WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

LinkBucks Redirect & Purchase Reviews Bug

Started by jrider25 , Jan 29 2014 12:40 PM

This topic is locked

18 replies to this topic

#1 jrider25

Authentic Member

Authentic Member
34 posts

Posted 29 January 2014 - 12:40 PM

Hi guys,

I have had this nasty LinkBucks redirect and Purchase Reviews virus going on for quite some time now. I've tried quite a few removal tools and nothing is working. Hoping you guys can help out. Attached is a hijackthis log. Edit: I'm not allowed to upload that kind of file. So I copied and pasted it.

Thanks

Rider

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:48:53 PM, on 1/26/2014
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Chris\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/w...0"&"ver=9.0.894
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Scrybe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7547 bytes

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 31 January 2014 - 07:35 AM

Hi and welcome

What are you using for an antivirus?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tweaking.com Registry Backup

Tweaking.com Registry Backup

Download the tool found here to your Desktop so it is easy to find.
Double click on the file you just downloaded
to install it to your system.
Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
**Note** The tool should automatically open to the Backup Registry tab.
Press Backup Now
When the back up is complete, the tool will tell you that Successful */* Files Backed Up
You have now successfully backed up your Registry.

Once you have the tool downloaded there is a tab labeled Settings where you can set where the backups are saved at.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(use correct version for your system.....Which system am I using?)

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 jrider25

Authentic Member

Authentic Member
34 posts

Posted 31 January 2014 - 07:15 PM

Thanks for the help and reply! I am running AVG. The FRST.txt and Addition.txt are pasted below.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 01
Ran by Chris (administrator) on CHRIS-PC on 31-01-2014 20:10:48
Running from C:\Users\Chris\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) ===================

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\Tweaking.com\Registry Backup\files\vss_vista_32.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_pause.exe
(Farbar) C:\Users\Chris\Downloads\FRST(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-15] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/w...0"&"ver=9.0.894
HKU\S-1-5-21-3949422279-1762186532-4263439937-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3949422279-1762186532-4263439937-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {FA61A1BE-3425-4B89-81F0-4DD0F8D23423} URL = http://www.google.co...ge={startPage};
SearchScopes: HKCU - {FA61A1BE-3425-4B89-81F0-4DD0F8D23423} URL = http://www.google.co...ge={startPage};
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\bsgosoph.default
FF Homepage: yahoo.com
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: New Tab King - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\bsgosoph.default\Extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [2013-06-04]
FF Extension: Tab Scope - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\bsgosoph.default\Extensions\tabscope@xuldev.org.xpi [2011-07-03]
FF Extension: New Tab Homepage - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\bsgosoph.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2013-06-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [181784 2007-09-24] (WildTangent, Inc.)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 ScrybeUpdater; C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

