Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Optimizer pro and iminent on my computer [Solved]

optimizer pro

  • This topic is locked This topic is locked
90 replies to this topic

#76 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 October 2014 - 01:26 PM

Nope its still there, it has to be saved as a batch file, give it another shot

 

 

 

Open notepad and then copy and paste the bolded lines below into Notepad. 
Go to File > save as and name the file Fixes.bat.
On the dropdown list change the Save as type to All Files and save it to your desktop.
 
 
@echo off
sc stop pcwatch
sc delete pcwatch
if exist c:\windows\system32\drivers\pcwatch.sys attrib -s -h -r c:\windows\system32\drivers\pcwatch.sys
if exist c:\windows\system32\drivers\pcwatch.sys del /f /q :\windows\system32\drivers\pcwatch.sys
exit
 
 
Double-click on fixes.bat file to execute it.
 
 
 
 
Then lets try this again with Combofix
 
 

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above Driver::
 
 
Driver::
pcwatch
 
File::
C:\Windows\system32\Drivers\pcwatch.sys
C:\Windows\system32\MyOSProtect.dll
 
Save this as CFScript to your desktop.
 
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
 
CFScriptB-4.gif
 
 
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
 

 

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#77 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 02 October 2014 - 02:16 PM

ComboFix 14-10-02.01 - CARL 10/02/2014 14:46:28.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2939.1179 [GMT -7:00]
Running from: c:\users\CARL\Desktop\ComboFix.exe
Command switches used :: c:\users\CARL\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Disabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\Drivers\pcwatch.sys"
"c:\windows\system32\MyOSProtect.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCWATCH
-------\Service_pcwatch
.
.
((((((((((((((((((((((((( Files Created from 2014-09-02 to 2014-10-02 )))))))))))))))))))))))))))))))
.
.
2014-10-02 22:03 . 2014-10-02 22:03 -------- d-----w- c:\users\systemprofile\AppData\Local\temp
2014-10-02 22:03 . 2014-10-02 22:03 -------- d-----w- c:\users\Liza\AppData\Local\temp
2014-10-02 22:03 . 2014-10-02 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-30 20:33 . 2014-09-25 01:40 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-28 00:14 . 2014-10-01 20:45 -------- d-----w- c:\users\CARL\Malware fixes
2014-09-27 13:40 . 2010-08-30 15:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-09-27 12:26 . 2014-10-02 22:08 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-27 12:25 . 2014-09-27 12:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-27 12:25 . 2014-09-27 12:25 -------- d-----w- c:\programdata\Malwarebytes
2014-09-27 12:25 . 2014-05-12 14:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-27 12:25 . 2014-05-12 14:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-27 12:25 . 2014-05-12 14:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-27 12:00 . 2014-09-27 12:00 -------- d-----w- c:\windows\ERUNT
2014-09-27 04:21 . 2014-09-27 04:21 -------- d-----w- c:\users\CARL\AppData\Local\Macromedia
2014-09-27 04:20 . 2014-09-27 04:20 -------- d-----w- c:\users\CARL\AppData\Local\Mozilla
2014-09-27 04:20 . 2014-09-24 05:09 800368 ----a-w- c:\program files\Mozilla Firefox\icuuc52.dll
2014-09-27 04:20 . 2014-09-24 05:09 1023600 ----a-w- c:\program files\Mozilla Firefox\icuin52.dll
2014-09-27 04:20 . 2014-09-24 05:09 10397296 ----a-w- c:\program files\Mozilla Firefox\icudt52.dll
2014-09-27 04:20 . 2012-08-21 09:26 3231696 ----a-w- c:\program files\Mozilla Firefox\d3dcompiler_46.dll
2014-09-27 03:33 . 2014-10-02 20:55 -------- d-----w- C:\FRST
2014-09-25 03:53 . 2014-09-25 03:53 -------- d-----w- c:\users\CARL\AppData\Local\IsolatedStorage
2014-09-24 17:02 . 2014-09-24 17:02 3675824 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-09-24 00:06 . 2014-09-24 00:06 -------- d-----w- c:\users\CARL\AppData\Local\Programs
2014-09-24 00:05 . 2014-09-01 18:29 20480 ----a-w- c:\windows\system32\drivers\pcwatch.sys
2014-09-24 00:03 . 2014-09-01 18:28 304776 ----a-w- c:\windows\system32\MyOSProtect.dll
2014-09-23 19:39 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-22 23:02 . 2014-09-22 23:02 -------- d-----w- c:\programdata\Oracle
2014-09-18 22:00 . 2014-08-18 21:38 222720 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2014-09-18 22:00 . 2014-08-18 21:17 470016 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2014-09-18 22:00 . 2014-08-18 20:46 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-09-18 22:00 . 2014-08-19 17:39 812216 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-09-18 22:00 . 2014-08-18 22:08 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-09-18 22:00 . 2014-08-18 21:08 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-18 22:00 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-17 15:56 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-17 15:56 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-17 15:55 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-17 15:55 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-17 15:55 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-17 15:55 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-17 02:49 . 2014-09-17 02:49 -------- d-----w- C:\found.000
2014-09-04 10:58 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-09-04 10:58 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-09-04 10:51 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-09-04 10:51 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-09-04 10:51 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-09-04 10:51 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-09-04 10:50 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-09-04 10:50 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-09-04 10:50 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-09-04 10:50 . 2014-05-14 16:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-09-04 10:50 . 2014-05-14 16:17 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-02 12:19 . 2014-07-26 23:58 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-09-24 17:02 . 2012-03-30 23:23 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 17:02 . 2011-05-19 21:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-18 22:48 . 2011-04-12 04:09 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-02 19:55 . 2014-09-02 19:55 34244 ----a-w- C:\monitorsvc.exe
2014-08-13 19:05 . 2014-08-13 19:05 528248 ----a-w- c:\windows\system32\drivers\avckf.sys
2014-08-13 19:05 . 2014-08-13 19:05 1060312 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-08-13 19:05 . 2014-08-13 19:05 385096 ----a-w- c:\windows\system32\drivers\trufos.sys
2014-08-13 19:05 . 2014-03-26 21:23 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
2014-08-13 19:05 . 2014-03-26 21:23 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2014-07-25 09:35 . 2014-07-25 09:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 01:42 . 2014-08-18 19:00 654336 ----a-w- c:\windows\system32\rpcrt4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-07-14 65024]
"WindowsWelcomeCenter"="oobefldr.dll" [2010-11-20 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-08-13 482392]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-08-13 901608]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2014-08-13 615256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2014-08-13 1837336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-08-13 482392]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-08-13 901608]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2014-08-13 615256]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
c:\users\Liza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
R1 ttnfd;ttnfd;c:\windows\system32\drivers\ttnfd.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2014-08-13 528248]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-12 247968]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-07-02 108008]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-11-04 66832]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-10 21648]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-06 1343400]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [2014-08-13 69880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2014-08-13 1060312]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-08-23 165744]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2014-05-26 77632]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 72704]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-12 193696]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-07-23 438616]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2013-07-08 81704]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [2014-08-13 54424]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-11-02 242504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-02 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - bdftdif
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-27 18:08 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:02]
.
2014-10-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001Core.job
- c:\users\Liza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-02 00:40]
.
2014-10-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001UA.job
- c:\users\Liza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-02 00:40]
.
2014-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:06]
.
2014-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cceb78bbbe067a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:06]
.
2014-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:06]
.
2014-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cceb78bf10241d.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>;192.168.*.*
LSP: c:\windows\system32\MyOSProtect.dll
TCP: DhcpNameServer = 216.177.160.61 216.177.160.60
FF - ProfilePath - c:\users\CARL\AppData\Roaming\Mozilla\Firefox\Profiles\f8su429z.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5784)
c:\ddi\overicon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender\vsserv.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\schtasks.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\system32\conhost.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\conhost.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\CCP.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\WUDFHost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\wermgr.exe
.
**************************************************************************
.
Completion time: 2014-10-02 15:14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-02 22:14
ComboFix2.txt 2014-10-01 06:03
.
Pre-Run: 137,119,412,224 bytes free
Post-Run: 136,851,238,912 bytes free
.
- - End Of File - - 89688C9396E623DC70620CD8ED9FD719
A36C5E4F47E84449FF07ED3517B43A31

