Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Virus or Computer issue? Not sure [Solved]

Started by mignats , Dec 15 2013 01:26 PM

  • This topic is locked This topic is locked
28 replies to this topic

#16 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 21 December 2013 - 09:20 PM

Hard to tell. Sometimes it could be malware that is causing the fake errors, but I'm not seeing anything on OTL.

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

    Advertisements

Register to Remove

#17 mignats

mignats

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 21 December 2013 - 11:22 PM

OK, that ran perfectly.  The log is below.  Thanks again for your continued help.

 

ComboFix 13-12-20.01 - Jim & Lisa 12/21/2013  22:03:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3326.1654 [GMT -7:00]
Running from: c:\users\Jim & Lisa\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1361280823.bdinstall.bin
c:\programdata\1380480882.bdinstall.bin
c:\programdata\1380481485.bdinstall.bin
c:\windows\system32\spsys.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-22 to 2013-12-22  )))))))))))))))))))))))))))))))
.
.
2013-12-22 05:13 . 2013-12-22 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-21 01:35 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-21 01:35 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-21 01:35 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-21 01:35 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-21 01:35 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-21 01:35 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-21 01:35 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-21 01:35 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-21 01:35 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-21 01:35 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-21 01:14 . 2013-12-21 01:14 -------- d-----w- c:\windows\ERUNT
2013-12-21 01:06 . 2013-12-21 01:07 -------- d-----w- C:\AdwCleaner
2013-12-13 01:10 . 2013-12-13 01:11 -------- d-----w- c:\program files\GUM89B4.tmp
2013-11-29 02:09 . 2013-11-29 02:09 -------- d-----w- c:\windows\Migration
2013-11-24 22:26 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-24 22:26 . 2013-10-03 12:45 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-24 22:26 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-24 22:26 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-24 22:26 . 2013-11-24 22:26 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2013-11-24 22:25 . 2013-11-24 22:25 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 01:37 . 2013-02-19 02:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 01:37 . 2013-02-19 02:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-24 22:25 . 2013-09-29 19:12 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-19 15:56 . 2013-10-19 15:57 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-29 19:44 . 2013-09-29 19:05 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-09-29 19:43 . 2013-09-29 19:05 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mezzmo"="c:\program files\Conceiva\Mezzmo\Mezzmo.exe" [2013-12-05 12493096]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-18 477736]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-12-18 898512]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-12-18 612696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-23 7514656]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Cobian Backup 10"="c:\program files\Cobian Backup 10\Cobian.exe" [2010-09-23 421376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-27 2249352]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-10-26 5178664]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-09-11 450560]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-12-18 1834240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-18 477736]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-12-18 898512]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-12-18 612696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2540997612-1774058246-2404513865-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-07 02:09 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-19 01:37]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-20 00:18]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-20 00:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jim & Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\abg2lg1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Videora iPod nano Converter - c:\program files\Red Kawa\Video Converter App\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-21 22:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-12-21  22:16:26
ComboFix-quarantined-files.txt  2013-12-22 05:16
.
Pre-Run: 177,274,732,544 bytes free
Post-Run: 177,846,583,296 bytes free
.
- - End Of File - - 5E55512D91F8D6CE814F541E5A33CD11
5C616939100B85E558DA92B899A0FC36

#18 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 22 December 2013 - 02:29 AM

Hi,

I need you to make a batch file.

Open a new Notepad session
  • Click the Start button, click Run
  • In the run box type notepad
  • Click OK
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
@Echo on
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "flush.bat"
Click Save


You should now have a file on your desktop with an icon like this post-78707-1263753228.jpg

Double click on flush.bat & allow it to run. A small black screen may briefly flash on and off, and will shut down by itself. That is normal.

===================================================

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

===================================================

On your next reply please post :
FRST log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#19 mignats

mignats

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 22 December 2013 - 11:21 AM

Good Morning,

 

I ran both tools.  The first run seemed to run OK but windows did reboot on its own, it that normal?

 

Here are the scans from the FRST tool:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01
Ran by Jim & Lisa (administrator) on SARAL-03 on 22-12-2013 10:17:03
Running from C:\Users\Jim & Lisa\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 10\cbVSCService.exe
() C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Conceiva Pty. Ltd.) C:\Program Files\Conceiva\Mezzmo\MezzmoMediaServer.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 10\Cobian.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Conceiva Pty. Ltd.) C:\Program Files\Conceiva\Mezzmo\Mezzmo.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 10\cbInterface.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Cobian Backup 10] - C:\Program Files\Cobian Backup 10\Cobian.exe [421376 2010-09-23] (Luis Cobian, CobianSoft)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM\...\Run: [Nero MediaHome 4] - C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-26] (Nero AG)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1834240 2013-12-17] (Bitdefender)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Mezzmo] - C:\Program Files\Conceiva\Mezzmo\Mezzmo.exe [12493096 2013-12-04] (Conceiva Pty. Ltd.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-10-23] (Nero AG)
HKCU\...\Run: [Bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [477736 2013-12-17] (Bitdefender)
HKCU\...\Run: [Bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [898512 2013-12-17] (Bitdefender)
HKCU\...\Run: [Bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [612696 2013-12-17] (Bitdefender)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jim & Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\abg2lg1s.default
FF Homepage: hxxp://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Bitdefender.com/PasswordManager;version=17.8 - C:\Program Files\Bitdefender\Bitdefender\pmbxnp.dll (Bitdefender)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman\
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.ca/
CHR RestoreOnStartup: "https://www.google.ca/"
CHR DefaultSearchKeyword: google.ca
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Jim & Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Jim & Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Jim & Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Bitdefender Wallet) - C:\Users\Jim & Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl\17.24.0_0
CHR Extension: (Google Search) - C:\Users\Jim & Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Jim & Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Jim & Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx
 
