WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Email Worm

Started by nikos5 , Jan 29 2014 08:52 PM

This topic is locked

18 replies to this topic

#1 nikos5

New Member

Authentic Member
8 posts

Posted 29 January 2014 - 08:52 PM

I was told that I had sent a "worm" in a video email attachment. They said it cost $300 to fix and the IT said it was from my email.

The only thing I had noticed was Hijackthis was not producing a log. I ran combofix and eset and that problem seems to be fixed. I use Norton as my antivirus, and I ran Malwarebytes as well.

How do I know if I have a so called "worm"?

Thanks

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:36 PM, on 1/29/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--
End of file - 8802 bytes

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 01 February 2014 - 10:45 AM

Hi and welcome

You said you ran ComboFix, I'd like to see the report it made.
c:\Combofix\combofix.txt <-- is it here?

Did you save the Eset log?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(use correct version for your system.....Which system am I using?)

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 nikos5

New Member

Authentic Member
8 posts

Posted 02 February 2014 - 01:33 AM

Thank you so much.

Here is the combofix log:

ComboFix 14-01-29.01 - Ryan 01/29/2014   2:10.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2815.1282 [GMT -5:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-29 )))))))))))))))))))))))))))))))
.
.
2014-01-29 07:19 . 2014-01-29 07:19   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-01-29 06:40 . 2014-01-29 06:40   96856   ----a-w-   c:\windows\system32\drivers\SMR410.SYS
2014-01-29 06:40 . 2014-01-29 06:52   --------   d-----w-   c:\users\Ryan\AppData\Local\NPE
2014-01-17 22:16 . 2014-01-17 22:16   --------   d-----w-   c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-15 04:54 . 2013-11-27 01:41   343040   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2014-01-15 04:54 . 2013-11-27 01:41   99840   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2014-01-15 04:54 . 2013-11-27 01:41   53248   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2014-01-15 04:54 . 2013-11-27 01:41   325120   ----a-w-   c:\windows\system32\drivers\usbport.sys
2014-01-15 04:54 . 2013-11-27 01:41   25600   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2014-01-15 04:54 . 2013-11-27 01:41   30720   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2014-01-15 04:54 . 2013-11-27 01:41   7808   ----a-w-   c:\windows\system32\drivers\usbd.sys
2014-01-15 04:54 . 2013-11-26 11:40   376768   ----a-w-   c:\windows\system32\drivers\netio.sys
2014-01-15 04:54 . 2013-11-26 10:32   3156480   ----a-w-   c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 08:00 . 2012-08-12 19:09   86054176   ----a-w-   c:\windows\system32\MRT.exe
2013-12-11 02:49 . 2012-08-08 01:59   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 02:49 . 2012-08-08 01:59   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 02:49 . 2013-12-11 02:49   9293192   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-12-03 08:03 . 2013-12-03 08:03   940032   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 08:03 . 2013-12-03 08:03   194048   ----a-w-   c:\windows\SysWow64\elshyph.dll
2013-12-03 08:03 . 2013-12-03 08:03   71680   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 08:03 . 2013-12-03 08:03   645120   ----a-w-   c:\windows\SysWow64\jsIntl.dll
2013-12-03 08:03 . 2013-12-03 08:03   62464   ----a-w-   c:\windows\SysWow64\tdc.ocx
2013-12-03 08:03 . 2013-12-03 08:03   34816   ----a-w-   c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 08:03 . 2013-12-03 08:03   337408   ----a-w-   c:\windows\SysWow64\html.iec
2013-12-03 08:03 . 2013-12-03 08:03   24576   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2013-12-03 08:03 . 2013-12-03 08:03   235008   ----a-w-   c:\windows\system32\elshyph.dll