#78 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 October 2014 - 09:21 PM

Good, go ahead and run a new scan with FRST shoot me a new log please



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#79 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 03 October 2014 - 08:19 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by CARL (administrator) on CARL-PC on 03-10-2014 08:53:01
Running from C:\Users\CARL\Desktop
Loaded Profile: CARL (Available profiles: CARL & Liza)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\downloader.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VWLASU] => C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM\...\Run: [VAIOSurvey] => C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM\...\Run: [VAIOMyMemCenter] => C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [679936 2008-02-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [SmartWiHelper] => C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [77824 2008-06-27] (Sony Electronics Corporation)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6295552 2008-07-02] (Realtek Semiconductor)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1837336 2014-08-13] (Bitdefender)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [65024 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Liza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AOLOverlayIcon] -> {AB0C8BE3-041C-47d6-8195-E089D32B38DD} => C:\DDI\overicon.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x16A6F450C046CB01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 15 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 216.177.160.61 216.177.160.60

FireFox:
========
FF ProfilePath: C:\Users\CARL\AppData\Roaming\Mozilla\Firefox\Profiles\f8su429z.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\CARL\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman [2014-03-26]
FF HKLM\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files\Mozilla Firefox\extensions\termtutor@termtutor.com
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-26]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\CARL\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\CARL\AppData\Roaming\Move Networks [2009-05-07]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Users\CARL\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-24]
CHR Extension: (Bitdefender Wallet) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-26]
CHR Extension: (Skype Click to Call) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-05-04]
CHR Extension: (Poppit!) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-17]
CHR Extension: (Google Wallet) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [aaaajhhckaajldjhmbpgleomemmpopjp] - C:\Windows\system32\config\systemprofile\AppData\Local\bandoomusictoolbar\GC\toolbar.crx [2013-06-07]
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-08-13] (Bitdefender)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-11-12] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [480368 2014-09-17] (Bitdefender)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-08-13] (Bitdefender)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-11] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1251808 2014-08-13] (Bitdefender)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1060312 2014-08-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [528248 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-26] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [385096 2014-08-13] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CARL\AppData\Local\Temp\catchme.sys [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]
U3 mbr; \??\C:\Users\CARL\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 08:52 - 2014-10-03 08:52 - 00000000 ____D () C:\Users\CARL\Desktop\FRST-OlderVersion
2014-10-02 15:17 - 2014-10-02 15:17 - 00022084 _____ () C:\Users\CARL\Desktop\combofix.txt
2014-10-02 15:14 - 2014-10-02 15:14 - 00022084 _____ () C:\ComboFix.txt
2014-10-02 13:50 - 2014-10-02 14:38 - 00000266 _____ () C:\Users\CARL\Desktop\fixes.bat
2014-10-01 19:18 - 2014-10-02 07:20 - 00000000 ____D () C:\Users\Liza\AppData\Local\{37C9B37E-8D21-4944-8858-B247C201E940}
2014-10-01 12:28 - 2014-10-01 12:34 - 00003088 _____ () C:\Users\CARL\Desktop\Rkill.txt
2014-10-01 12:27 - 2014-10-01 12:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\CARL\Desktop\rkill.exe
2014-10-01 08:17 - 2014-10-01 08:17 - 00146960 _____ () C:\Windows\Minidump\100114-22120-01.dmp
2014-10-01 06:54 - 2014-10-01 14:38 - 00051250 _____ () C:\Users\CARL\Desktop\Addition.txt
2014-10-01 06:52 - 2014-10-03 08:53 - 00024898 _____ () C:\Users\CARL\Desktop\FRST.txt
2014-09-30 23:26 - 2014-09-30 23:26 - 00000000 ____D () C:\Users\Liza\AppData\Local\{709843D9-5A76-4B14-BE48-BD68AC33B06D}
2014-09-30 22:21 - 2014-09-30 22:21 - 00186880 _____ (CEXX.ORG) C:\Users\CARL\Desktop\LSPFix.exe
2014-09-30 13:33 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 19:09 - 2014-10-03 08:52 - 00000000 ____D () C:\Users\CARL\Documents\Katie
2014-09-28 19:47 - 2014-09-28 19:48 - 00146952 _____ () C:\Windows\Minidump\092814-23743-01.dmp
2014-09-28 14:10 - 2014-09-28 14:10 - 00146960 _____ () C:\Windows\Minidump\092814-23556-01.dmp
2014-09-28 14:00 - 2014-10-02 15:14 - 00000000 ____D () C:\Qoobox
2014-09-28 14:00 - 2014-10-02 15:03 - 00000000 ____D () C:\Windows\erdnt
2014-09-28 14:00 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-28 14:00 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-28 14:00 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-28 13:52 - 2014-10-02 14:41 - 05582981 ____R (Swearware) C:\Users\CARL\Desktop\ComboFix.exe
2014-09-27 17:14 - 2014-10-01 13:45 - 00000000 ____D () C:\Users\CARL\Malware fixes
2014-09-27 13:38 - 2014-09-27 13:38 - 00000000 ____D () C:\Users\Liza\AppData\Local\{BC296350-9826-4461-89ED-ACC5B53B0351}
2014-09-27 10:20 - 2014-10-03 08:52 - 01100800 _____ (Farbar) C:\Users\CARL\Desktop\FRST.exe
2014-09-27 06:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-27 06:04 - 2014-09-27 06:20 - 00000530 _____ () C:\Users\CARL\Downloads\Result.txt
2014-09-27 05:26 - 2014-10-03 07:17 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-27 05:25 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-27 05:25 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-27 05:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 05:00 - 2014-09-27 05:00 - 00000000 ____D () C:\Windows\ERUNT
2014-09-27 04:53 - 2014-09-27 04:53 - 01699276 _____ (Thisisu) C:\Users\CARL\Downloads\JRT.exe
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\Users\CARL\AppData\Local\Macromedia
2014-09-26 21:20 - 2014-09-26 21:20 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-26 21:20 - 2014-09-26 21:20 - 00000000 ____D () C:\Users\CARL\AppData\Roaming\Mozilla
2014-09-26 21:20 - 2014-09-26 21:20 - 00000000 ____D () C:\Users\CARL\AppData\Local\Mozilla
2014-09-26 21:19 - 2014-09-26 21:19 - 00244136 _____ () C:\Users\CARL\Downloads\Firefox Setup Stub 32.0.3.exe
2014-09-26 20:33 - 2014-10-03 08:53 - 00000000 ____D () C:\FRST
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Users\Liza\AppData\Local\{D1075A40-3AD6-48F8-8D80-DB28A94191A8}
2014-09-25 13:02 - 2014-09-25 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-09-24 21:53 - 2014-09-26 07:50 - 00000065 _____ () C:\Users\CARL\AppData\Roaming\WB.CFG
2014-09-24 20:53 - 2014-09-24 20:53 - 00000000 ____D () C:\Users\CARL\AppData\Local\IsolatedStorage
2014-09-24 20:11 - 2014-09-24 20:11 - 00000000 ____D () C:\Users\Liza\AppData\Local\{E1B82B34-94F7-4795-A227-A07AC026C3C1}
2014-09-24 15:21 - 2014-09-24 21:58 - 01454922 _____ () C:\Users\CARL\Documents\Kanto.pptx
2014-09-24 14:20 - 2014-09-24 14:59 - 02382044 _____ () C:\Users\CARL\Downloads\David_Mythology (1).pptx
2014-09-24 10:02 - 2014-09-24 10:02 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-23 19:26 - 2014-09-23 19:26 - 00147016 _____ () C:\Windows\Minidump\092314-80558-01.dmp
2014-09-23 17:50 - 2014-09-23 17:50 - 00000000 ____D () C:\Users\Liza\AppData\Local\{E36305E3-28E3-4440-9CEA-6993EEE77436}
2014-09-23 17:44 - 2014-09-24 15:02 - 02382035 _____ () C:\Users\CARL\Documents\David_Mythology.pptx
2014-09-23 17:05 - 2014-09-01 11:29 - 00020480 _____ (MyOSCompany) C:\Windows\system32\Drivers\pcwatch.sys
2014-09-23 17:03 - 2014-09-23 17:03 - 18581088 _____ () C:\Users\CARL\Downloads\YGOPro DevPro.zip.thxo3ui.partial