========================== Services (Whitelisted) =================
 
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2013-11-27] (Bitdefender)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 cbVSCService; C:\Program Files\Cobian Backup 10\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian)
R2 CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-19] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 Mezzmo; C:\Program Files\Conceiva\Mezzmo\MezzmoMediaServer.exe [4450088 2013-12-04] (Conceiva Pty. Ltd.)
R2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-10-26] (Nero AG)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2013-10-16] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1234792 2013-11-27] (Bitdefender)
 
==================== Drivers (Whitelisted) ====================
 
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-07-19] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-07-19] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-02-22] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [130640 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-24] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-09-29] (BitDefender LLC)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [109056 2008-01-20] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81408 2006-12-19] (Windows ® Codename Longhorn DDK provider)
R2 ntk_PowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [71664 2011-04-19] (Cyberlink Corp.)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-09-29] (BitDefender S.R.L.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [77296 2011-04-12] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\JIM&LI~1\AppData\Local\Temp\catchme.sys [x]
S3 GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NTACCESS; \??\G:\NTACCESS.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-22 10:17 - 2013-12-22 10:18 - 00018064 _____ C:\Users\Jim & Lisa\Desktop\FRST.txt
2013-12-22 10:16 - 2013-12-22 10:16 - 00000000 ____D C:\FRST
2013-12-22 10:15 - 2013-12-22 10:15 - 01061231 _____ (Farbar) C:\Users\Jim & Lisa\Desktop\FRST.exe
2013-12-22 10:07 - 2013-12-22 10:07 - 00000296 _____ C:\Windows\system32\spsys.log
2013-12-21 22:16 - 2013-12-21 22:16 - 00012306 _____ C:\ComboFix.txt
2013-12-21 22:00 - 2013-12-21 22:16 - 00000000 ____D C:\Qoobox
2013-12-21 22:00 - 2013-12-21 22:16 - 00000000 ____D C:\ComboFix
2013-12-21 22:00 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-21 22:00 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-21 22:00 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-21 22:00 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-21 22:00 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-21 22:00 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-21 22:00 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-21 22:00 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-21 21:59 - 2013-12-21 22:14 - 00000000 ____D C:\Windows\erdnt
2013-12-21 21:52 - 2013-12-21 21:53 - 05155033 ____R (Swearware) C:\Users\Jim & Lisa\Desktop\ComboFix.exe
2013-12-21 09:20 - 2013-12-21 09:21 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{2917DEBF-570A-4D73-B439-A9392DE868A0}
2013-12-20 19:54 - 2013-12-20 19:54 - 01034531 _____ (Thisisu) C:\Users\Jim & Lisa\Desktop\JRT.exe
2013-12-20 18:40 - 2013-11-14 16:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-20 18:40 - 2013-11-14 15:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-20 18:40 - 2013-11-14 15:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-20 18:40 - 2013-11-14 15:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-20 18:40 - 2013-11-14 15:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-20 18:40 - 2013-11-14 15:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-20 18:40 - 2013-11-14 15:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-20 18:40 - 2013-11-14 15:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-20 18:40 - 2013-11-14 15:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-20 18:40 - 2013-11-14 15:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-20 18:40 - 2013-11-14 15:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-20 18:40 - 2013-11-14 15:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-20 18:40 - 2013-11-14 15:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-20 18:40 - 2013-11-14 15:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-20 18:40 - 2013-11-14 15:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-20 18:40 - 2013-11-14 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-20 18:35 - 2013-10-29 19:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-20 18:35 - 2013-10-29 18:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-20 18:35 - 2013-10-29 17:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-20 18:35 - 2013-10-29 17:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-20 18:35 - 2013-10-22 00:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-20 18:35 - 2013-10-10 19:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-20 18:35 - 2013-10-10 19:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-20 18:35 - 2013-10-10 19:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-20 18:35 - 2013-10-10 17:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-20 18:35 - 2013-10-10 17:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-20 18:14 - 2013-12-20 18:14 - 00000000 ____D C:\Windows\ERUNT
2013-12-20 18:13 - 2013-12-20 18:13 - 00001980 _____ C:\Users\Jim & Lisa\Desktop\AdwCleaner[R0].txt
2013-12-20 18:06 - 2013-12-20 18:07 - 00000000 ____D C:\AdwCleaner
2013-12-20 18:05 - 2013-12-20 18:05 - 01226750 _____ C:\Users\Jim & Lisa\Desktop\AdwCleaner.exe
2013-12-20 17:55 - 2013-12-20 17:56 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{7BE241F4-B951-443D-BA9F-A80A04B54FD1}
2013-12-20 06:19 - 2013-12-20 06:19 - 00001309 _____ C:\Users\Jim & Lisa\Desktop\aswMBR.zip
2013-12-19 20:28 - 2013-12-19 20:28 - 04101441 _____ C:\Users\Jim & Lisa\Downloads\tdsskiller.zip
2013-12-19 20:25 - 2013-12-20 06:15 - 00003120 _____ C:\Users\Jim & Lisa\Desktop\aswMBR.txt
2013-12-19 20:25 - 2013-12-20 06:15 - 00000512 _____ C:\Users\Jim & Lisa\Desktop\MBR.dat
2013-12-19 20:22 - 2013-12-19 20:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-19 19:34 - 2013-12-19 19:34 - 04745728 _____ (AVAST Software) C:\Users\Jim & Lisa\Desktop\aswMBR.exe
2013-12-19 19:20 - 2013-12-19 19:20 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{84821C8A-4615-4670-B0B5-4E985B841D2C}
2013-12-19 06:46 - 2013-12-19 06:46 - 00146592 _____ C:\Windows\Minidump\Mini121913-01.dmp
2013-12-19 06:32 - 2013-12-19 06:32 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{0E3933A6-4F61-4D6C-B1F1-89DDC4252AAE}
2013-12-19 06:24 - 2013-12-19 06:24 - 00000000 _____ C:\Users\Jim & Lisa\Desktop\GMER.txt
2013-12-17 17:38 - 2013-12-17 17:38 - 00146592 _____ C:\Windows\Minidump\Mini121713-01.dmp
2013-12-17 17:20 - 2013-12-17 17:20 - 00377856 _____ C:\Users\Jim & Lisa\Desktop\r8o5z4nh.exe
2013-12-17 17:16 - 2013-12-17 17:17 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{94FE63B3-9CB4-4649-A67C-9C0F09FC7869}
2013-12-15 12:15 - 2013-12-15 12:15 - 00054010 ____N C:\Users\Jim & Lisa\Desktop\Extras.Txt
2013-12-15 12:14 - 2013-12-15 12:14 - 00148372 ____N C:\Users\Jim & Lisa\Desktop\OTL.Txt
2013-12-15 11:57 - 2013-12-15 11:57 - 00602112 ____N (OldTimer Tools) C:\Users\Jim & Lisa\Desktop\OTL.exe
2013-12-14 08:34 - 2013-12-14 08:34 - 00000082 ____N C:\Users\Jim & Lisa\Desktop\What the Tech.url
2013-12-12 18:10 - 2013-12-12 18:11 - 00000000 ____D C:\Program Files\GUM89B4.tmp
2013-12-11 17:08 - 2013-12-11 17:08 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{31FB678C-8652-4290-8690-CFCF20EE2FBD}
2013-12-08 09:55 - 2013-12-08 09:55 - 00000104 ____N C:\Users\Jim & Lisa\Desktop\Maytag Puriclean II UKF8001 Filter, UKF8001AXX Only $29.95.url
2013-12-07 12:33 - 2013-12-07 12:34 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{1BE68199-7C00-4213-8248-C347BD5251EC}
2013-11-29 17:58 - 2013-11-29 17:58 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{9BCA35F1-7BC7-4D24-9DBC-125D71F8C01F}
2013-11-29 17:25 - 2013-11-29 17:25 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{3105A3D0-1073-4AF4-996D-AA441D87BE76}
2013-11-24 15:26 - 2013-11-24 15:26 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2013-11-24 15:26 - 2013-10-10 19:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-24 15:26 - 2013-10-10 19:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-24 15:26 - 2013-10-10 17:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-24 15:26 - 2013-10-03 05:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-24 15:26 - 2013-10-03 05:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-24 15:25 - 2013-11-24 15:25 - 00027168 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2013-11-24 15:21 - 2013-11-24 15:21 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{43A0CCAB-1688-4DB4-B987-6FE05FCCF992}
 