2013-12-03 08:03 . 2013-12-03 08:03   182272   ----a-w-   c:\windows\SysWow64\msls31.dll
2013-12-03 08:03 . 2013-12-03 08:03   942592   ----a-w-   c:\windows\system32\jsIntl.dll
2013-12-03 08:03 . 2013-12-03 08:03   86016   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2013-12-03 08:03 . 2013-12-03 08:03   86016   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 08:03 . 2013-12-03 08:03   74240   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 08:03 . 2013-12-03 08:03   61952   ----a-w-   c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 08:03 . 2013-12-03 08:03   61952   ----a-w-   c:\windows\SysWow64\iesetup.dll
2013-12-03 08:03 . 2013-12-03 08:03   51200   ----a-w-   c:\windows\SysWow64\ieetwproxystub.dll
2013-12-03 08:03 . 2013-12-03 08:03   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2013-12-03 08:03 . 2013-12-03 08:03   454656   ----a-w-   c:\windows\SysWow64\vbscript.dll
2013-12-03 08:03 . 2013-12-03 08:03   36352   ----a-w-   c:\windows\SysWow64\imgutil.dll
2013-12-03 08:03 . 2013-12-03 08:03   247808   ----a-w-   c:\windows\system32\msls31.dll
2013-12-03 08:03 . 2013-12-03 08:03   151552   ----a-w-   c:\windows\SysWow64\iexpress.exe
2013-12-03 08:03 . 2013-12-03 08:03   139264   ----a-w-   c:\windows\SysWow64\wextract.exe
2013-12-03 08:03 . 2013-12-03 08:03   13312   ----a-w-   c:\windows\SysWow64\mshta.exe
2013-12-03 08:03 . 2013-12-03 08:03   112128   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2013-12-03 08:03 . 2013-12-03 08:03   111616   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 08:03 . 2013-12-03 08:03   1051136   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 08:03 . 2013-12-03 08:03   90112   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 08:03 . 2013-12-03 08:03   84992   ----a-w-   c:\windows\system32\mshtmled.dll
2013-12-03 08:03 . 2013-12-03 08:03   81408   ----a-w-   c:\windows\system32\icardie.dll
2013-12-03 08:03 . 2013-12-03 08:03   77312   ----a-w-   c:\windows\system32\tdc.ocx
2013-12-03 08:03 . 2013-12-03 08:03   626176   ----a-w-   c:\windows\system32\msfeeds.dll
2013-12-03 08:03 . 2013-12-03 08:03   616104   ----a-w-   c:\windows\system32\ieapfltr.dat
2013-12-03 08:03 . 2013-12-03 08:03   52224   ----a-w-   c:\windows\system32\msfeedsbs.dll
2013-12-03 08:03 . 2013-12-03 08:03   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2013-12-03 08:03 . 2013-12-03 08:03   453120   ----a-w-   c:\windows\system32\dxtmsft.dll
2013-12-03 08:03 . 2013-12-03 08:03   413696   ----a-w-   c:\windows\system32\html.iec
2013-12-03 08:03 . 2013-12-03 08:03   40448   ----a-w-   c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 08:03 . 2013-12-03 08:03   30208   ----a-w-   c:\windows\system32\licmgr10.dll
2013-12-03 08:03 . 2013-12-03 08:03   296960   ----a-w-   c:\windows\system32\dxtrans.dll
2013-12-03 08:03 . 2013-12-03 08:03   263376   ----a-w-   c:\windows\system32\iedkcs32.dll
2013-12-03 08:03 . 2013-12-03 08:03   243200   ----a-w-   c:\windows\system32\webcheck.dll
2013-12-03 08:03 . 2013-12-03 08:03   235520   ----a-w-   c:\windows\system32\url.dll
2013-12-03 08:03 . 2013-12-03 08:03   195584   ----a-w-   c:\windows\system32\msrating.dll
2013-12-03 08:03 . 2013-12-03 08:03   167424   ----a-w-   c:\windows\system32\iexpress.exe
2013-12-03 08:03 . 2013-12-03 08:03   143872   ----a-w-   c:\windows\system32\wextract.exe
2013-12-03 08:03 . 2013-12-03 08:03   13312   ----a-w-   c:\windows\system32\msfeedssync.exe
2013-12-03 08:03 . 2013-12-03 08:03   131072   ----a-w-   c:\windows\system32\IEAdvpack.dll
2013-12-03 08:03 . 2013-12-03 08:03   1228800   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2013-12-03 08:03 . 2013-12-03 08:03   105984   ----a-w-   c:\windows\system32\iesysprep.dll
2013-12-03 08:03 . 2013-12-03 08:03   101376   ----a-w-   c:\windows\system32\inseng.dll
2013-12-03 08:03 . 2013-12-03 08:03   83968   ----a-w-   c:\windows\system32\MshtmlDac.dll