==================== Drivers (Whitelisted) ====================

R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-01-25] (Malwarebytes Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Chris\AppData\Local\Temp\catchme.sys [x]
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SVRPEDRV; \??\C:\Windows\System32\sysprep\UP_date\PEDrv.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys FCB8C7210F0135E24C6580F7F649C73C
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 48EB99503533C27AC6135648E5474457
C:\Windows\System32\DRIVERS\AGRSM.sys CE91B158FA490CF4C4D487A4130F4660
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\system32\Drivers\Cdr4_xp.sys BF79E659C506674C0497CC9C61F1A165
C:\Windows\system32\Drivers\Cdralw2k.sys 2C41CD49D82D5FD85C72D57B6CA25471
C:\Windows\System32\DRIVERS\cdrom.sys 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys 465745561C832B29F7C48B488AAB3842
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys A3E9FA213F443AC77C7746119D13FEEC
C:\Windows\System32\drivers\disk.sys 64109E623ABD6955C8FB110B592E68B7
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys C68AC676B0EF30CFBB1080ADCE49EB1F
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys DD2CD259D83D8B72C02C5F2331FF9D68
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\System32\DRIVERS\EsgScanner.sys 01CE484FF6D70A39479BC6D619DE7ED6
C:\Windows\system32\Drivers\exfat.sys 0D858EB20589A34EFB25695ACAA6AA2D
C:\Windows\system32\Drivers\fastfat.sys 3C489390C2E2064563727752AF8EAB9E
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 05EA53AFE985443011E36DAB07343B46
C:\Windows\system32\Drivers\Fs_Rec.sys 65EA8B77B5851854F0C55C43FA51A198
C:\Windows\System32\DRIVERS\FwLnk.sys CBC22823628544735625B280665E434E
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\Drivers\GEARAspiWDM.sys 4AC51459805264AFFD5F6FDFB9D9235F
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys C87B1EE051C0464491C1A7B03FA0BC99
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys 854CA287AB7FAF949617A788306D967E
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\drivers\HTTP.sys 96E241624C71211A79C84F50A8E71CAB
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\DRIVERS\iaStor.sys E5A0034847537EAEE3C00349D5C34C5F
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\System32\DRIVERS\igdkmd32.sys 038815297078D236D8CC064C295A74C6
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 8A4341616976E47712B60F18C7049DCC
C:\Windows\System32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys F247EEC28317F6C739C16DE420097301
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\system32\drivers\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\system32\drivers\kr10i.sys E8CA038F51F7761BD6E3A3B0B8014263
C:\Windows\system32\drivers\kr10n.sys 6A4ADB9186DD0E114E623DAF57E42B31
C:\Windows\System32\Drivers\ksecdd.sys 7A0CF7908B6824D6A2A1D313E5AE3DCA
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\mbamswissarmy.sys 0DB7527DB188C7D967A37BB51BBF3963
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3DE84536B6799D2267443CEC8EDBB9
C:\Windows\System32\DRIVERS\mrxsmb.sys 5734A0F2BE7E495F7D3ED6EFD4B9F5A1
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6B5FA5ADFACAC9DBBE0991F4566D7D55
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C80D8159181C7ABF1B14BA703B01E0B
C:\Windows\System32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B5614AECB05A9340AA0FB55BF561CC63
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6DFD1D322DE55B0B7DB7D21B90BEC49C
C:\Windows\System32\DRIVERS\nwifi.sys 3C21CE48FF529BB73DADB98770B54025
C:\Windows\System32\drivers\ndis.sys 9BDC71790FA08F0A0B5F10462B1BD0B1
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 3D14C3B3496F88890D431E8AA022A411
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\System32\DRIVERS\NETw3v32.sys 35D5458D9A1B26B2005ABFFBF4C1C5E7
C:\Windows\System32\DRIVERS\NETw4v32.sys 6522DD40A5F67CED020BD81B856613FB
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ECB5003F484F9ED6C608D6D6C7886CBB
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys B4EFFE29EB4F15538FD8A9681108492D
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3B38467E7C3DAED009DFE359E17F139F
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 01B94418DEB235DFF777CC80076354B4
C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys BFEF604508A0ED1EAE2A73E872555FFB
C:\Windows\System32\Drivers\PxHelp20.sys 49452BFCEC22F36A7A9B9C2181BC3042
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 3E9D9B048107B40D87B97DF2E48E0744
C:\Windows\System32\DRIVERS\rassstp.sys A7D141684E9500AC928A772ED8E6B671
C:\Windows\System32\DRIVERS\rdbss.sys 6E1C5D0457622F9EE35F683110E93D14
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys E1C18F4097A5ABCEC941DC4B2F99DB7E
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\DRIVERS\Rtlh86.sys 8CCA591019216E9523E3CB385CE643E6
C:\Windows\System32\drivers\RTSTOR.SYS 01C64783DB1F40E1E3DF67DD36199B35
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 031E6BCD53C9B2B9ACE111EAFEC347B6
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 2252AEF839B1093D16761189F45AF885
C:\Windows\System32\DRIVERS\srv2.sys B7FF59408034119476B00A81BB53D5D1
C:\Windows\System32\DRIVERS\srvnet.sys 2ACCC9B12AF02030F531E6CCA6F8B76E
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 70534D1E4F9AC990536D5FB5B550B3DE
C:\Windows\System32\drivers\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\DRIVERS\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\drivers\tcpipreg.sys D4A2E4A4B011F3A883AF77315A5AE76B
C:\Windows\System32\DRIVERS\tdcmdpst.sys 1825BCEB47BF41C5A9F0E44DE82FC27A
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\System32\DRIVERS\termdd.sys A048056F5E1A96A9BF3071B91741A5AA
C:\Windows\System32\DRIVERS\tos_sps32.sys 1EA5F27C29405BF49799FECA77186DA9
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 6042505FF6FA9AC1EF7684D0E03B6940
C:\Windows\System32\DRIVERS\TVALZ_O.SYS 792A8B80F8188ABA4B2BE271583F3E46
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys 8B5088058FA1D1CD897A2113CCFF6C58
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys CEBE90821810E76320155BEBA722FCF9
C:\Windows\System32\DRIVERS\usbhub.sys CC6B28E4CE39951357963119CE47B143
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\USBSTOR.SYS 87BA6B83C5D19B69160968D07D6E2982
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys E67998E8F14CB0627A769F6530BCB352
C:\Windows\System32\Drivers\UVCFTR_S.SYS 8C5094A8AB24DE7496C7C19942F2DF04
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 98F5FFE6316BD74E9E2C97206C190196
C:\Windows\System32\drivers\volsnap.sys D8B4A53DD2769F226B3EB374374987C9
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys 0CEC23084B51B8288099EB710224E955
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WUDFRd.sys AC13CB789D93412106B0FB6C7EB2BCB6