==================== One Month Modified Files and Folders =======
 
2013-12-22 10:18 - 2013-12-22 10:17 - 00018064 _____ C:\Users\Jim & Lisa\Desktop\FRST.txt
2013-12-22 10:17 - 2008-01-20 18:35 - 01841835 _____ C:\Windows\WindowsUpdate.log
2013-12-22 10:16 - 2013-12-22 10:16 - 00000000 ____D C:\FRST
2013-12-22 10:16 - 2013-02-19 17:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 10:15 - 2013-12-22 10:15 - 01061231 _____ (Farbar) C:\Users\Jim & Lisa\Desktop\FRST.exe
2013-12-22 10:14 - 2006-11-02 03:33 - 00762374 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-22 10:13 - 2013-02-19 17:18 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 10:07 - 2013-12-22 10:07 - 00000296 _____ C:\Windows\system32\spsys.log
2013-12-22 10:07 - 2013-02-22 19:52 - 00000043 _____ C:\Windows\MezzmoMediaServer.INI
2013-12-22 10:07 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 10:07 - 2006-11-02 05:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 10:07 - 2006-11-02 05:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 10:05 - 2006-11-02 06:01 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-22 09:37 - 2013-02-18 19:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-21 22:27 - 2008-01-20 19:47 - 00109554 _____ C:\Windows\PFRO.log
2013-12-21 22:16 - 2013-12-21 22:16 - 00012306 _____ C:\ComboFix.txt
2013-12-21 22:16 - 2013-12-21 22:00 - 00000000 ____D C:\Qoobox
2013-12-21 22:16 - 2013-12-21 22:00 - 00000000 ____D C:\ComboFix
2013-12-21 22:16 - 2006-11-02 04:18 - 00000000 __RHD C:\Users\Default
2013-12-21 22:16 - 2006-11-02 04:18 - 00000000 ___RD C:\Users\Public
2013-12-21 22:14 - 2013-12-21 21:59 - 00000000 ____D C:\Windows\erdnt
2013-12-21 22:13 - 2006-11-02 03:23 - 00000215 _____ C:\Windows\system.ini
2013-12-21 21:53 - 2013-12-21 21:52 - 05155033 ____R (Swearware) C:\Users\Jim & Lisa\Desktop\ComboFix.exe
2013-12-21 16:13 - 2013-03-13 18:03 - 00000000 ____D C:\ThumbsPlus
2013-12-21 15:15 - 2013-02-20 16:21 - 00000000 ____D C:\Program Files\Xnews
2013-12-21 09:21 - 2013-12-21 09:20 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{2917DEBF-570A-4D73-B439-A9392DE868A0}
2013-12-21 09:20 - 2013-04-20 12:20 - 00000000 ____D C:\Users\Jim & Lisa\Tracing
2013-12-20 20:40 - 2013-02-19 20:45 - 00000000 ____D C:\Users\Jim & Lisa\Documents\Outlook Files
2013-12-20 19:58 - 2013-02-20 17:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-20 19:54 - 2013-12-20 19:54 - 01034531 _____ (Thisisu) C:\Users\Jim & Lisa\Desktop\JRT.exe
2013-12-20 18:55 - 2006-11-02 05:47 - 01734512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-20 18:51 - 2013-02-18 18:56 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-20 18:49 - 2013-02-19 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-20 18:46 - 2013-07-15 17:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-20 18:42 - 2006-11-02 03:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-20 18:14 - 2013-12-20 18:14 - 00000000 ____D C:\Windows\ERUNT
2013-12-20 18:13 - 2013-12-20 18:13 - 00001980 _____ C:\Users\Jim & Lisa\Desktop\AdwCleaner[R0].txt
2013-12-20 18:07 - 2013-12-20 18:06 - 00000000 ____D C:\AdwCleaner
2013-12-20 18:05 - 2013-12-20 18:05 - 01226750 _____ C:\Users\Jim & Lisa\Desktop\AdwCleaner.exe
2013-12-20 17:56 - 2013-12-20 17:55 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{7BE241F4-B951-443D-BA9F-A80A04B54FD1}
2013-12-20 06:19 - 2013-12-20 06:19 - 00001309 _____ C:\Users\Jim & Lisa\Desktop\aswMBR.zip
2013-12-20 06:15 - 2013-12-19 20:25 - 00003120 _____ C:\Users\Jim & Lisa\Desktop\aswMBR.txt
2013-12-20 06:15 - 2013-12-19 20:25 - 00000512 _____ C:\Users\Jim & Lisa\Desktop\MBR.dat
2013-12-19 20:28 - 2013-12-19 20:28 - 04101441 _____ C:\Users\Jim & Lisa\Downloads\tdsskiller.zip