2013-12-03 08:03 . 2013-12-03 08:03   774144   ----a-w-   c:\windows\system32\jscript.dll
2013-12-03 08:03 . 2013-12-03 08:03   62464   ----a-w-   c:\windows\system32\pngfilt.dll
2013-12-03 08:03 . 2013-12-03 08:03   548352   ----a-w-   c:\windows\system32\vbscript.dll
2013-12-03 08:03 . 2013-12-03 08:03   48128   ----a-w-   c:\windows\system32\imgutil.dll
2013-12-03 08:03 . 2013-12-03 08:03   147968   ----a-w-   c:\windows\system32\occache.dll
2013-12-03 08:03 . 2013-12-03 08:03   13824   ----a-w-   c:\windows\system32\mshta.exe
2013-12-03 08:03 . 2013-12-03 08:03   135680   ----a-w-   c:\windows\system32\iepeers.dll
2013-11-26 11:54 . 2013-12-12 08:01   23183360   ----a-w-   c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 08:01   2724864   ----a-w-   c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 08:01   4096   ----a-w-   c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 08:01   66048   ----a-w-   c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 08:01   48640   ----a-w-   c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 08:01   2764288   ----a-w-   c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 08:01   53760   ----a-w-   c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 08:01   33792   ----a-w-   c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 08:01   2724864   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 08:01   574976   ----a-w-   c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 08:01   139264   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 08:01   111616   ----a-w-   c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 08:01   708608   ----a-w-   c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 08:01   218624   ----a-w-   c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 08:01   5769216   ----a-w-   c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 08:01   553472   ----a-w-   c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 08:01   4243968   ----a-w-   c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 08:01   1995264   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 08:01   12996608   ----a-w-   c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 08:01   1928192   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 08:01   2334208   ----a-w-   c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 08:01   1395200   ----a-w-   c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 08:01   817664   ----a-w-   c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 08:01   1820160   ----a-w-   c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 00:29   417792   ----a-w-   c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 00:29   465920   ----a-w-   c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 00:29   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 00:29   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys;c:\windows\SYSNATIVE\drivers\OxPPort.sys [x]
R3 OxSer;OxSer;c:\windows\system32\drivers\OxSer.sys;c:\windows\SYSNATIVE\drivers\OxSer.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S0 SMR410;Symantec SMR Utility Service 4.1.0;c:\windows\System32\drivers\SMR410.SYS;c:\windows\SYSNATIVE\drivers\SMR410.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140121.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140128.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140128.001\IDSvia64.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 02:49]
.
2014-01-25 c:\windows\Tasks\HPCeeScheduleForRyan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-15 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.2.226
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\bt1wl78f.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-29 02:33:42
ComboFix-quarantined-files.txt 2014-01-29 07:33
.
Pre-Run: 416,074,158,080 bytes free
Post-Run: 416,440,455,168 bytes free
.
- - End Of File - - 2DF9AE057CDDF2FA684F023F2142B1A1
3045DB5A22C10AFE2F848799264F166D