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-31 20:09 - 2014-01-31 20:09 - 01136640 _____ (Farbar) C:\Users\Chris\Downloads\FRST(1).exe
2014-01-31 20:09 - 2014-01-31 20:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CHRIS-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-01-31 20:08 - 2014-01-31 20:08 - 00000000 ____D C:\RegBackup
2014-01-31 20:07 - 2014-01-31 20:07 - 00002027 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-01-31 20:07 - 2014-01-31 20:07 - 00000000 ____D C:\Program Files\Tweaking.com
2014-01-31 20:06 - 2014-01-31 20:06 - 03936992 _____ C:\Users\Chris\Downloads\tweaking.com_registry_backup_setup.exe
2014-01-26 14:48 - 2014-01-26 14:48 - 00007548 _____ C:\Users\Chris\Desktop\hijackthis.log
2014-01-26 14:26 - 2014-01-26 14:40 - 00007458 _____ C:\Users\Chris\Downloads\hijackthis.log
2014-01-25 14:38 - 2014-01-25 14:38 - 00002088 _____ C:\Users\Chris\Desktop\SpyHunter.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-01-25 14:38 - 2014-01-25 14:38 - 00000000 ____D C:\sh4ldr
2014-01-25 14:38 - 2014-01-25 14:38 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-25 14:36 - 2014-01-25 14:38 - 00000000 ____D C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-01-25 14:36 - 2014-01-25 14:36 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-25 14:34 - 2014-01-25 14:34 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer.exe
2014-01-25 14:17 - 2014-01-25 14:17 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-01-24 20:38 - 2014-01-24 20:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-24 20:38 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-24 20:36 - 2014-01-24 20:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-24 20:27 - 2014-01-24 20:27 - 00929928 _____ (CNET Download.com) C:\Users\Chris\Downloads\cbsidlm-cbsi171-AdwCleaner-SEO-75851221(1).exe
2014-01-24 19:52 - 2014-01-24 19:52 - 00000000 ____D C:\Users\Chris\AppData\Local\cache
2014-01-24 19:52 - 2014-01-24 19:52 - 00000000 ____D C:\Users\Chris\.android
2014-01-24 19:52 - 2014-01-24 19:52 - 00000000 _____ C:\Users\Chris\daemonprocess.txt
2014-01-24 19:51 - 2014-01-24 19:51 - 00000000 ____D C:\ProgramData\Lavasoft
2014-01-24 19:50 - 2014-01-24 19:50 - 00929928 _____ (CNET Download.com) C:\Users\Chris\Downloads\cbsidlm-cbsi171-AdwCleaner-SEO-75851221.exe
2014-01-24 19:48 - 2014-01-24 19:49 - 01727624 _____ C:\Users\Chris\Downloads\Adaware_Installer.exe
2014-01-24 19:38 - 2014-01-25 14:53 - 00000000 ____D C:\Users\Chris\Downloads\AdwCleaner_TSV12A8M4
2014-01-24 19:08 - 2014-01-24 19:08 - 00143080 _____ C:\Windows\Minidump\Mini012414-01.dmp
2014-01-13 12:23 - 2014-01-13 12:23 - 01236282 _____ C:\Users\Chris\Downloads\adwcleaner (2).exe