2013-12-19 20:23 - 2013-12-19 20:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-19 19:34 - 2013-12-19 19:34 - 04745728 _____ (AVAST Software) C:\Users\Jim & Lisa\Desktop\aswMBR.exe
2013-12-19 19:20 - 2013-12-19 19:20 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{84821C8A-4615-4670-B0B5-4E985B841D2C}
2013-12-19 06:46 - 2013-12-19 06:46 - 00146592 _____ C:\Windows\Minidump\Mini121913-01.dmp
2013-12-19 06:46 - 2013-08-02 16:19 - 282847863 _____ C:\Windows\MEMORY.DMP
2013-12-19 06:46 - 2013-02-23 10:16 - 00000000 ____D C:\Windows\Minidump
2013-12-19 06:33 - 2013-02-18 13:08 - 00000000 ____D C:\Users\Jim & Lisa\Documents\MSWORD
2013-12-19 06:32 - 2013-12-19 06:32 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{0E3933A6-4F61-4D6C-B1F1-89DDC4252AAE}
2013-12-19 06:24 - 2013-12-19 06:24 - 00000000 _____ C:\Users\Jim & Lisa\Desktop\GMER.txt
2013-12-18 00:01 - 2013-08-26 20:33 - 00000680 _____ C:\Users\Jim & Lisa\AppData\Local\d3d9caps.dat
2013-12-17 21:00 - 2013-02-20 17:14 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Roaming\uTorrent
2013-12-17 17:38 - 2013-12-17 17:38 - 00146592 _____ C:\Windows\Minidump\Mini121713-01.dmp
2013-12-17 17:20 - 2013-12-17 17:20 - 00377856 _____ C:\Users\Jim & Lisa\Desktop\r8o5z4nh.exe
2013-12-17 17:17 - 2013-12-17 17:16 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{94FE63B3-9CB4-4649-A67C-9C0F09FC7869}
2013-12-15 12:15 - 2013-12-15 12:15 - 00054010 ____N C:\Users\Jim & Lisa\Desktop\Extras.Txt
2013-12-15 12:14 - 2013-12-15 12:14 - 00148372 ____N C:\Users\Jim & Lisa\Desktop\OTL.Txt
2013-12-15 11:57 - 2013-12-15 11:57 - 00602112 ____N (OldTimer Tools) C:\Users\Jim & Lisa\Desktop\OTL.exe
2013-12-15 11:26 - 2013-02-20 17:41 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\QuickPar
2013-12-15 11:24 - 2013-02-18 19:48 - 00076800 _____ C:\Users\Jim & Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-14 08:34 - 2013-12-14 08:34 - 00000082 ____N C:\Users\Jim & Lisa\Desktop\What the Tech.url
2013-12-12 18:11 - 2013-12-12 18:10 - 00000000 ____D C:\Program Files\GUM89B4.tmp
2013-12-11 18:37 - 2013-02-18 19:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 18:37 - 2013-02-18 19:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 17:08 - 2013-12-11 17:08 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{31FB678C-8652-4290-8690-CFCF20EE2FBD}
2013-12-08 09:55 - 2013-12-08 09:55 - 00000104 ____N C:\Users\Jim & Lisa\Desktop\Maytag Puriclean II UKF8001 Filter, UKF8001AXX Only $29.95.url
2013-12-07 12:41 - 2013-09-24 17:38 - 00000906 _____ C:\Users\Public\Desktop\Mezzmo.lnk
2013-12-07 12:39 - 2013-02-23 10:44 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\Adobe
2013-12-07 12:34 - 2013-12-07 12:33 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{1BE68199-7C00-4213-8248-C347BD5251EC}
2013-11-29 17:58 - 2013-11-29 17:58 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{9BCA35F1-7BC7-4D24-9DBC-125D71F8C01F}
2013-11-29 17:30 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\NDF
2013-11-29 17:25 - 2013-11-29 17:25 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{3105A3D0-1073-4AF4-996D-AA441D87BE76}
2013-11-28 19:41 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-26 18:13 - 2013-02-18 19:19 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Roaming\Adobe
2013-11-24 16:21 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache
2013-11-24 15:26 - 2013-11-24 15:26 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2013-11-24 15:25 - 2013-11-24 15:25 - 00027168 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2013-11-24 15:25 - 2013-09-29 12:12 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2013-11-24 15:21 - 2013-11-24 15:21 - 00000000 ____D C:\Users\Jim & Lisa\AppData\Local\{43A0CCAB-1688-4DB4-B987-6FE05FCCF992}
 
