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"Amazon Cloud Player"="c:\users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-05-08 3145536]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-04-25 4566984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-11-21 106496]
"CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2013-04-29 1497120]
"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2013-06-14 1065504]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2014-03-12 295512]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-02-14 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
.
c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EfficientPIM.lnk - c:\program files\EfficientPIM\EfficientPIM.exe /startup [2014-2-10 14546088]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Colleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Colleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-11-29 04:05 523952 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2012-02-01 17:36 50592 ----a-w- c:\users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-08 23:13 103344 ----a-w- c:\program files\Lexmark 8300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-25 03:35 133104 ----atw- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 03:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-11-28 20:19 52912 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 16:06 413696 ----a-w- c:\program files\Toshiba\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 03:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 20:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 22:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-12-16 10:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCJCATS]
2006-11-21 20:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcjtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcjmon.exe]
2007-05-08 23:09 205744 ----a-w- c:\program files\Lexmark 8300 Series\lxcjmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 17:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 03:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
2006-07-20 20:45 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-09 17:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-11-20 20:15 446128 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-05-07 00:04 2017280 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-01-19 00:06 421888 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 14:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-11-23 01:08 409264 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 15:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-04 23:43]
.
2014-07-23 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27 21:14]
.
2014-07-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
2014-07-23 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
- c:\users\Colleen\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-21 23:36]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 06:08]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 06:08]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 03:35]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
- c:\users\Colleen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 03:35]
.
2014-07-23 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-27 21:13]
.
2014-06-28 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-27 21:13]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: sirius.com\www
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-23 13:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-07-23 13:30:44
ComboFix-quarantined-files.txt 2014-07-23 20:30
ComboFix2.txt 2014-07-23 03:53
.
Pre-Run: 23,699,828,736 bytes free
Post-Run: 24,149,168,128 bytes free
.
- - End Of File - - D7CE8A1CF67E22F27C01D9E97BDDADE4
5B5E648D12FCADC244C1EC30318E1EB9
 
Status Report

I rebooted after the last fix and everything seems fine. Calling up the task list i do not see anymore replicating processes!:crowned:
 
Hi blueskygal,

I rebooted after the last fix and everything seems fine. Calling up the task list i do not see anymore replicating processes!
Click to expand...

Good, we are making some progress. Let's continue ...

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
  • Select type of scan to perform:
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:

  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?
 
malware bytes scan

It did detect one pur which was quarantined but i don't think that showed in the report.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/24/2014
Scan Time: 2:04:49 PM
Logfile: mbam txt.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.24.09
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Colleen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280755
Time Elapsed: 22 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
ESET Scan - their still with us

C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\FRST\Quarantine\C\Users\Colleen\AppData\Local\soisaqtj.exe.xBAD a variant of Win32/Kryptik.CGXY trojan cleaned by deleting - quarantined
C:\Program Files\Wisdom-soft AutoScreenRecorder Free\Toolbar.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Colleen\AppData\Local\suftslwg.exe.vir Win32/TrojanDownloader.Zortob.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Colleen\AppData\Roaming\Ewpuzagi\ykicipr.exe.vir Win32/Spy.Zbot.ABA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Colleen\AppData\Roaming\Uccini\tuizu.exe.vir Win32/Spy.Zbot.ABA trojan cleaned by deleting - quarantined
C:\Users\Colleen\Downloads\CodecPackage.exe a variant of Win32/InstallCore.IK potentially unwanted application deleted - quarantined
:sad::devil::devil:
 
Status
Not open for further replies.
Back
Top