==================== One Month Modified Files and Folders =======

2014-01-31 20:11 - 2013-06-06 19:01 - 00028320 _____ C:\Users\Chris\Downloads\FRST.txt
2014-01-31 20:10 - 2013-06-06 19:00 - 00000000 ____D C:\FRST
2014-01-31 20:09 - 2014-01-31 20:09 - 01136640 _____ (Farbar) C:\Users\Chris\Downloads\FRST(1).exe
2014-01-31 20:09 - 2014-01-31 20:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CHRIS-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-01-31 20:08 - 2014-01-31 20:08 - 00000000 ____D C:\RegBackup
2014-01-31 20:07 - 2014-01-31 20:07 - 00002027 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-01-31 20:07 - 2014-01-31 20:07 - 00000000 ____D C:\Program Files\Tweaking.com
2014-01-31 20:06 - 2014-01-31 20:06 - 03936992 _____ C:\Users\Chris\Downloads\tweaking.com_registry_backup_setup.exe
2014-01-31 20:00 - 2008-04-16 01:00 - 02094681 _____ C:\Windows\WindowsUpdate.log
2014-01-31 18:21 - 2012-12-10 16:42 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 17:50 - 2013-05-25 13:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 16:48 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 16:48 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 14:48 - 2014-01-26 14:48 - 00007548 _____ C:\Users\Chris\Desktop\hijackthis.log
2014-01-26 14:40 - 2014-01-26 14:26 - 00007458 _____ C:\Users\Chris\Downloads\hijackthis.log
2014-01-25 23:01 - 2006-11-02 05:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 22:54 - 2012-12-10 16:42 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 22:54 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 22:53 - 2006-11-02 08:01 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-25 22:52 - 2013-11-07 14:11 - 00000000 ____D C:\AdwCleaner
2014-01-25 14:53 - 2014-01-24 19:38 - 00000000 ____D C:\Users\Chris\Downloads\AdwCleaner_TSV12A8M4
2014-01-25 14:38 - 2014-01-25 14:38 - 00002088 _____ C:\Users\Chris\Desktop\SpyHunter.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-01-25 14:38 - 2014-01-25 14:38 - 00000000 ____D C:\sh4ldr
2014-01-25 14:38 - 2014-01-25 14:38 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-25 14:38 - 2014-01-25 14:36 - 00000000 ____D C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-01-25 14:36 - 2014-01-25 14:36 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-25 14:34 - 2014-01-25 14:34 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer.exe
2014-01-25 14:17 - 2014-01-25 14:17 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-01-25 09:54 - 2008-12-04 18:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-25 08:03 - 2008-01-20 21:47 - 00089010 _____ C:\Windows\PFRO.log
2014-01-25 08:03 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\twain_32
2014-01-24 20:38 - 2014-01-24 20:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-24 20:36 - 2014-01-24 20:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-24 20:27 - 2014-01-24 20:27 - 00929928 _____ (CNET Download.com) C:\Users\Chris\Downloads\cbsidlm-cbsi171-AdwCleaner-SEO-75851221(1).exe
2014-01-24 19:52 - 2014-01-24 19:52 - 00000000 ____D C:\Users\Chris\AppData\Local\cache
2014-01-24 19:52 - 2014-01-24 19:52 - 00000000 ____D C:\Users\Chris\.android
2014-01-24 19:52 - 2014-01-24 19:52 - 00000000 _____ C:\Users\Chris\daemonprocess.txt
2014-01-24 19:52 - 2008-06-27 12:16 - 00000000 ____D C:\Users\Chris
2014-01-24 19:51 - 2014-01-24 19:51 - 00000000 ____D C:\ProgramData\Lavasoft
2014-01-24 19:50 - 2014-01-24 19:50 - 00929928 _____ (CNET Download.com) C:\Users\Chris\Downloads\cbsidlm-cbsi171-AdwCleaner-SEO-75851221.exe
2014-01-24 19:49 - 2014-01-24 19:48 - 01727624 _____ C:\Users\Chris\Downloads\Adaware_Installer.exe
2014-01-24 19:08 - 2014-01-24 19:08 - 00143080 _____ C:\Windows\Minidump\Mini012414-01.dmp
2014-01-24 19:08 - 2011-07-22 22:27 - 00000000 ____D C:\Windows\Minidump
2014-01-24 19:08 - 2011-07-22 22:26 - 236370279 _____ C:\Windows\MEMORY.DMP
2014-01-24 18:49 - 2008-07-17 21:30 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2014-01-24 18:48 - 2013-05-25 13:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-24 18:48 - 2011-05-15 10:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-17 09:04 - 2013-08-15 07:43 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 09:01 - 2006-11-02 05:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-13 12:23 - 2014-01-13 12:23 - 01236282 _____ C:\Users\Chris\Downloads\adwcleaner (2).exe
2014-01-04 10:13 - 2013-11-18 21:06 - 00000000 ____D C:\Users\Chris\Desktop\Ebay Info

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\SHSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-07-29 19:01] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {4208783e-da81-11dc-9f4f-00a0d1df2f0c}
displayorder            {current}
toolsdisplayorder       {572bcd56-ffa7-11d9-aae0-0007e994107d}
                        {memdiag}
timeout                 30
customactions           0x1000000720001
                        0x54000001
custom:54000001         {572bcd56-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4208783e-da81-11dc-9f4f-00a0d1df2f0c}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {572bcd56-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {4208783e-da81-11dc-9f4f-00a0d1df2f0c}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  unknown
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \boot.sdi

LastRegBack: 2014-01-25 23:01

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2014 01
Ran by Chris at 2014-01-31 20:11:17
Running from C:\Users\Chris\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Digital Editions (Version: - )
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635 - Adobe Systems, Inc.)
Camera Assistant Software for Toshiba (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
CD/DVD Drive Acoustic Silencer (Version: 2.02.01 - TOSHIBA)
DVD MovieFactory for TOSHIBA (Version: 5.51 - Ulead Systems, Inc.)
FileParade bundle uninstaller (Version: 1.0.0.0 - FileParade)
GearDrvs (Version: 1 - Symantec Corporation) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (Version: - )
Intel® PROSet/Wireless Software (Version: 11.5.0000 - Intel Corporation)
Intel® Matrix Storage Manager (Version: - )
Java™ 6 Update 3 (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Basic 2007 (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Basic 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Move Networks Media Player for Internet Explorer (HKCU Version: - )
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (Version: 1.2.0.10 - Symantec Corporation) Hidden
Picasa 3 (Version: 3.8 - Google, Inc.)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version: - Realtek Semiconductor Corp.)
SpyHunter (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (Version: 11.2.4.0 - Synaptics)
TOSHIBA Assist (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (Version: 7.1.27 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.0.1.1a - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (Version: 1.0.2.32 - TOSHIBA)
TOSHIBA Face Recognition (Version: 1.0.2.32 - TOSHIBA) Hidden
TOSHIBA Games (Version: 1.0.0.43 - WildTangent)
TOSHIBA Hardware Setup (Version: 2.00.06 - )
Toshiba Registration (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Software Upgrades (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (Version: - )
TOSHIBA Supervisor Password (Version: 2.00.03 - )
TOSHIBA Value Added Package (Version: 1.1.14 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.14 - TOSHIBA Corporation) Hidden
Tweaking.com - Registry Backup (Version: 1.6.9 - Tweaking.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Windows Media Encoder 9 Series (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden

==================== Restore Points =========================

21-12-2013 23:03:40 Scheduled Checkpoint
23-12-2013 21:49:18 Scheduled Checkpoint
24-12-2013 23:16:48 Windows Update
26-12-2013 22:47:53 Scheduled Checkpoint
27-12-2013 17:11:39 Windows Update
28-12-2013 14:41:28 Scheduled Checkpoint
29-12-2013 15:28:24 Scheduled Checkpoint
30-12-2013 13:44:40 Scheduled Checkpoint
31-12-2013 14:46:18 Windows Update
01-01-2014 14:21:06 Scheduled Checkpoint
03-01-2014 12:33:08 Windows Update
05-01-2014 00:28:36 Scheduled Checkpoint
05-01-2014 14:35:36 Scheduled Checkpoint
06-01-2014 15:14:07 Scheduled Checkpoint
07-01-2014 14:11:06 Windows Update
08-01-2014 15:38:10 Scheduled Checkpoint
10-01-2014 13:18:52 Windows Update
13-01-2014 17:53:56 Scheduled Checkpoint
14-01-2014 14:30:30 Windows Update
17-01-2014 02:48:47 Scheduled Checkpoint
17-01-2014 14:01:02 Windows Update
17-01-2014 22:09:53 Windows Update
18-01-2014 15:51:45 Scheduled Checkpoint
20-01-2014 18:37:41 Scheduled Checkpoint
21-01-2014 14:02:41 Windows Update
23-01-2014 17:11:57 Scheduled Checkpoint
24-01-2014 21:10:57 Windows Update
25-01-2014 01:13:09 Removed US Tech Support Framework
25-01-2014 19:36:38 Installed SpyHunter
28-01-2014 20:42:38 Windows Update
29-01-2014 19:06:00 Scheduled Checkpoint
31-01-2014 21:24:32 Scheduled Checkpoint
31-01-2014 22:32:00 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2013-06-09 20:33 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {33C692A1-BB9D-4302-A4FF-76C69D644780} - System32\Tasks\Microsoft\Windows\RestartManager\{02A8EEC9-61EF-4130-BD1C-4339D6B736E5} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {37E97BF7-964F-465A-98B1-2D3D02F636CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-10] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4B91E519-37ED-4424-8C98-7684415ED598} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-24] (Adobe Systems Incorporated)
Task: {684C4BEB-AA96-4A93-8398-407A3380541B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-10] (Google Inc.)
Task: {744562BA-E0B1-4D5F-BEC9-F04070B23DA3} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {BD5CCED9-4899-4A2F-BB3F-540941FA81E1} - System32\Tasks\Microsoft\Windows\RestartManager\{1541C7BE-9A3E-44b0-BD11-2180C50FF254} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-09-13 16:11 - 2007-09-13 16:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2007-12-14 23:28 - 2007-12-14 23:28 - 04726784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2007-12-14 23:40 - 2007-12-14 23:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-02-13 20:46 - 2006-10-10 14:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 14:03 - 2007-12-25 14:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 14:57 - 2006-10-07 14:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 19:55 - 2006-12-01 19:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2013-12-11 08:54 - 2013-12-11 08:54 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-01-24 18:48 - 2014-01-24 18:48 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #5
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #20
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2014 10:56:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2014 02:59:14 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BSGOSOPH.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (01/25/2014 02:59:14 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BSGOSOPH.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (01/25/2014 08:05:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2014 08:04:10 AM) (Source: Application Error) (User: )
Description: Faulting application WLANExt.exe, version 6.0.6001.18000, time stamp 0x47919073, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x0004308e,
process id 0x63c, application start time 0xWLANExt.exe0.

Error: (01/24/2014 08:33:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 08:32:31 PM) (Source: Application Error) (User: )
Description: Faulting application WLANExt.exe, version 6.0.6001.18000, time stamp 0x47919073, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x0004308e,
process id 0x628, application start time 0xWLANExt.exe0.

Error: (01/24/2014 07:57:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 07:44:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2014 07:11:13 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BSGOSOPH.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (11/08/2009 00:59:20 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:57:05 PM on 11/8/2009 was unexpected.

Error: (11/06/2009 02:00:11 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D92412BA-4E5F-4360-AD20-DB9BC9A64C06}.
The backup browser is stopping.

Error: (11/05/2009 07:59:27 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/05/2009 03:54:15 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D92412BA-4E5F-4360-AD20-DB9BC9A64C06}.
The backup browser is stopping.

Error: (11/02/2009 09:26:49 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D92412BA-4E5F-4360-AD20-DB9BC9A64C06}.
The backup browser is stopping.