Some content of TEMP:
====================
C:\Users\Jim & Lisa\AppData\Local\Temp\catchme.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-22 10:20
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2013 01
Ran by Jim & Lisa at 2013-12-22 10:18:35
Running from C:\Users\Jim & Lisa\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
 
==================== Installed Programs ======================
 
µTorrent (Version: 3.3.0.29126)
AC3Filter 2.5b (Version: 2.5b)
Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Acrobat 8 Professional (Version: 8.1.0)
Adobe After Effects CS3 Presets (Version: 8)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Advertising Center (Version: 0.0.0.2)
AHV content for Acrobat and Flash (Version: 1)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.45)
ATI Catalyst Install Manager (Version: 3.0.691.0)
Auslogics Duplicate File Finder (Version: 2.5)
AviSynth 2.5
Bing Desktop (Version: 1.3.174.0)
Bitdefender Total Security (Version: 17.16.0.729)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0820.2135.36847)
Catalyst Control Center Graphics Full Existing (Version: 2008.0820.2135.36847)
Catalyst Control Center Graphics Full New (Version: 2008.0820.2135.36847)
Catalyst Control Center Graphics Light (Version: 2008.0820.2135.36847)
Catalyst Control Center Graphics Previews Common (Version: 2008.0820.2135.36847)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0820.2135.36847)
Catalyst Control Center HydraVision Full (Version: 2008.0820.2135.36847)
Catalyst Control Center InstallProxy (Version: 2008.0820.2135.36847)
CCC Help English (Version: 2008.0820.2134.36847)
ccc-core-static (Version: 2008.0820.2135.36847)
ccc-utility (Version: 2008.0820.2135.36847)
Cobian Backup 10
Combined Community Codec Pack 2013-03-02 (Version: 2013.03.02.0)
Cool & Quiet
CyberLink PowerDVD 11 (Version: 11.0.1620.51)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.87)
Elevated Installer (Version: 2.3.14.0)
EPSON Printer Software
FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
Forté Agent (Version: 5.00)
Free Mp3 Wma Converter V 1.7.3
Garmin Communicator Plugin (Version: 4.0.4)
Garmin Express (Version: 2.3.14.0)
Garmin Express Tray (Version: 2.3.14.0)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
HandBrake 0.9.8 (Version: 0.9.8)
iTunes (Version: 11.1.0.126)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Light Image Resizer 4.1.0.6 (Version: 4.1.0.6)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Mezzmo (HKCU Version: 3.4.4.0)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MosChip Multi-IO Controller
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 8 (Version: 8.10.127)
Nero ControlCenter (Version: 9.0.0.1)
Nero Installer (Version: 4.4.9.0)
Nero MediaHome 4 (Version: 4.5.9.2)
Nero MediaHome 4 Help (Version: 4.5.5.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero PhotoShow Express 5 (Version: 5.0)
neroxml (Version: 1.0.0)
PDF Settings (Version: 1.0)
Quicken 2008 (Version: 17.1.3.7)
QuickPar 0.9 (Version: 0.9)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5859)
Remote Control USB Driver (Version: 2.3.2.317)
Rename It 3.0
Safari (Version: 5.34.57.2)
Segoe UI (Version: 15.4.2271.0615)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skins (Version: 2008.0820.2135.36847)
SmartSound Quicktracks Plugin (Version: 3.0.2.7)
SnagIt 8 (Version: 8.2.3)
System Requirements Lab for Intel (Version: 4.5.13.0)
ThumbsPlus version 7 SP2 (Version: 7.0 SP2)
Ulead VideoStudio 10 (Version: 10.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VCRedistSetup (Version: 1.0.0)
VLC media player 2.0.3 (Version: 2.0.3)
Winamp (Version: 5.52 )
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
WinZip 11.1 (Version: 11.1.7466)
World of Warcraft FREE Trial (Version: 1.00.0000)
 