2014-09-23 17:03 - 2014-09-01 11:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-09-23 14:50 - 2014-09-24 15:21 - 01208942 _____ () C:\Users\CARL\Downloads\New_Microsoft_PowerPoint_Presentation.pptx
2014-09-23 13:51 - 2014-09-23 14:37 - 02486374 _____ () C:\Users\CARL\Downloads\David_Mythology.pptx
2014-09-23 12:39 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-22 16:10 - 2014-09-22 16:10 - 00918440 _____ (Oracle Corporation) C:\Users\CARL\Downloads\JavaSetup7u67.com
2014-09-22 16:02 - 2014-09-22 16:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-19 06:27 - 2014-09-19 06:27 - 00000000 ____D () C:\Users\Liza\AppData\Local\{20373E10-274A-4A68-A976-51CB8838D089}
2014-09-18 15:01 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-18 15:01 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-18 15:01 - 2014-08-18 14:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-18 15:01 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-18 15:01 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-18 15:01 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-18 15:01 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-18 15:01 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-18 15:01 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-18 15:01 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-18 15:01 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-18 15:01 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-18 15:01 - 2014-08-18 14:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-18 15:01 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-18 15:01 - 2014-08-18 14:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-18 15:01 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-18 15:01 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-18 15:01 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-18 15:01 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-18 15:01 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-18 15:01 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-18 15:01 - 2014-08-18 14:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-18 15:01 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-18 15:01 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-18 15:00 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-18 15:00 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-18 15:00 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-18 15:00 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-18 15:00 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-18 15:00 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-18 15:00 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-17 08:56 - 2014-07-06 18:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 08:56 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-17 08:55 - 2014-09-04 18:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-17 08:55 - 2014-09-04 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-17 08:55 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-17 08:55 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-16 22:47 - 2014-09-18 14:27 - 00000000 ____D () C:\Users\Liza\AppData\Local\{5EB1F283-A6CA-4AF7-9D54-CA3B9F6782B4}
2014-09-16 19:49 - 2014-09-16 19:49 - 00000000 ____D () C:\found.000
2014-09-13 01:51 - 2014-09-13 01:51 - 00000000 ____D () C:\Users\Liza\AppData\Local\{F5899911-E6E6-4F67-82C6-BD68481CA883}
2014-09-12 21:19 - 2014-09-12 21:19 - 00000000 ____D () C:\Users\Liza\AppData\Local\{3A5CF58D-05AD-4421-8942-EA191F6D89C7}
2014-09-12 21:15 - 2014-09-12 21:15 - 01510144 _____ () C:\Windows\Minidump\091214-45583-01.dmp
2014-09-06 03:51 - 2014-09-06 03:51 - 00000000 ____D () C:\Users\Liza\AppData\Local\{7825CC49-70F8-493E-88C9-B07B93EB1007}
2014-09-05 10:15 - 2014-09-05 10:15 - 00000000 ____D () C:\Users\Liza\AppData\Local\{7771BBE8-4AA6-4FE3-9C86-A5E64EC94CA1}
2014-09-04 05:01 - 2014-09-04 22:14 - 00000000 ____D () C:\Users\Liza\AppData\Local\{EAF1BEA1-C915-4AB8-9435-5AC345EB9F88}
2014-09-04 03:58 - 2014-08-22 18:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-04 03:58 - 2014-08-22 17:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-04 03:51 - 2014-05-14 09:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-04 03:51 - 2014-05-14 09:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-04 03:51 - 2014-05-14 09:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-04 03:51 - 2014-05-14 09:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-04 03:50 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-04 03:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 08:45 - 2011-12-01 19:51 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001UA.job
2014-10-03 08:19 - 2012-02-14 17:28 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cceb78bf10241d.job
2014-10-03 08:07 - 2010-03-14 13:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 08:02 - 2012-08-31 15:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-02 21:06 - 2011-05-04 15:42 - 01661238 _____ () C:\Windows\WindowsUpdate.log
2014-10-02 17:45 - 2011-12-01 19:51 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001Core.job
2014-10-02 17:07 - 2010-03-14 13:07 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-02 15:14 - 2011-05-04 15:49 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 15:14 - 2011-05-04 15:05 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 15:14 - 2011-05-04 15:05 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 15:07 - 2012-02-14 17:28 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cceb78bbbe067a.job
2014-10-02 15:07 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-02 15:06 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-02 15:06 - 2009-07-13 21:39 - 01514039 _____ () C:\Windows\setupact.log
2014-10-02 15:04 - 2011-05-04 15:28 - 00286760 _____ () C:\Windows\PFRO.log
2014-10-02 15:04 - 2009-07-13 19:03 - 63520768 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-02 15:04 - 2009-07-13 19:03 - 19660800 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-02 15:04 - 2009-07-13 19:03 - 00978944 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-02 15:04 - 2009-07-13 19:03 - 00090112 _____ () C:\Windows\system32\config\SAM.bak
2014-10-02 15:04 - 2009-07-13 19:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-02 14:31 - 2014-02-03 09:23 - 00000000 ____D () C:\Users\CARL\AppData\Roaming\Canon
2014-10-01 19:18 - 2010-09-11 07:57 - 00000000 ____D () C:\Users\Liza\Tracing
2014-10-01 15:15 - 2012-02-26 09:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-01 15:15 - 2011-04-11 21:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-01 08:17 - 2011-07-30 11:43 - 384205671 _____ () C:\Windows\MEMORY.DMP
2014-10-01 08:17 - 2011-07-30 11:43 - 00000000 ____D () C:\Windows\Minidump
2014-09-30 23:03 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-09-27 18:04 - 2011-05-04 15:06 - 00000000 ____D () C:\Users\CARL
2014-09-27 11:16 - 2011-04-11 21:52 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-27 09:54 - 2013-09-30 20:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-27 06:47 - 2009-01-09 22:21 - 00000000 ____D () C:\TEMP
2014-09-27 06:44 - 2012-06-27 12:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 05:39 - 2011-02-02 01:33 - 00000000 ____D () C:\ProgramData\Temp
2014-09-26 21:20 - 2012-06-27 12:00 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-25 19:50 - 2010-09-10 16:01 - 00000000 ____D () C:\Users\Liza\Documents\Katie
2014-09-24 20:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-24 20:53 - 2009-06-06 06:26 - 00000907 _____ () C:\Users\CARL\Desktop\Launch Internet Explorer Browser.lnk
2014-09-24 13:07 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 12:29 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-09-24 10:02 - 2012-03-30 16:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 10:02 - 2011-05-19 14:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 06:47 - 2014-07-31 11:57 - 00203574 _____ () C:\Users\CARL\Desktop\1checking.xlsx
2014-09-18 15:03 - 2008-08-21 00:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-18 15:00 - 2013-08-15 11:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-18 14:37 - 2014-05-07 06:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-18 14:37 - 2011-05-17 10:41 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-17 14:36 - 2014-02-04 01:45 - 00000000 ____D () C:\Users\Liza\Documents\Retirement
2014-09-06 03:49 - 2009-07-13 21:33 - 00371536 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-27 17:54