___________________________________________________

Here is the FRST.text

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Ryan (administrator) on RYAN-HP on 02-02-2014 02:27:42
Running from C:\Users\Ryan\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Xobni Corporation) C:\Program Files (x86)\Xobni\XobniService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [HP KEYBOARDx] - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CMDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=CMDTDF
SearchScopes: HKLM - {E6ED69E8-F249-4463-9A59-89C6D9FCF0A2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=CMDTDF
SearchScopes: HKLM-x32 - {E6ED69E8-F249-4463-9A59-89C6D9FCF0A2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CMDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=CMDTDF
SearchScopes: HKCU - {E6ED69E8-F249-4463-9A59-89C6D9FCF0A2} URL = http://www.amazon.co...s={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\bt1wl78f.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2014-01-31]

==================== Services (Whitelisted) =================

R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-03-04] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-03-04] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
R2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [56040 2011-02-22] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140131.001\IDSvia64.sys [521944 2014-01-18] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140201.002\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140201.002\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [98304 2008-07-31] (OEM)
S3 OxSer; C:\Windows\system32\drivers\OxSer.sys [98352 2009-09-16] (OEM)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-02 02:27 - 2014-02-02 02:28 - 00012769 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-02-02 02:27 - 2014-02-02 02:27 - 00000000 ____D () C:\FRST
2014-02-02 02:25 - 2014-02-02 02:25 - 02080256 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-01-31 14:13 - 2014-01-31 14:13 - 00000085 _____ () C:\Windows\wininit.ini
2014-01-31 14:13 - 2014-01-31 14:13 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-01-30 23:59 - 2014-01-30 23:59 - 00000000 ____D () C:\Users\Ryan\Documents\ProcAlyzer Dumps
2014-01-30 23:50 - 2014-01-31 14:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-30 23:50 - 2014-01-31 14:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-30 23:14 - 2014-01-30 23:17 - 62839880 _____ (Safer-Networking Ltd. ) C:\Users\Ryan\Desktop\spybot-2.3-beta1.exe
2014-01-29 17:11 - 2014-01-29 17:11 - 02347384 _____ (ESET) C:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe
2014-01-29 17:11 - 2014-01-29 17:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-29 16:56 - 2014-01-29 16:56 - 00448512 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\TFC.exe
2014-01-29 13:32 - 2014-01-29 13:33 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup.exe
2014-01-29 02:33 - 2014-01-29 02:33 - 00025005 _____ () C:\ComboFix.txt
2014-01-29 02:07 - 2014-01-29 21:38 - 00000000 ____D () C:\Windows\erdnt
2014-01-29 01:40 - 2014-01-29 01:52 - 00000000 ____D () C:\Users\Ryan\AppData\Local\NPE
2014-01-29 01:40 - 2014-01-29 01:40 - 03053496 ____N (Symantec Corporation) C:\Users\Ryan\Downloads\NPE.exe
2014-01-20 05:10 - 2014-01-20 05:12 - 06419701 _____ () C:\Users\Ryan\Desktop\2.mp4
2014-01-20 05:05 - 2014-01-20 05:08 - 05685570 _____ () C:\Users\Ryan\Desktop\1.mp4
2014-01-20 02:16 - 2014-01-20 02:17 - 02197579 _____ () C:\Users\Ryan\Desktop\phole.mp4
2014-01-19 19:10 - 2014-01-19 19:12 - 05462681 _____ () C:\Users\Ryan\Desktop\nipps.mp4
2014-01-17 17:24 - 2014-01-17 17:24 - 00002219 _____ () C:\Users\Ryan\Desktop\HP Support Assistant.lnk
2014-01-17 17:16 - 2014-01-17 17:16 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-14 23:54 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 23:54 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 23:54 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 23:54 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 23:54 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 23:54 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 23:54 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 23:54 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 23:54 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 13:48 - 2014-01-07 13:48 - 00000000 ____D () C:\Users\Ryan\Documents\Lease
2014-01-07 13:26 - 2014-01-07 13:26 - 00836832 _____ () C:\Users\Ryan\Desktop\lease.jpeg