Error: (11/01/2009 09:52:18 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/01/2009 00:02:27 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 001F3C5F73E8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (11/01/2009 00:01:24 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/01/2009 08:30:06 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D92412BA-4E5F-4360-AD20-DB9BC9A64C06}.
The backup browser is stopping.

Error: (10/31/2009 11:03:09 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 001F3C5F73E8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-01-31 20:10:58.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-31 20:10:58.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-31 20:10:58.725
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-31 20:10:58.598
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-31 20:10:58.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-31 20:10:58.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-31 20:10:58.096
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-31 20:10:57.923
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-26 14:41:00.345
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-26 14:41:00.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 3061.22 MB
Available physical RAM: 1638.09 MB
Total Pagefile: 6324.71 MB
Available Pagefile: 4741.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.3 MB

==================== Drives ================================

Drive b: (SQ004725V01) (RAMDisk) (Total:184.84 GB) (Free:126.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive c: (SQ004725V01) (Fixed) (Total:184.84 GB) (Free:126.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186 GB) (Disk ID: EB02F3DE)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=185 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#4 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 31 January 2014 - 08:17 PM

SpyHunter <== read the link below and make a decision rather or not to keep it.

http://www.bleepingc...e/#entry3269395

~~~~~~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => File Not Found
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\SHSetup.exe
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run FRST one more time:

Type the following in the edit box after "Search:".
rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

#5 jrider25

Authentic Member

Authentic Member
34 posts

Posted 01 February 2014 - 03:08 PM

Here are the two txt files from FRST. After running ComboFix, it found an issue with a file and repaired it successfully, however, I missed what file it was. ComboFix said it needed to restart, so I let it restart. Upon restart, it would not fully start and offered to Start Windows Normally or Repair Windows. After trying to Start Windows Normally twice, I had to use the Repair Windows function. It took about 15 minutes, but used a restore point to start and it finally did start to the desktop. I ran FRST a second time with the fixlist because I wasn't sure if everything I did was undone with the restore point. However, I did not run ComboFix again because I wasn't sure if I'd have the same issue with the restart. Please advise what to do next.

Thanks

Rider

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2014 03
Ran by Chris at 2014-02-01 15:54:34 Run:3
Running from C:\Users\Chris\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => File Not Found
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\SHSetup.exe
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
end
*****************

"C:\\PROGRA~1\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Users\Chris\AppData\Local\Temp\SHSetup.exe" => File/Directory not found.
"C:\ProgramData\TEMP" => ":A8ADE5D8" ADS not found.
"C:\ProgramData\TEMP" => ":DFC5A2B2" ADS not found.

==== End of Fixlog ====

Farbar Recovery Scan Tool (x86) Version: 01-02-2014 03
Ran by Chris at 2014-02-01 15:55:21
Running from C:\Users\Chris\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009-07-29 19:01] - [2009-03-02 23:32] - 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2009-07-29 19:01] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2009-07-29 19:01] - [2009-03-02 23:17] - 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5E

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009-07-29 19:01] - [2009-03-02 23:19] - 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CE

C:\Windows\System32\rpcss.dll
[2009-07-29 19:01] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2012-10-05 17:34] - [2009-04-11 01:28] - 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9

C:\Windows\erdnt\cache\rpcss.dll
[2013-06-09 20:36] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

=== End Of Search ===

Edited by jrider25, 01 February 2014 - 03:10 PM.

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 01 February 2014 - 04:06 PM

C:\Combofix\combofix.txt <-- can you check please, is this on your machine?, I would like to see what it was ComboFix found.

#7 jrider25

Authentic Member

Authentic Member
34 posts

Posted 01 February 2014 - 05:04 PM

I forgot to mention that I removed SpyHunter. Not worth the potential issues. The combofix.txt file you were requesting was not available, so I reran ComboFix and it repaired the ntfs.sys file. I figured it was nessessary to know what it fixed and worth taking time to do the Windows Repair at start up like I previously did . Surprisingly, after ComboFix repaired the ntfs.sys file and restarted, Windows actually did a full restart to the desktop. Here is the txt file from ComboFix.

ComboFix 14-02-01.01 - Chris 02/01/2014 17:39:19.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3061.1653 [GMT -5:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-01 to 2014-02-01 )))))))))))))))))))))))))))))))
.
.
2014-02-01 22:47 . 2014-02-01 22:47   --------   d-----w-   c:\users\Public\AppData\Local\temp
2014-02-01 22:47 . 2014-02-01 22:47   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-02-01 20:57 . 2013-12-04 02:57   7760024   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C0C4D22-BEE6-4D2D-AD1D-4C1E0FB356B9}\mpengine.dll
2014-02-01 20:22 . 2014-02-01 20:22   --------   d-----w-   C:\$RECYCLE(0).BIN
2014-02-01 01:24 . 2014-02-01 01:24   --------   d-----w-   C:\Desktop
2014-02-01 01:08 . 2014-02-01 01:08   --------   d-----w-   C:\RegBackup
2014-02-01 01:07 . 2014-02-01 01:07   --------   d-----w-   c:\program files\Tweaking.com
2014-01-25 19:38 . 2014-01-25 19:38   --------   d-----w-   c:\program files\Enigma Software Group
2014-01-25 01:38 . 2014-01-25 01:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-25 00:52 . 2014-01-25 00:52   --------   d-----w-   c:\users\Chris\.android
2014-01-25 00:52 . 2014-01-25 00:52   --------   d-----w-   c:\users\Chris\AppData\Local\cache
2014-01-25 00:51 . 2014-01-25 00:51   --------   d-----w-   c:\programdata\Lavasoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 14:59 . 2010-07-20 01:25   231584   ------w-   c:\windows\system32\MpSigStub.exe