==================== End Of Log ============================



#80 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 October 2014 - 11:05 AM

Did you ever run LSP-Fix as i posted earlier, you need to keep me in the loop, even if you ran it run it again and let me know how it went

 

 
  •  
  • Please download LSPFix to your Desktop
  • Disconnect from the internet.
  • Go to where you downloaded LSPFix and run the LSPFix.exe by right clicking on it and selecting RUN AS ADMINISTATOR
  • Check the I know what I'm doing box.
  • In the Keep box you should see one or more instances of MyOSProtect.dll
  • Select every instance of MyOSProtect.dll and move each one to the Remove box by clicking the >> button.
  • When you are done click Finish.
 
LSP Tutorial <-- If you need it.
 
 
 
 
 
 

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above Driver::
 
 
Driver::
ttnfd
 
File::
c:\windows\system32\drivers\ttnfd.sys
c:\windows\system32\MyOSProtect.dll
 
Save this as CFScript to your desktop.
 
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
 
CFScriptB-4.gif
 
 
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#81 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 03 October 2014 - 11:34 AM

LSP successful. moving on.



#82 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 03 October 2014 - 12:06 PM

ComboFix 14-10-02.01 - CARL 10/03/2014 12:40:55.7.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2939.1555 [GMT -7:00]
Running from: c:\users\CARL\Desktop\ComboFix.exe
Command switches used :: c:\users\CARL\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Disabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\ttnfd.sys"
"c:\windows\system32\MyOSProtect.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TTNFD
-------\Service_ttnfd
.
.
((((((((((((((((((((((((( Files Created from 2014-09-03 to 2014-10-03 )))))))))))))))))))))))))))))))
.
.
2014-10-03 19:52 . 2014-10-03 19:52 -------- d-----w- c:\users\systemprofile\AppData\Local\temp
2014-10-03 19:52 . 2014-10-03 19:52 -------- d-----w- c:\users\Liza\AppData\Local\temp
2014-10-03 19:52 . 2014-10-03 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-30 20:33 . 2014-09-25 01:40 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-28 00:14 . 2014-10-01 20:45 -------- d-----w- c:\users\CARL\Malware fixes
2014-09-27 13:40 . 2010-08-30 15:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-09-27 12:26 . 2014-10-03 19:56 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-27 12:25 . 2014-09-27 12:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-27 12:25 . 2014-09-27 12:25 -------- d-----w- c:\programdata\Malwarebytes
2014-09-27 12:25 . 2014-05-12 14:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-27 12:25 . 2014-05-12 14:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-27 12:25 . 2014-05-12 14:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-27 12:00 . 2014-09-27 12:00 -------- d-----w- c:\windows\ERUNT
2014-09-27 04:21 . 2014-09-27 04:21 -------- d-----w- c:\users\CARL\AppData\Local\Macromedia
2014-09-27 04:20 . 2014-09-27 04:20 -------- d-----w- c:\users\CARL\AppData\Local\Mozilla
2014-09-27 04:20 . 2014-09-24 05:09 800368 ----a-w- c:\program files\Mozilla Firefox\icuuc52.dll
2014-09-27 04:20 . 2014-09-24 05:09 1023600 ----a-w- c:\program files\Mozilla Firefox\icuin52.dll
2014-09-27 04:20 . 2014-09-24 05:09 10397296 ----a-w- c:\program files\Mozilla Firefox\icudt52.dll
2014-09-27 04:20 . 2012-08-21 09:26 3231696 ----a-w- c:\program files\Mozilla Firefox\d3dcompiler_46.dll
2014-09-27 03:33 . 2014-10-03 15:54 -------- d-----w- C:\FRST
2014-09-25 03:53 . 2014-09-25 03:53 -------- d-----w- c:\users\CARL\AppData\Local\IsolatedStorage
2014-09-24 17:02 . 2014-09-24 17:02 3675824 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-09-24 00:06 . 2014-09-24 00:06 -------- d-----w- c:\users\CARL\AppData\Local\Programs
2014-09-24 00:05 . 2014-09-01 18:29 20480 ----a-w- c:\windows\system32\drivers\pcwatch.sys
2014-09-24 00:03 . 2014-09-01 18:28 304776 ----a-w- c:\windows\system32\MyOSProtect.dll
2014-09-23 19:39 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-22 23:02 . 2014-09-22 23:02 -------- d-----w- c:\programdata\Oracle
2014-09-18 22:00 . 2014-08-18 21:38 222720 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2014-09-18 22:00 . 2014-08-18 21:17 470016 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2014-09-18 22:00 . 2014-08-18 20:46 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-09-18 22:00 . 2014-08-19 17:39 812216 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-09-18 22:00 . 2014-08-18 22:08 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-09-18 22:00 . 2014-08-18 21:08 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-18 22:00 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-17 15:56 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-17 15:56 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-17 15:55 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-17 15:55 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-17 15:55 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-17 15:55 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-17 02:49 . 2014-09-17 02:49 -------- d-----w- C:\found.000
2014-09-04 10:58 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-09-04 10:58 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-09-04 10:51 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-09-04 10:51 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-09-04 10:51 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-09-04 10:51 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-09-04 10:50 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-09-04 10:50 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-09-04 10:50 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-09-04 10:50 . 2014-05-14 16:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-09-04 10:50 . 2014-05-14 16:17 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-03 19:26 . 2014-07-26 23:58 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-09-24 17:02 . 2012-03-30 23:23 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 17:02 . 2011-05-19 21:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-18 22:48 . 2011-04-12 04:09 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-02 19:55 . 2014-09-02 19:55 34244 ----a-w- C:\monitorsvc.exe
2014-08-13 19:05 . 2014-08-13 19:05 528248 ----a-w- c:\windows\system32\drivers\avckf.sys
2014-08-13 19:05 . 2014-08-13 19:05 1060312 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-08-13 19:05 . 2014-08-13 19:05 385096 ----a-w- c:\windows\system32\drivers\trufos.sys
2014-08-13 19:05 . 2014-03-26 21:23 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
2014-08-13 19:05 . 2014-03-26 21:23 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2014-07-25 09:35 . 2014-07-25 09:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 01:42 . 2014-08-18 19:00 654336 ----a-w- c:\windows\system32\rpcrt4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-07-08 21:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-07-14 65024]
"WindowsWelcomeCenter"="oobefldr.dll" [2010-11-20 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-08-13 482392]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-08-13 901608]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2014-08-13 615256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2014-08-13 1837336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-08-13 482392]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-08-13 901608]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2014-08-13 615256]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]
.
c:\users\Liza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2014-08-13 528248]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-12 247968]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-07-02 108008]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-11-04 66832]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-10 21648]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-06 1343400]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [2014-08-13 69880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2014-08-13 1060312]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-08-23 165744]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2014-05-26 77632]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 72704]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-12 193696]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-07-23 438616]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2013-07-08 81704]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [2014-08-13 54424]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-11-02 242504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-03 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - bdftdif
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-27 18:08 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:02]
.
2014-10-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001Core.job
- c:\users\Liza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-02 00:40]
.
2014-10-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001UA.job
- c:\users\Liza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-02 00:40]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:06]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cceb78bbbe067a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:06]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:06]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cceb78bf10241d.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>;192.168.*.*
TCP: DhcpNameServer = 216.177.160.61 216.177.160.60
FF - ProfilePath - c:\users\CARL\AppData\Roaming\Mozilla\Firefox\Profiles\f8su429z.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5412)
c:\ddi\overicon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender\vsserv.exe
c:\windows\system32\wermgr.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\schtasks.exe
c:\windows\system32\conhost.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\CCP.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-10-03 13:04:15 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-03 20:04
ComboFix2.txt 2014-10-02 22:14
ComboFix3.txt 2014-10-01 06:03
.
Pre-Run: 140,429,434,880 bytes free
Post-Run: 139,981,148,160 bytes free
.
- - End Of File - - 7AA8E1D119DABFDAA02282EA28E0A8DF
A36C5E4F47E84449FF07ED3517B43A31