==================== Restore Points  =========================
 
07-12-2013 04:00:28 Scheduled Checkpoint
08-12-2013 07:00:05 Scheduled Checkpoint
12-12-2013 04:37:03 Scheduled Checkpoint
13-12-2013 07:00:01 Scheduled Checkpoint
14-12-2013 07:00:02 Scheduled Checkpoint
15-12-2013 07:00:02 Scheduled Checkpoint
15-12-2013 19:04:05 OTL Restore Point - 12/15/2013 12:04:05 PM
18-12-2013 01:44:35 Scheduled Checkpoint
19-12-2013 14:24:10 Scheduled Checkpoint
20-12-2013 07:00:02 Scheduled Checkpoint
21-12-2013 01:35:51 Windows Update
21-12-2013 16:57:44 Scheduled Checkpoint
22-12-2013 06:08:50 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2006-11-02 03:23 - 2013-12-21 22:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {87460A4C-F2BE-4DDE-BA20-2E5A1B49FD94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {9697EC25-9A4A-4553-B910-A5F96DA8120F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CA23424D-13FC-4DC5-AC3E-F1507CB3BA78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FEF5903C-059B-49F0-897D-AF4E86EB09FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-20 01:21 - 2011-04-20 01:21 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-11-29 14:59 - 2012-11-29 14:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-07-04 14:32 - 2010-07-04 14:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-09-29 12:12 - 2013-06-19 11:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-08-28 17:25 - 2013-08-28 17:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-29 12:12 - 2013-09-29 12:45 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2010-11-24 18:11 - 2010-11-24 18:11 - 00062464 _____ () C:\Program Files\Conceiva\Mezzmo\HS_REGEX.dll
2012-08-13 18:36 - 2012-08-13 18:36 - 00477696 _____ () C:\Program Files\Conceiva\Mezzmo\tag.dll
2012-04-03 19:08 - 2012-04-03 19:08 - 00839680 _____ () C:\Program Files\Conceiva\Mezzmo\LIBEAY32.dll
2012-04-03 19:08 - 2012-04-03 19:08 - 00159744 _____ () C:\Program Files\Conceiva\Mezzmo\SSLEAY32.dll
2013-03-18 18:42 - 2013-03-18 18:42 - 00061440 _____ () C:\Program Files\Conceiva\Mezzmo\extension-functions.dll
2013-03-18 14:55 - 2013-03-18 14:55 - 07341056 _____ () C:\Program Files\Conceiva\Mezzmo\avcodec-54.dll
2013-03-18 14:55 - 2013-03-18 14:55 - 00222208 _____ () C:\Program Files\Conceiva\Mezzmo\avutil-52.dll
2013-03-18 14:55 - 2013-03-18 14:55 - 01504256 _____ () C:\Program Files\Conceiva\Mezzmo\avformat-54.dll
2013-03-18 14:55 - 2013-03-18 14:55 - 00123904 _____ () C:\Program Files\Conceiva\Mezzmo\avdevice-54.dll
2013-03-18 14:55 - 2013-03-18 14:55 - 00429568 _____ () C:\Program Files\Conceiva\Mezzmo\avfilter-3.dll
2013-03-18 14:55 - 2013-03-18 14:55 - 00119296 _____ () C:\Program Files\Conceiva\Mezzmo\swresample-0.dll
2013-03-18 14:55 - 2013-03-18 14:55 - 00360448 _____ () C:\Program Files\Conceiva\Mezzmo\swscale-2.dll
2013-02-18 19:00 - 2013-02-18 19:00 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2013-12-06 19:13 - 2013-12-03 19:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 19:13 - 2013-12-03 19:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 19:13 - 2013-12-03 19:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 19:13 - 2013-12-03 19:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 19:13 - 2013-12-03 19:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Jim & Lisa\Desktop\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\Jim & Lisa\Desktop\FRST.exe:BDU
AlternateDataStreams: C:\Users\Jim & Lisa\Desktop\JRT.exe:BDU
AlternateDataStreams: C:\Users\Jim & Lisa\Desktop\OTL.exe:BDU
AlternateDataStreams: C:\Users\Jim & Lisa\Desktop\r8o5z4nh.exe:BDU
AlternateDataStreams: C:\Users\Jim & Lisa\Downloads\CommunicatorPlugin_401.exe:BDU
AlternateDataStreams: C:\Users\Jim & Lisa\Downloads\CommunicatorPlugin_404.exe:BDU
AlternateDataStreams: C:\Users\Jim & Lisa\Downloads\CyberLink_PowerDVD_Downloader.exe:BDU
AlternateDataStreams: C:\Users\Jim & Lisa\Downloads\GarminExpress.exe:BDU
AlternateDataStreams: C:\Users\Jim & Lisa\Downloads\GarminMapUpdater.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/22/2013 10:08:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/21/2013 10:29:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/21/2013 10:16:31 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP01> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/21/2013 10:16:02 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP01> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/21/2013 10:14:16 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/21/2013 10:09:56 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP4700> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/21/2013 10:09:24 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP3300> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/21/2013 10:05:57 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP0301> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/21/2013 10:05:57 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP0300> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/21/2013 10:05:57 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\SOFTAV03> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (12/22/2013 10:07:33 AM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer HP LaserJet 2100 PCL6 with shared resource name HP LaserJet 2100 PCL6. Error 2114. The printer cannot be used by others on the network.
 