==================== One Month Modified Files and Folders =======

2014-02-02 02:28 - 2014-02-02 02:27 - 00012769 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-02-02 02:27 - 2014-02-02 02:27 - 00000000 ____D () C:\FRST
2014-02-02 02:25 - 2014-02-02 02:25 - 02080256 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-02-02 01:49 - 2012-08-07 20:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 01:40 - 2012-08-07 18:40 - 01354286 _____ () C:\Windows\WindowsUpdate.log
2014-01-31 19:58 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 19:58 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 19:51 - 2013-07-04 13:25 - 00005814 _____ () C:\Windows\setupact.log
2014-01-31 19:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-31 14:15 - 2014-01-30 23:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-31 14:15 - 2010-11-20 22:47 - 00081776 _____ () C:\Windows\PFRO.log
2014-01-31 14:15 - 2009-07-13 23:45 - 00277464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-31 14:13 - 2014-01-31 14:13 - 00000085 _____ () C:\Windows\wininit.ini
2014-01-31 14:13 - 2014-01-31 14:13 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-01-31 14:13 - 2014-01-30 23:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-30 23:59 - 2014-01-30 23:59 - 00000000 ____D () C:\Users\Ryan\Documents\ProcAlyzer Dumps
2014-01-30 23:17 - 2014-01-30 23:14 - 62839880 _____ (Safer-Networking Ltd. ) C:\Users\Ryan\Desktop\spybot-2.3-beta1.exe
2014-01-29 21:42 - 2012-08-10 08:38 - 00058016 _____ () C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-29 21:38 - 2014-01-29 02:07 - 00000000 ____D () C:\Windows\erdnt
2014-01-29 17:25 - 2013-01-24 13:52 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRyan
2014-01-29 17:25 - 2013-01-24 13:52 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForRyan.job
2014-01-29 17:11 - 2014-01-29 17:11 - 02347384 _____ (ESET) C:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe
2014-01-29 17:11 - 2014-01-29 17:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-29 16:56 - 2014-01-29 16:56 - 00448512 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\TFC.exe
2014-01-29 13:35 - 2012-10-07 01:14 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-29 13:35 - 2012-10-07 01:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 13:33 - 2014-01-29 13:32 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup.exe
2014-01-29 02:34 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-01-29 02:33 - 2014-01-29 02:33 - 00025005 _____ () C:\ComboFix.txt
2014-01-29 02:20 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-01-29 01:52 - 2014-01-29 01:40 - 00000000 ____D () C:\Users\Ryan\AppData\Local\NPE
2014-01-29 01:48 - 2009-07-14 00:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-29 01:41 - 2012-08-09 13:26 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\SoftGrid Client
2014-01-29 01:40 - 2014-01-29 01:40 - 03053496 ____N (Symantec Corporation) C:\Users\Ryan\Downloads\NPE.exe
2014-01-29 01:40 - 2012-03-29 01:29 - 00000000 ____D () C:\ProgramData\Norton
2014-01-29 01:34 - 2012-08-07 20:38 - 00000000 ___RD () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-29 01:33 - 2012-08-10 02:49 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\vlc
2014-01-26 04:23 - 2012-03-29 01:15 - 00000000 ____D () C:\ProgramData\PDFC
2014-01-23 13:55 - 2013-01-31 13:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-23 13:55 - 2012-08-16 23:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-01-23 03:56 - 2013-10-13 15:59 - 00000000 ____D () C:\Users\Ryan\Desktop\Originals
2014-01-23 03:56 - 2012-10-02 11:20 - 00050176 ____H () C:\Users\Ryan\Desktop\photothumb.db
2014-01-23 03:42 - 2012-12-09 03:04 - 00000000 ____D () C:\Users\Ryan\Desktop\New folder
2014-01-20 05:12 - 2014-01-20 05:10 - 06419701 _____ () C:\Users\Ryan\Desktop\2.mp4
2014-01-20 05:08 - 2014-01-20 05:05 - 05685570 _____ () C:\Users\Ryan\Desktop\1.mp4
2014-01-20 04:51 - 2012-09-15 17:49 - 00018944 _____ () C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-20 02:17 - 2014-01-20 02:16 - 02197579 _____ () C:\Users\Ryan\Desktop\phole.mp4
2014-01-19 19:12 - 2014-01-19 19:10 - 05462681 _____ () C:\Users\Ryan\Desktop\nipps.mp4
2014-01-19 19:07 - 2012-09-15 12:50 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Windows Live
2014-01-18 09:21 - 2012-11-04 18:45 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-01-17 17:24 - 2014-01-17 17:24 - 00002219 _____ () C:\Users\Ryan\Desktop\HP Support Assistant.lnk
2014-01-17 17:24 - 2012-03-29 01:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-17 17:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-01-17 17:19 - 2012-03-29 01:13 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-01-17 17:18 - 2012-03-29 01:04 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-17 17:16 - 2014-01-17 17:16 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-17 17:15 - 2012-03-29 01:04 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-17 17:14 - 2011-02-10 17:39 - 00000000 ____D () C:\swsetup
2014-01-15 03:02 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 03:00 - 2012-08-12 14:09 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-11 00:16 - 2013-12-30 21:48 - 00000000 ____D () C:\Users\Ryan\Desktop\Pics
2014-01-11 00:15 - 2013-12-30 21:44 - 00000000 ____D () C:\Users\Ryan\Desktop\Vids
2014-01-07 13:48 - 2014-01-07 13:48 - 00000000 ____D () C:\Users\Ryan\Documents\Lease
2014-01-07 13:26 - 2014-01-07 13:26 - 00836832 _____ () C:\Users\Ryan\Desktop\lease.jpeg
2014-01-06 02:35 - 2012-08-10 21:31 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-29 03:28