#83 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 October 2014 - 12:09 PM

Go ahead and run FRST and post the log please



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#84 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 03 October 2014 - 12:30 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by CARL (administrator) on CARL-PC on 03-10-2014 13:26:26
Running from C:\Users\CARL\Desktop
Loaded Profile: CARL (Available profiles: CARL & Liza)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VWLASU] => C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM\...\Run: [VAIOSurvey] => C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM\...\Run: [VAIOMyMemCenter] => C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [679936 2008-02-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [SmartWiHelper] => C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [77824 2008-06-27] (Sony Electronics Corporation)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6295552 2008-07-02] (Realtek Semiconductor)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1837336 2014-08-13] (Bitdefender)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [65024 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Liza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AOLOverlayIcon] -> {AB0C8BE3-041C-47d6-8195-E089D32B38DD} => C:\DDI\overicon.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x16A6F450C046CB01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 216.177.160.61 216.177.160.60

FireFox:
========
FF ProfilePath: C:\Users\CARL\AppData\Roaming\Mozilla\Firefox\Profiles\f8su429z.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\CARL\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman [2014-03-26]
FF HKLM\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files\Mozilla Firefox\extensions\termtutor@termtutor.com
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-26]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\CARL\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\CARL\AppData\Roaming\Move Networks [2009-05-07]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Users\CARL\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-24]
CHR Extension: (Bitdefender Wallet) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-26]
CHR Extension: (Skype Click to Call) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-05-04]
CHR Extension: (Poppit!) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-17]
CHR Extension: (Google Wallet) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [aaaajhhckaajldjhmbpgleomemmpopjp] - C:\Windows\system32\config\systemprofile\AppData\Local\bandoomusictoolbar\GC\toolbar.crx [2013-06-07]
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-08-13] (Bitdefender)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-11-12] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [480368 2014-09-17] (Bitdefender)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-08-13] (Bitdefender)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-11] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1251808 2014-08-13] (Bitdefender)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1060312 2014-08-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [528248 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-26] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [385096 2014-08-13] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CARL\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\Users\CARL\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 13:04 - 2014-10-03 13:04 - 00021970 _____ () C:\ComboFix.txt
2014-10-03 08:52 - 2014-10-03 08:52 - 00000000 ____D () C:\Users\CARL\Desktop\FRST-OlderVersion
2014-10-02 15:17 - 2014-10-02 15:17 - 00022084 _____ () C:\Users\CARL\Desktop\combofix.txt
2014-10-02 13:50 - 2014-10-02 14:38 - 00000266 _____ () C:\Users\CARL\Desktop\fixes.bat
2014-10-01 19:18 - 2014-10-02 07:20 - 00000000 ____D () C:\Users\Liza\AppData\Local\{37C9B37E-8D21-4944-8858-B247C201E940}
2014-10-01 12:28 - 2014-10-01 12:34 - 00003088 _____ () C:\Users\CARL\Desktop\Rkill.txt
2014-10-01 12:27 - 2014-10-01 12:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\CARL\Desktop\rkill.exe
2014-10-01 08:17 - 2014-10-01 08:17 - 00146960 _____ () C:\Windows\Minidump\100114-22120-01.dmp
2014-10-01 06:54 - 2014-10-01 14:38 - 00051250 _____ () C:\Users\CARL\Desktop\Addition.txt
2014-10-01 06:52 - 2014-10-03 13:26 - 00024453 _____ () C:\Users\CARL\Desktop\FRST.txt
2014-09-30 23:26 - 2014-09-30 23:26 - 00000000 ____D () C:\Users\Liza\AppData\Local\{709843D9-5A76-4B14-BE48-BD68AC33B06D}
2014-09-30 22:21 - 2014-09-30 22:21 - 00186880 _____ (CEXX.ORG) C:\Users\CARL\Desktop\LSPFix.exe
2014-09-30 13:33 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 19:09 - 2014-10-03 08:52 - 00000000 ____D () C:\Users\CARL\Documents\Katie
2014-09-28 19:47 - 2014-09-28 19:48 - 00146952 _____ () C:\Windows\Minidump\092814-23743-01.dmp
2014-09-28 14:10 - 2014-09-28 14:10 - 00146960 _____ () C:\Windows\Minidump\092814-23556-01.dmp
2014-09-28 14:00 - 2014-10-03 13:04 - 00000000 ____D () C:\Qoobox
2014-09-28 14:00 - 2014-10-03 12:52 - 00000000 ____D () C:\Windows\erdnt
2014-09-28 14:00 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-28 14:00 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-28 14:00 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-28 13:52 - 2014-10-02 14:41 - 05582981 ____R (Swearware) C:\Users\CARL\Desktop\ComboFix.exe
2014-09-27 17:14 - 2014-10-01 13:45 - 00000000 ____D () C:\Users\CARL\Malware fixes
2014-09-27 13:38 - 2014-09-27 13:38 - 00000000 ____D () C:\Users\Liza\AppData\Local\{BC296350-9826-4461-89ED-ACC5B53B0351}
2014-09-27 10:20 - 2014-10-03 08:52 - 01100800 _____ (Farbar) C:\Users\CARL\Desktop\FRST.exe
2014-09-27 06:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-27 06:04 - 2014-09-27 06:20 - 00000530 _____ () C:\Users\CARL\Downloads\Result.txt
2014-09-27 05:26 - 2014-10-03 12:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-27 05:25 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-27 05:25 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-27 05:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 05:00 - 2014-09-27 05:00 - 00000000 ____D () C:\Windows\ERUNT
2014-09-27 04:53 - 2014-09-27 04:53 - 01699276 _____ (Thisisu) C:\Users\CARL\Downloads\JRT.exe
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\Users\CARL\AppData\Local\Macromedia
2014-09-26 21:20 - 2014-09-26 21:20 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-26 21:20 - 2014-09-26 21:20 - 00000000 ____D () C:\Users\CARL\AppData\Roaming\Mozilla
2014-09-26 21:20 - 2014-09-26 21:20 - 00000000 ____D () C:\Users\CARL\AppData\Local\Mozilla
2014-09-26 21:19 - 2014-09-26 21:19 - 00244136 _____ () C:\Users\CARL\Downloads\Firefox Setup Stub 32.0.3.exe
2014-09-26 20:33 - 2014-10-03 13:26 - 00000000 ____D () C:\FRST
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Users\Liza\AppData\Local\{D1075A40-3AD6-48F8-8D80-DB28A94191A8}
2014-09-25 13:02 - 2014-09-25 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-09-24 21:53 - 2014-09-26 07:50 - 00000065 _____ () C:\Users\CARL\AppData\Roaming\WB.CFG
2014-09-24 20:53 - 2014-09-24 20:53 - 00000000 ____D () C:\Users\CARL\AppData\Local\IsolatedStorage
2014-09-24 20:11 - 2014-09-24 20:11 - 00000000 ____D () C:\Users\Liza\AppData\Local\{E1B82B34-94F7-4795-A227-A07AC026C3C1}
2014-09-24 15:21 - 2014-09-24 21:58 - 01454922 _____ () C:\Users\CARL\Documents\Kanto.pptx
2014-09-24 14:20 - 2014-09-24 14:59 - 02382044 _____ () C:\Users\CARL\Downloads\David_Mythology (1).pptx
2014-09-24 10:02 - 2014-09-24 10:02 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-23 19:26 - 2014-09-23 19:26 - 00147016 _____ () C:\Windows\Minidump\092314-80558-01.dmp
2014-09-23 17:50 - 2014-09-23 17:50 - 00000000 ____D () C:\Users\Liza\AppData\Local\{E36305E3-28E3-4440-9CEA-6993EEE77436}
2014-09-23 17:44 - 2014-09-24 15:02 - 02382035 _____ () C:\Users\CARL\Documents\David_Mythology.pptx
2014-09-23 17:05 - 2014-09-01 11:29 - 00020480 _____ (MyOSCompany) C:\Windows\system32\Drivers\pcwatch.sys
2014-09-23 17:03 - 2014-09-23 17:03 - 18581088 _____ () C:\Users\CARL\Downloads\YGOPro DevPro.zip.thxo3ui.partial