2013-12-11 13:51 . 2013-05-25 18:17   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-12-11 13:51 . 2011-05-15 15:40   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-06 16:35 . 2013-11-06 16:35   650936   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...=90&ver=9.0.894" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3949422279-1762186532-4263439937-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-25 13:51]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-10 21:42]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-10 21:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com...rch/search.html
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\bsgosoph.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-01 17:49
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-02-01 17:55:31 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-01 22:54
ComboFix2.txt 2013-06-10 01:38
.
Pre-Run: 135,656,374,272 bytes free
Post-Run: 135,737,192,448 bytes free
.
- - End Of File - - 3060D1E634425A627EB466C10DE0CF2B
5B5E648D12FCADC244C1EC30318E1EB9

#8 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 01 February 2014 - 05:47 PM

ComboFix did a good job for us, found something I didn't see.

Let's do this next:

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll C:\Windows\System32\rpcss.dll
end

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please post these logs Fixit.txt and ESETSCAN , how is the computer doing now?

#9 jrider25

Authentic Member

Authentic Member
34 posts

Posted 01 February 2014 - 09:08 PM

Here are the fixlog and ESET files.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2014 03
Ran by Chris at 2014-02-01 19:04:34 Run:4
Running from C:\Users\Chris\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll C:\Windows\System32\rpcss.dll
end
*****************

Could not find C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll

==== End of Fixlog ====

C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Local\genienext\nengine.dll.vir   Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\newnext.me\nengine.dll.vir   Win32/NextLive.A application
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3c64c802-5abfd9ba   multiple threats
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\6442561d-286b3958   multiple threats
C:\Users\Chris\Downloads\Gorgeous_Fall_Foliage_in_the_Woods.exe   a variant of Win32/InstallIQ application
C:\Users\Chris\Downloads\Setup(1).exe   multiple threats
C:\Users\Chris\Downloads\Setup(2).exe   a variant of Win32/AdWare.iBryte.J.gen application
C:\Users\Chris\Downloads\Setup.exe   multiple threats
C:\Users\Chris\Downloads\ytbdownloader(1).exe   Win32/PayPerInstallBox.A application
C:\Users\Chris\Downloads\ytbdownloader(2).exe   Win32/PayPerInstallBox.A application
C:\Users\Chris\Downloads\ytbdownloader(3).exe   Win32/PayPerInstallBox.A application
C:\Users\Chris\Downloads\ytbdownloader(4).exe   Win32/PayPerInstallBox.A application
C:\Users\Chris\Downloads\ytbdownloader(5).exe   Win32/PayPerInstallBox.A application
C:\Users\Chris\Downloads\ytbdownloader.exe   Win32/PayPerInstallBox.A application

#10 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 02 February 2014 - 03:51 AM

AdwCleaner\Quarantine we remove shortly, now we will delete the others.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3c64c802-5abfd9ba
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\6442561d-286b3958
C:\Users\Chris\Downloads\Gorgeous_Fall_Foliage_in_the_Woods.exe
C:\Users\Chris\Downloads\Setup(1).exe
C:\Users\Chris\Downloads\Setup(2).exe
C:\Users\Chris\Downloads\Setup.exe
C:\Users\Chris\Downloads\ytbdownloader(1).exe
C:\Users\Chris\Downloads\ytbdownloader(2).exe
C:\Users\Chris\Downloads\ytbdownloader(3).exe
C:\Users\Chris\Downloads\ytbdownloader(4).exe
C:\Users\Chris\Downloads\ytbdownloader(5).exe
C:\Users\Chris\Downloads\ytbdownloader.exe
end

Please download Malwarebytes' Anti-Malware from Here. The Free version
Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please run this security check for my review.

Download Security Check by screen317 from here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

please post the following logs

Fixlog.txt
MBAM log
checkup.txt

Advertisements

Register to Remove

#11 jrider25

Authentic Member

Authentic Member
34 posts

Posted 02 February 2014 - 08:33 AM

Here are the requested logs...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2014 03
Ran by Chris at 2014-02-02 09:16:41 Run:5
Running from C:\Users\Chris\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3c64c802-5abfd9ba
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\6442561d-286b3958
C:\Users\Chris\Downloads\Gorgeous_Fall_Foliage_in_the_Woods.exe
C:\Users\Chris\Downloads\Setup(1).exe
C:\Users\Chris\Downloads\Setup(2).exe
C:\Users\Chris\Downloads\Setup.exe
C:\Users\Chris\Downloads\ytbdownloader(1).exe
C:\Users\Chris\Downloads\ytbdownloader(2).exe
C:\Users\Chris\Downloads\ytbdownloader(3).exe
C:\Users\Chris\Downloads\ytbdownloader(4).exe
C:\Users\Chris\Downloads\ytbdownloader(5).exe
C:\Users\Chris\Downloads\ytbdownloader.exe
end
*****************

C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3c64c802-5abfd9ba => Moved successfully.
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\6442561d-286b3958 => Moved successfully.
C:\Users\Chris\Downloads\Gorgeous_Fall_Foliage_in_the_Woods.exe => Moved successfully.
C:\Users\Chris\Downloads\Setup(1).exe => Moved successfully.
C:\Users\Chris\Downloads\Setup(2).exe => Moved successfully.
C:\Users\Chris\Downloads\Setup.exe => Moved successfully.
C:\Users\Chris\Downloads\ytbdownloader(1).exe => Moved successfully.
C:\Users\Chris\Downloads\ytbdownloader(2).exe => Moved successfully.
C:\Users\Chris\Downloads\ytbdownloader(3).exe => Moved successfully.
C:\Users\Chris\Downloads\ytbdownloader(4).exe => Moved successfully.
C:\Users\Chris\Downloads\ytbdownloader(5).exe => Moved successfully.
C:\Users\Chris\Downloads\ytbdownloader.exe => Moved successfully.

==== End of Fixlog ====

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.02.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Chris :: CHRIS-PC [administrator]

2/2/2014 9:21:09 AM
mbam-log-2014-02-02 (09-21-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204214
Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Results of screen317's Security Check version 0.99.79
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 3
Java version out of Date!
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#12 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 02 February 2014 - 09:46 AM

good deal

Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html

I would uncheck the offer for free McAfee security scan

After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here
. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

I also recommend you download the latest version of the Java Runtime Environment from here, and JavaRa

Next

Right click the JavaRa.zip and select Extract All
Once extracted, open and run JavaRa.exe
When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
Exit the tool when complete.

Restart the computer then install the new Java package.