Error: (12/22/2013 10:05:06 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (12/21/2013 10:34:06 PM) (Source: Service Control Manager) (User: )
Description: Windows Update
 
Error: (12/21/2013 10:25:56 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (12/21/2013 10:13:31 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
 
Error: (12/21/2013 10:06:35 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
 
Error: (12/21/2013 10:02:30 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
 
Error: (12/21/2013 09:15:46 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (12/21/2013 09:15:46 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (12/21/2013 09:15:13 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/22/2013 10:08:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/21/2013 10:29:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/21/2013 10:16:31 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\COMBOFIX\TEMP01
 
Error: (12/21/2013 10:16:02 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\COMBOFIX\TEMP01
 
Error: (12/21/2013 10:14:16 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\COMBOFIX\TEMP00
 
Error: (12/21/2013 10:09:56 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\COMBOFIX\TEMP4700
 
Error: (12/21/2013 10:09:24 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\COMBOFIX\TEMP3300
 
Error: (12/21/2013 10:05:57 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\COMBOFIX\TEMP0301
 
Error: (12/21/2013 10:05:57 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\COMBOFIX\TEMP0300
 
Error: (12/21/2013 10:05:57 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
C:\COMBOFIX\SOFTAV03
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-02-18 22:22:43.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-18 22:22:43.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-18 22:22:43.775
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-18 22:22:43.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-18 22:22:43.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 3326.12 MB
Available physical RAM: 1598 MB
Total Pagefile: 6877.25 MB
Available Pagefile: 4726.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.68 MB
 
==================== Drives ================================
 
Drive c: (DRIVE_C) (Fixed) (Total:465.76 GB) (Free:162.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Media) (Fixed) (Total:149.05 GB) (Free:72.45 GB) NTFS
Drive e: (BackupDrive) (Fixed) (Total:1863.01 GB) (Free:1209.81 GB) NTFS
Drive f: (Movies) (Fixed) (Total:1863.01 GB) (Free:1247.88 GB) NTFS
Drive i: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:141.61 GB) NTFS
Drive j: (TRANSCEND) (Removable) (Total:3.73 GB) (Free:3.69 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: EA278AC9)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 829A50E9)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: C0C80B8D)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 085BD047)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 233 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
 
==================== End Of Log ============================

#20 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 22 December 2013 - 11:33 AM

Yes, that is the expected behavior from the batch file that you ran.

I've flushed DNS cache and other things that are related to the network. Did the fix make any difference to your browsing speed now?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#21 mignats

mignats

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 22 December 2013 - 01:49 PM

That sure seems to have made a difference.

 

Things seems to be loading much quicker now.

 

Maybe that was all that was needed?  IS there anything else we need to check?

 

Thanks again for all your assistance.  


#22 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 22 December 2013 - 09:29 PM

What about the pop up error you had? "Windows failed to create security options dialog"

Are they still coming up?

We have a couple more steps to perform. But I need more information from you before I can decide what to do next. :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#23 mignats

mignats

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 23 December 2013 - 08:39 AM

Good Morning Conspire,

 

I am not sure about the Security Dialog issue.  That is something that's happens about once a week or so.