2014-09-23 17:03 - 2014-09-01 11:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-09-23 14:50 - 2014-09-24 15:21 - 01208942 _____ () C:\Users\CARL\Downloads\New_Microsoft_PowerPoint_Presentation.pptx
2014-09-23 13:51 - 2014-09-23 14:37 - 02486374 _____ () C:\Users\CARL\Downloads\David_Mythology.pptx
2014-09-23 12:39 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-22 16:10 - 2014-09-22 16:10 - 00918440 _____ (Oracle Corporation) C:\Users\CARL\Downloads\JavaSetup7u67.com
2014-09-22 16:02 - 2014-09-22 16:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-19 06:27 - 2014-09-19 06:27 - 00000000 ____D () C:\Users\Liza\AppData\Local\{20373E10-274A-4A68-A976-51CB8838D089}
2014-09-18 15:01 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-18 15:01 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-18 15:01 - 2014-08-18 14:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-18 15:01 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-18 15:01 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-18 15:01 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-18 15:01 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-18 15:01 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-18 15:01 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-18 15:01 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-18 15:01 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-18 15:01 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-18 15:01 - 2014-08-18 14:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-18 15:01 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-18 15:01 - 2014-08-18 14:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-18 15:01 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-18 15:01 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-18 15:01 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-18 15:01 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-18 15:01 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-18 15:01 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-18 15:01 - 2014-08-18 14:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-18 15:01 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-18 15:01 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-18 15:00 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-18 15:00 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-18 15:00 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-18 15:00 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-18 15:00 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-18 15:00 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-18 15:00 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-17 08:56 - 2014-07-06 18:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 08:56 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-17 08:55 - 2014-09-04 18:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-17 08:55 - 2014-09-04 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-17 08:55 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-17 08:55 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-16 22:47 - 2014-09-18 14:27 - 00000000 ____D () C:\Users\Liza\AppData\Local\{5EB1F283-A6CA-4AF7-9D54-CA3B9F6782B4}
2014-09-16 19:49 - 2014-09-16 19:49 - 00000000 ____D () C:\found.000
2014-09-13 01:51 - 2014-09-13 01:51 - 00000000 ____D () C:\Users\Liza\AppData\Local\{F5899911-E6E6-4F67-82C6-BD68481CA883}
2014-09-12 21:19 - 2014-09-12 21:19 - 00000000 ____D () C:\Users\Liza\AppData\Local\{3A5CF58D-05AD-4421-8942-EA191F6D89C7}
2014-09-12 21:15 - 2014-09-12 21:15 - 01510144 _____ () C:\Windows\Minidump\091214-45583-01.dmp
2014-09-06 03:51 - 2014-09-06 03:51 - 00000000 ____D () C:\Users\Liza\AppData\Local\{7825CC49-70F8-493E-88C9-B07B93EB1007}
2014-09-05 10:15 - 2014-09-05 10:15 - 00000000 ____D () C:\Users\Liza\AppData\Local\{7771BBE8-4AA6-4FE3-9C86-A5E64EC94CA1}
2014-09-04 05:01 - 2014-09-04 22:14 - 00000000 ____D () C:\Users\Liza\AppData\Local\{EAF1BEA1-C915-4AB8-9435-5AC345EB9F88}
2014-09-04 03:58 - 2014-08-22 18:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-04 03:58 - 2014-08-22 17:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-04 03:51 - 2014-05-14 09:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-04 03:51 - 2014-05-14 09:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-04 03:51 - 2014-05-14 09:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-04 03:51 - 2014-05-14 09:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-04 03:50 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-04 03:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 13:19 - 2012-02-14 17:28 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cceb78bf10241d.job
2014-10-03 13:07 - 2010-03-14 13:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 13:03 - 2012-08-31 15:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 13:03 - 2011-05-04 15:05 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 13:03 - 2011-05-04 15:05 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 12:57 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-03 12:55 - 2012-02-14 17:28 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cceb78bbbe067a.job
2014-10-03 12:55 - 2010-03-14 13:07 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 12:55 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 12:55 - 2009-07-13 21:39 - 01515391 _____ () C:\Windows\setupact.log
2014-10-03 12:53 - 2011-05-04 15:28 - 00287312 _____ () C:\Windows\PFRO.log
2014-10-03 12:52 - 2009-07-13 19:03 - 63520768 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 19660800 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 00978944 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 00090112 _____ () C:\Windows\system32\config\SAM.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-03 12:39 - 2011-05-04 15:42 - 01695415 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 11:45 - 2011-12-01 19:51 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001UA.job
2014-10-02 17:45 - 2011-12-01 19:51 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001Core.job
2014-10-02 15:14 - 2011-05-04 15:49 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 14:31 - 2014-02-03 09:23 - 00000000 ____D () C:\Users\CARL\AppData\Roaming\Canon
2014-10-01 19:18 - 2010-09-11 07:57 - 00000000 ____D () C:\Users\Liza\Tracing
2014-10-01 15:15 - 2012-02-26 09:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-01 15:15 - 2011-04-11 21:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-01 08:17 - 2011-07-30 11:43 - 384205671 _____ () C:\Windows\MEMORY.DMP
2014-10-01 08:17 - 2011-07-30 11:43 - 00000000 ____D () C:\Windows\Minidump
2014-09-30 23:03 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-09-27 18:04 - 2011-05-04 15:06 - 00000000 ____D () C:\Users\CARL
2014-09-27 11:16 - 2011-04-11 21:52 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-27 09:54 - 2013-09-30 20:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-27 06:47 - 2009-01-09 22:21 - 00000000 ____D () C:\TEMP
2014-09-27 06:44 - 2012-06-27 12:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 05:39 - 2011-02-02 01:33 - 00000000 ____D () C:\ProgramData\Temp
2014-09-26 21:20 - 2012-06-27 12:00 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-25 19:50 - 2010-09-10 16:01 - 00000000 ____D () C:\Users\Liza\Documents\Katie
2014-09-24 20:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-24 20:53 - 2009-06-06 06:26 - 00000907 _____ () C:\Users\CARL\Desktop\Launch Internet Explorer Browser.lnk
2014-09-24 13:07 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 12:29 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-09-24 10:02 - 2012-03-30 16:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 10:02 - 2011-05-19 14:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 06:47 - 2014-07-31 11:57 - 00203574 _____ () C:\Users\CARL\Desktop\1checking.xlsx
2014-09-18 15:03 - 2008-08-21 00:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-18 15:00 - 2013-08-15 11:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-18 14:37 - 2014-05-07 06:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-18 14:37 - 2011-05-17 10:41 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-17 14:36 - 2014-02-04 01:45 - 00000000 ____D () C:\Users\Liza\Documents\Retirement
2014-09-06 03:49 - 2009-07-13 21:33 - 00371536 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-27 17:54