~~~~~~~~~~~~~~~~~~~~~~~
How's your computer at the moment?

#13 jrider25

Authentic Member

Authentic Member
34 posts

Posted 02 February 2014 - 10:42 AM

I was able to do all updates and everything else you sugegsted in the above message. So far so good, but I have been limiting my internet usage while we've been doing all this work. I didn't want to make things worse while you were trying to help me. But every time you had me go out to an external website, I had no issues what so ever. Is there anything else you need me to do or look at?

Jeff

#14 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 02 February 2014 - 11:16 AM

I was able to do all updates and everything else you sugegsted in the above message. So far so good, but I have been limiting my internet usage while we've been doing all this work. I didn't want to make things worse while you were trying to help me. But every time you had me go out to an external website, I had no issues what so ever. Is there anything else you need me to do or look at?
Jeff

Not really. What we can do from here is remove tools and quarantine folders. I think if you still had infection on the computer you would know it.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

start
DeleteQuarantine:
end

~~~~~~~~~~~~~~~~~~~~~~~`

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

Go to Start > Run > copy and paste the full text path in the run box

ComboFix /Uninstall

Note the space between the x and the /U, it needs to be there.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

Download OTC by OldTimer and save it to your desktop.
Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.
~~~~~~~~~~~~~~~~~~~~~~~~`

any remaining tools and folders used can be deleted.

*****

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremova...=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus
- AdblockPlus, Surf the web without annoying ads!
- Blocks banners, pop-ups and video ads - even on Facebook and YouTube
- Protects your online privacy
- Two-click installation, It's free!
- click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
- Green should be good to go
- Yellow for caution
- Red to stop
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  How to prevent Malware: Created by Miekiemoes
  
  WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
  See this article (http://www.forbes.co...o-disable-java/
  and this article (http://www.nbcnews.c...alate-1B7938755
  
  I would recommend that you completely uninstall Java unless you need it to run an important software.
  In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo...ur-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
  
  Avoid P2P
  
  P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
  
  Please read these short reports on the dangers of peer-2-peer programs and file sharing.
  - FBI Cyber Education Letter
    File sharing infects 500,000 computers
    USAToday
    infoworld
  *********************************************
  
  Free Antivirus-AntiSpyware-Firewall Software
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

#15 jrider25

Authentic Member

Authentic Member
34 posts

Posted 02 February 2014 - 11:46 AM

Wow! Thank you so much for your help! Looks like things are cleaned up with no redirects. Is there a free antivirus software that you suggest personally? I saw the link at geekstogo.com that you posted, but I wasn't sure if they are a supporter of the site and whatthetech suggests them, or if that is one that you think is good.

Thanks again,

Jeff

Body Background

skin color theme