==================== End Of Log ============================

And Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Ryan at 2014-02-02 02:28:46
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon MG2100 series MP Drivers (Version: - )
Canon MG2100 series User Registration (x32 Version: - )
Canon MP250 series MP Drivers (Version: - )
Canon My Printer (x32 Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (x32 Version: - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connect Solutions (x32 Version: 1.0.0.4 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Desktop Keyboard (x32 Version: 1.0.0.13 - Hewlett-Packard)
HP Games (x32 Version: 1.0.2.4 - WildTangent)
HP MAINSTREAM KEYBOARD (x32 Version: 1.4.3.0 - Hewlett-Packard)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.14.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.14.0 - Hewlett-Packard) Hidden
HP Setup (x32 Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Setup Manager (x32 Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (x32 Version: 10.1.1000 - Hewlett-Packard)
HP Vision Hardware Diagnostics (Version: 2.5.0.0 - Hewlett-Packard)
Logitech Webcam Software (x32 Version: 2.51 - Logitech Inc.)
Logitech Webcam Software Driver Package (Version: 12.10.1110 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (x32 Version: 1.0.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR WNA1100 N150 Wireless USB Adapter (x32 Version: 1.0.0.133 - NETGEAR)
Norton Internet Security (x32 Version: 18.7.2.3 - Symantec Corporation)
NVIDIA Display Control Panel (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (x32 Version: 1.00.7330.0 - NVIDIA Corporation)
PDF Complete Special Edition (x32 Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoScape (x32 Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (x32 Version: 5.10.1217.0 - NewspaperDirect Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Skype™ 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.3 (x32 Version: 2.0.3 - VideoLAN)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0 - Microsoft Corporation)
Xobni (x32 Version: 1.9.4.13197 - Xobni Corp.)
Yahoo! Messenger (x32 Version: - Yahoo! Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

30-01-2014 02:38:14 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {06446ABE-5640-445C-8CA0-CDF3F4247CCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {41700764-B937-4A85-BB6F-845EF1A2A3C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {4DA033A9-EA7D-44E3-95AE-F0252A3405FF} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {5582CC89-337A-4208-9199-5DE0DD28B971} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {6B1119D2-25A2-45FC-95D1-A1C6EAB6ADCA} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {6FCA4350-D0AF-4AF7-8CC1-364CFC33ECD5} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {7477747F-7048-4FF4-B739-4059FC606630} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {757B2CA6-9C08-48FF-AD7E-A3337DE0711B} - System32\Tasks\HPCeeScheduleForRyan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {CC012FF6-6D6D-43E9-A258-0EE09D47DFFD} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {CE395573-165D-4994-AC9B-CBA4F316DEA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-05-07 17:35 - 2010-05-07 17:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 17:35 - 2010-05-07 17:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 17:36 - 2010-05-07 17:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-12-19 22:40 - 2013-12-19 22:40 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Ryan\Desktop\lease.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ryan\Desktop\lease.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2014 00:30:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/01/2014 00:30:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/31/2014 07:53:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 02:16:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 01:06:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/31/2014 01:06:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/30/2014 03:22:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/30/2014 03:22:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/29/2014 09:39:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/29/2014 03:28:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (01/29/2014 02:20:17 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/29/2014 02:13:21 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/29/2014 01:43:48 AM) (Source: Service Control Manager) (User: )
Description: The XobniService service failed to start due to the following error:
%%1053

Error: (01/29/2014 01:43:48 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the XobniService service to connect.

Error: (01/17/2014 05:16:32 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (01/17/2014 05:16:32 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (01/17/2014 05:14:57 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/01/2014 03:16:37 AM) (Source: Service Control Manager) (User: )
Description: The Windows Time service terminated with the following error:
%%1115

Error: (12/25/2013 06:21:51 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:45:26 PM on ‎12/‎24/‎2013 was unexpected.

Error: (12/03/2013 03:22:36 AM) (Source: Service Control Manager) (User: )
Description: The Windows Time service terminated with the following error:
%%1115

Microsoft Office Sessions:
=========================
Error: (02/01/2014 00:30:42 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/01/2014 00:30:42 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/31/2014 07:53:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 02:16:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 01:06:07 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/31/2014 01:06:06 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/30/2014 03:22:15 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/30/2014 03:22:14 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/29/2014 09:39:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe

Error: (01/29/2014 03:28:20 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 2815.3 MB
Available physical RAM: 1491.25 MB
Total Pagefile: 5628.79 MB
Available Pagefile: 4015.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:454.8 GB) (Free:394.97 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:10.86 GB) (Free:1.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: CB959B24)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================

I can't find the ESET log offhand but will do it again if you want. It didn't find anything though.

Thanks again

#4 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 02 February 2014 - 04:11 AM

I can't find the ESET log offhand but will do it again if you want. It didn't find anything though.

Thats good.