==================== End Of Log ============================



#85 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 October 2014 - 01:19 PM

Success, running LSP-Fix removed the bad file from winsock

 

These should be deleted now

 

Run the fix and post the fixlog and then run a new scan with FRST and post that log also

 

Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
 
Start
CloseProcesses:
2014-09-23 17:05 - 2014-09-01 11:29 - 00020480 _____ (MyOSCompany) C:\Windows\system32\Drivers\pcwatch.sys
2014-09-23 17:03 - 2014-09-01 11:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
Hosts:
EmptyTemp:
End
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#86 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 03 October 2014 - 02:26 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-10-2014
Ran by CARL at 2014-10-03 15:18:33 Run:4
Running from C:\Users\CARL\Desktop
Loaded Profile: CARL (Available profiles: CARL & Liza)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
2014-09-23 17:05 - 2014-09-01 11:29 - 00020480 _____ (MyOSCompany) C:\Windows\system32\Drivers\pcwatch.sys
2014-09-23 17:03 - 2014-09-01 11:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
"C:\Windows\system32\Drivers\pcwatch.sys" => File/Directory not found.
"C:\Windows\system32\MyOSProtect.dll" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 239.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#87 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 03 October 2014 - 02:29 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by CARL (administrator) on CARL-PC on 03-10-2014 15:27:09
Running from C:\Users\CARL\Desktop
Loaded Profile: CARL (Available profiles: CARL & Liza)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
(Sony Electronics, Inc.) C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VWLASU] => C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM\...\Run: [VAIOSurvey] => C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM\...\Run: [VAIOMyMemCenter] => C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [679936 2008-02-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [SmartWiHelper] => C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [77824 2008-06-27] (Sony Electronics Corporation)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6295552 2008-07-02] (Realtek Semiconductor)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1837336 2014-08-13] (Bitdefender)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [65024 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Liza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AOLOverlayIcon] -> {AB0C8BE3-041C-47d6-8195-E089D32B38DD} => C:\DDI\overicon.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x16A6F450C046CB01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 216.177.160.61 216.177.160.60