 

What usually happens is I am opening a program (not any one in particular) and the computer will freeze for a bit and then the screen will go black and I will get the error "Login process has failed to create the security options dialog".  I then have to reboot the computer and when I do it will boot to the screen that allows you to boot into safemode or regular startup.

 

I haven't seen that since yesterdays fixes, but that isn't unusual.

 

Cheers,


#24 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 23 December 2013 - 09:50 AM

A quick search on Google tells me it's something to do with hard drive. I'm no hardware expert so I cannot tell for sure. As far as I know, the typical lifespan of a hard drive average about 5 years. If you hear any tick noise when the hard drive is running, it's a sign of mechanical stuff wearing out.

That said, we will perform a followup scan just to make sure there are no malware left in your PC.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
===================================================

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it.
===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

On your next reply please post :
ESET log
MBAM log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#25 mignats

mignats

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 24 December 2013 - 01:05 PM

Hi Conspire,

 

Sorry for the delay getting back to you.  Here are the two logs you requested.  Merry Christmas and thanks for all of your assistance.

 

Mignats

 

C:\Program Files\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe Win32/Toolbar.AskSBar application
C:\Users\Jim & Lisa\Documents\Software\AC3 Filter\ac3filter_2_5b.exe Win32/OpenCandy application
C:\Users\Jim & Lisa\Documents\Software\Auslogics Duplicate File Finder\duplicate-file-finder-setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Jim & Lisa\Documents\Software\GSPOT Video Codec Reader\GSpot270azip.exe a variant of Win32/OpenInstall application
C:\Users\Jim & Lisa\Documents\Software\Light Image Resizer\light_image_resizer4_setup-avangate_1488.exe Win32/Adware.Linkular.AB application
C:\Users\Jim & Lisa\Documents\Software\Red Kawa Ipod Video Converter\videora-ipodnano-600-setup.exe a variant of Win32/OpenCandy.A application
C:\Users\Jim & Lisa\Documents\Software\Unlocker\Unlocker1.9.1.exe multiple threats
C:\Users\Jim & Lisa\Documents\Software\WMA to MP3 Convertor\Setup_FreeConverter.exe Win32/Toolbar.Widgi application
I:\DocumentBackup\Documents 2013-10-14 08;00;59\Software\AC3 Filter\ac3filter_2_5b.exe Win32/OpenCandy application
I:\DocumentBackup\Documents 2013-10-14 08;00;59\Software\Auslogics Duplicate File Finder\duplicate-file-finder-setup.exe a variant of Win32/Bundled.Toolbar.Ask application
I:\DocumentBackup\Documents 2013-10-14 08;00;59\Software\GSPOT Video Codec Reader\GSpot270azip.exe a variant of Win32/OpenInstall application
I:\DocumentBackup\Documents 2013-10-14 08;00;59\Software\Light Image Resizer\light_image_resizer4_setup-avangate_1488.exe Win32/Adware.Linkular.AB application
I:\DocumentBackup\Documents 2013-10-14 08;00;59\Software\Red Kawa Ipod Video Converter\videora-ipodnano-600-setup.exe a variant of Win32/OpenCandy.A application
I:\DocumentBackup\Documents 2013-10-14 08;00;59\Software\Unlocker\Unlocker1.9.1.exe multiple threats
I:\DocumentBackup\Documents 2013-10-14 08;00;59\Software\WMA to MP3 Convertor\Setup_FreeConverter.exe Win32/Toolbar.Widgi application
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.24.05
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jim & Lisa :: SARAL-03 [administrator]
 
12/24/2013 11:56:37 AM
mbam-log-2013-12-24 (11-56-37).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250978
Time elapsed: 6 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

    Advertisements

Register to Remove

#26 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 24 December 2013 - 09:14 PM

Great! Time for some housekeeping.

 

Merry Christmas to you too :)

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall

Combofix_uninstall_image.jpg

 

 

===================================================

 

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

 

===================================================

 

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

 

===================================================

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

--------------------------------------------------------------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.


Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.


SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.

Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

Do you have any questions or problems to ask? Please do not hesitate to do so.

**Please respond this one more time to ensure it is resolved and close this topic.

 

 

 


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#27 mignats

mignats

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 25 December 2013 - 08:42 PM

Thanks so much for all of your assistance Conspire.  I will run all of the final steps you mention above and install the programs you suggest.

 

Two questions.  Will any of the software you suggested I install cause conflicts with my antivirus system.  Also were any of the items that were found anything to really worry about or just pain in the butt type malware?  Just wondering how compromised my system was.

 

Thanks again for all of your help.  All of the best to you in 2014!

 

Mignats


#28 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 25 December 2013 - 09:47 PM

You're welcome, mignats. :)

 

1) Usually they don't cause any conflicts, because they are focusing on different areas of your computer system. For example, the WOT only checks for the legitimacy of the site you're visiting. Conflicts will happen if you are installing two different AV on your computer.

 

2) The main problem you had was slow browsing speed. What I did was flushing DNS to see if it made any difference and it did. Nothing much to be worried about.

 

Thank you and all the best to you too in 2014!


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#29 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 28 December 2013 - 06:50 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·