Just not finding much here. Do you still have the email in question on your computer?, If so, delete it.

~~~~~~~~~~~~~~~~~~~~~~~``
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CMDTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CMDTDF
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\bt1wl78f.default
AlternateDataStreams: C:\Users\Ryan\Desktop\lease.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ryan\Desktop\lease.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please post:
Fixlog.txt
MBAM log

#5 nikos5

New Member

Authentic Member
8 posts

Posted 02 February 2014 - 04:22 AM

Here is the Fixlog. I will post MBAM when it finishes.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Ryan at 2014-02-02 05:20:11 Run:1
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CMDTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=CMDTDF
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\bt1wl78f.default
AlternateDataStreams: C:\Users\Ryan\Desktop\lease.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ryan\Desktop\lease.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
=> Should not be moved.
"C:\Users\Ryan\Desktop\lease.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Ryan\Desktop\lease.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

==== End of Fixlog ====

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 02 February 2014 - 04:26 AM

:thumbup:

#7 nikos5

New Member

Authentic Member
8 posts

Posted 02 February 2014 - 01:38 PM

And here is the MBAM log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ryan :: RYAN-HP [administrator]

2/2/2014 2:26:43 PM
mbam-log-2014-02-02 (14-26-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212921
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 02 February 2014 - 01:45 PM

Your logs don't look to bad, I think we'll run 1 more. If it comes back clean we'll go from there.

How's your computer at the moment?

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

#9 nikos5

New Member

Authentic Member
8 posts

Posted 02 February 2014 - 03:36 PM

Thanks.

Here is the report:

RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ryan [Admin rights]
Mode : Scan -- Date : 02/02/2014 16:34:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA SCSI Disk Device +++++
--- User ---
[MBR] 70867f5b9ab0fc73acc8c6c75414aa27
[BSP] 6e4699b52ff71ec3ff7364b50d500749 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 465714 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 953989120 | Size: 11124 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_02022014_163458.txt >>

#10 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 02 February 2014 - 04:04 PM

Still looking OK

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Vista / 7 / 8 users:
You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When they are complete let me have the two reports and let me know how things are running.

Advertisements

Register to Remove

#11 nikos5

New Member

Authentic Member
8 posts

Posted 03 February 2014 - 05:27 AM

Ok, here are the logs:

# AdwCleaner v3.018 - Report created 03/02/2014 at 06:12:26
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Ryan - RYAN-HP
# Running from : C:\Users\Ryan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\bt1wl78f.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1395 octets] - [03/02/2014 06:11:07]
AdwCleaner[S0].txt - [1211 octets] - [03/02/2014 06:12:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1271 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Ryan on Mon 02/03/2014 at 6:18:33.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E6ED69E8-F249-4463-9A59-89C6D9FCF0A2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E6ED69E8-F249-4463-9A59-89C6D9FCF0A2}

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Ryan\AppData\Roaming\mozilla\firefox\profiles\bt1wl78f.default\minidumps [310 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/03/2014 at 6:25:11.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#12 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 03 February 2014 - 06:28 AM

thank you for the logs

Run RogueKiller again and click Scan
When the scan completes, Put a check next to >[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
Now click Delete

How's your computer today?

Did you ever delete the email in question?

#13 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 03 February 2014 - 06:58 AM

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

#14 nikos5

New Member

Authentic Member
8 posts

Posted 03 February 2014 - 02:15 PM

I ran RogueKiller again but accidentally checked all the boxes under Registry. So it deleted all the files there. I might have screwed up.

I ran Kapersky and it didn't find anything.

I also deleted the emails. Everything seems ok but I didn't really notice anything before except I was having trouble with Explorer.

I had not used it in months and when I tried to use it the links in google would not open. I just tried it and it seemed to be working now.

#15 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 03 February 2014 - 02:26 PM

Hi

I ran RogueKiller again but accidentally checked all the boxes under Registry. So it deleted all the files there. I might have screwed up.

I ran Kapersky and it didn't find anything.

I also deleted the emails. Everything seems ok but I didn't really notice anything before except I was having trouble with Explorer.

I had not used it in months and when I tried to use it the links in google would not open. I just tried it and it seemed to be working now.

The email you sent to this person, had you watched it yourself? Reason I ask is because there has been no worm/trojans found on your machine.

Could it be they thought it came from your email but that it may have been through someone else?

There are other tools we can run but my thoughts are they are going to come back clean.

Let's try one more.

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwareby.../products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

7. The following image opens, select Update

8. When the Update completes, select Next

9. In the following window ensure "Targets" are ticked. Then select "Scan"

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Post those two logs in your reply.

Body Background

skin color theme