FireFox:
========
FF ProfilePath: C:\Users\CARL\AppData\Roaming\Mozilla\Firefox\Profiles\f8su429z.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\CARL\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman [2014-03-26]
FF HKLM\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files\Mozilla Firefox\extensions\termtutor@termtutor.com
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-26]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\CARL\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\CARL\AppData\Roaming\Move Networks [2009-05-07]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Users\CARL\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-24]
CHR Extension: (Bitdefender Wallet) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-26]
CHR Extension: (Skype Click to Call) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-05-04]
CHR Extension: (Poppit!) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-17]
CHR Extension: (Google Wallet) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [aaaajhhckaajldjhmbpgleomemmpopjp] - C:\Windows\system32\config\systemprofile\AppData\Local\bandoomusictoolbar\GC\toolbar.crx [2013-06-07]
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-08-13] (Bitdefender)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-11-12] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [480368 2014-09-17] (Bitdefender)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-08-13] (Bitdefender)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-11] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1251808 2014-08-13] (Bitdefender)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1060312 2014-08-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [528248 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-26] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [385096 2014-08-13] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CARL\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 13:04 - 2014-10-03 13:04 - 00021970 _____ () C:\ComboFix.txt
2014-10-03 08:52 - 2014-10-03 08:52 - 00000000 ____D () C:\Users\CARL\Desktop\FRST-OlderVersion
2014-10-02 15:17 - 2014-10-02 15:17 - 00022084 _____ () C:\Users\CARL\Desktop\combofix.txt
2014-10-02 13:50 - 2014-10-02 14:38 - 00000266 _____ () C:\Users\CARL\Desktop\fixes.bat
2014-10-01 19:18 - 2014-10-02 07:20 - 00000000 ____D () C:\Users\Liza\AppData\Local\{37C9B37E-8D21-4944-8858-B247C201E940}
2014-10-01 12:28 - 2014-10-01 12:34 - 00003088 _____ () C:\Users\CARL\Desktop\Rkill.txt
2014-10-01 12:27 - 2014-10-01 12:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\CARL\Desktop\rkill.exe
2014-10-01 08:17 - 2014-10-01 08:17 - 00146960 _____ () C:\Windows\Minidump\100114-22120-01.dmp
2014-10-01 06:54 - 2014-10-01 14:38 - 00051250 _____ () C:\Users\CARL\Desktop\Addition.txt
2014-10-01 06:52 - 2014-10-03 15:27 - 00024320 _____ () C:\Users\CARL\Desktop\FRST.txt
2014-09-30 23:26 - 2014-09-30 23:26 - 00000000 ____D () C:\Users\Liza\AppData\Local\{709843D9-5A76-4B14-BE48-BD68AC33B06D}
2014-09-30 22:21 - 2014-09-30 22:21 - 00186880 _____ (CEXX.ORG) C:\Users\CARL\Desktop\LSPFix.exe
2014-09-30 13:33 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 19:09 - 2014-10-03 08:52 - 00000000 ____D () C:\Users\CARL\Documents\Katie
2014-09-28 19:47 - 2014-09-28 19:48 - 00146952 _____ () C:\Windows\Minidump\092814-23743-01.dmp
2014-09-28 14:10 - 2014-09-28 14:10 - 00146960 _____ () C:\Windows\Minidump\092814-23556-01.dmp
2014-09-28 14:00 - 2014-10-03 13:04 - 00000000 ____D () C:\Qoobox
2014-09-28 14:00 - 2014-10-03 12:52 - 00000000 ____D () C:\Windows\erdnt
2014-09-28 14:00 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-28 14:00 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-28 14:00 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-28 13:52 - 2014-10-02 14:41 - 05582981 ____R (Swearware) C:\Users\CARL\Desktop\ComboFix.exe
2014-09-27 17:14 - 2014-10-01 13:45 - 00000000 ____D () C:\Users\CARL\Malware fixes
2014-09-27 13:38 - 2014-09-27 13:38 - 00000000 ____D () C:\Users\Liza\AppData\Local\{BC296350-9826-4461-89ED-ACC5B53B0351}
2014-09-27 10:20 - 2014-10-03 08:52 - 01100800 _____ (Farbar) C:\Users\CARL\Desktop\FRST.exe
2014-09-27 06:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-27 06:04 - 2014-09-27 06:20 - 00000530 _____ () C:\Users\CARL\Downloads\Result.txt
2014-09-27 05:26 - 2014-10-03 15:23 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-27 05:25 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-27 05:25 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-27 05:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 05:00 - 2014-09-27 05:00 - 00000000 ____D () C:\Windows\ERUNT
2014-09-27 04:53 - 2014-09-27 04:53 - 01699276 _____ (Thisisu) C:\Users\CARL\Downloads\JRT.exe
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\Users\CARL\AppData\Local\Macromedia
2014-09-26 21:20 - 2014-09-26 21:20 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-26 21:20 - 2014-09-26 21:20 - 00000000 ____D () C:\Users\CARL\AppData\Roaming\Mozilla
2014-09-26 21:20 - 2014-09-26 21:20 - 00000000 ____D () C:\Users\CARL\AppData\Local\Mozilla
2014-09-26 21:19 - 2014-09-26 21:19 - 00244136 _____ () C:\Users\CARL\Downloads\Firefox Setup Stub 32.0.3.exe
2014-09-26 20:33 - 2014-10-03 15:27 - 00000000 ____D () C:\FRST
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Users\Liza\AppData\Local\{D1075A40-3AD6-48F8-8D80-DB28A94191A8}
2014-09-25 13:02 - 2014-09-25 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-09-24 21:53 - 2014-09-26 07:50 - 00000065 _____ () C:\Users\CARL\AppData\Roaming\WB.CFG
2014-09-24 20:53 - 2014-09-24 20:53 - 00000000 ____D () C:\Users\CARL\AppData\Local\IsolatedStorage
2014-09-24 20:11 - 2014-09-24 20:11 - 00000000 ____D () C:\Users\Liza\AppData\Local\{E1B82B34-94F7-4795-A227-A07AC026C3C1}
2014-09-24 15:21 - 2014-09-24 21:58 - 01454922 _____ () C:\Users\CARL\Documents\Kanto.pptx
2014-09-24 14:20 - 2014-09-24 14:59 - 02382044 _____ () C:\Users\CARL\Downloads\David_Mythology (1).pptx
2014-09-24 10:02 - 2014-09-24 10:02 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-23 19:26 - 2014-09-23 19:26 - 00147016 _____ () C:\Windows\Minidump\092314-80558-01.dmp
2014-09-23 17:50 - 2014-09-23 17:50 - 00000000 ____D () C:\Users\Liza\AppData\Local\{E36305E3-28E3-4440-9CEA-6993EEE77436}
2014-09-23 17:44 - 2014-09-24 15:02 - 02382035 _____ () C:\Users\CARL\Documents\David_Mythology.pptx
2014-09-23 17:03 - 2014-09-23 17:03 - 18581088 _____ () C:\Users\CARL\Downloads\YGOPro DevPro.zip.thxo3ui.partial
2014-09-23 14:50 - 2014-09-24 15:21 - 01208942 _____ () C:\Users\CARL\Downloads\New_Microsoft_PowerPoint_Presentation.pptx
2014-09-23 13:51 - 2014-09-23 14:37 - 02486374 _____ () C:\Users\CARL\Downloads\David_Mythology.pptx
2014-09-23 12:39 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-22 16:10 - 2014-09-22 16:10 - 00918440 _____ (Oracle Corporation) C:\Users\CARL\Downloads\JavaSetup7u67.com
2014-09-22 16:02 - 2014-09-22 16:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-19 06:27 - 2014-09-19 06:27 - 00000000 ____D () C:\Users\Liza\AppData\Local\{20373E10-274A-4A68-A976-51CB8838D089}
2014-09-18 15:01 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-18 15:01 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-18 15:01 - 2014-08-18 14:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-18 15:01 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-18 15:01 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-18 15:01 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-18 15:01 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-18 15:01 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-18 15:01 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-18 15:01 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-18 15:01 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-18 15:01 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-18 15:01 - 2014-08-18 14:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-18 15:01 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-18 15:01 - 2014-08-18 14:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-18 15:01 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-18 15:01 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-18 15:01 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-18 15:01 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-18 15:01 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-18 15:01 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-18 15:01 - 2014-08-18 14:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-18 15:01 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-18 15:01 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-18 15:00 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-18 15:00 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-18 15:00 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-18 15:00 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-18 15:00 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-18 15:00 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-18 15:00 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-17 08:56 - 2014-07-06 18:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 08:56 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-17 08:55 - 2014-09-04 18:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-17 08:55 - 2014-09-04 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-17 08:55 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-17 08:55 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-16 22:47 - 2014-09-18 14:27 - 00000000 ____D () C:\Users\Liza\AppData\Local\{5EB1F283-A6CA-4AF7-9D54-CA3B9F6782B4}
2014-09-16 19:49 - 2014-09-16 19:49 - 00000000 ____D () C:\found.000
2014-09-13 01:51 - 2014-09-13 01:51 - 00000000 ____D () C:\Users\Liza\AppData\Local\{F5899911-E6E6-4F67-82C6-BD68481CA883}
2014-09-12 21:19 - 2014-09-12 21:19 - 00000000 ____D () C:\Users\Liza\AppData\Local\{3A5CF58D-05AD-4421-8942-EA191F6D89C7}
2014-09-12 21:15 - 2014-09-12 21:15 - 01510144 _____ () C:\Windows\Minidump\091214-45583-01.dmp
2014-09-06 03:51 - 2014-09-06 03:51 - 00000000 ____D () C:\Users\Liza\AppData\Local\{7825CC49-70F8-493E-88C9-B07B93EB1007}
2014-09-05 10:15 - 2014-09-05 10:15 - 00000000 ____D () C:\Users\Liza\AppData\Local\{7771BBE8-4AA6-4FE3-9C86-A5E64EC94CA1}
2014-09-04 05:01 - 2014-09-04 22:14 - 00000000 ____D () C:\Users\Liza\AppData\Local\{EAF1BEA1-C915-4AB8-9435-5AC345EB9F88}
2014-09-04 03:58 - 2014-08-22 18:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-04 03:58 - 2014-08-22 17:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-04 03:51 - 2014-05-14 09:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-04 03:51 - 2014-05-14 09:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-04 03:51 - 2014-05-14 09:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-04 03:51 - 2014-05-14 09:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-04 03:50 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-04 03:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 15:22 - 2012-02-14 17:28 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cceb78bbbe067a.job
2014-10-03 15:22 - 2010-03-14 13:07 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 15:21 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 15:21 - 2009-07-13 21:39 - 01516743 _____ () C:\Windows\setupact.log
2014-10-03 15:19 - 2012-02-14 17:28 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cceb78bf10241d.job
2014-10-03 15:19 - 2011-05-04 15:42 - 01716148 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 15:19 - 2011-05-04 15:28 - 00288028 _____ () C:\Windows\PFRO.log
2014-10-03 15:07 - 2010-03-14 13:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 15:02 - 2012-08-31 15:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 14:45 - 2011-12-01 19:51 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001UA.job
2014-10-03 13:03 - 2011-05-04 15:05 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 13:03 - 2011-05-04 15:05 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 12:57 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-03 12:52 - 2009-07-13 19:03 - 63520768 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 19660800 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 00978944 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 00090112 _____ () C:\Windows\system32\config\SAM.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-02 17:45 - 2011-12-01 19:51 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001Core.job
2014-10-02 15:14 - 2011-05-04 15:49 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 14:31 - 2014-02-03 09:23 - 00000000 ____D () C:\Users\CARL\AppData\Roaming\Canon
2014-10-01 19:18 - 2010-09-11 07:57 - 00000000 ____D () C:\Users\Liza\Tracing
2014-10-01 15:15 - 2012-02-26 09:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-01 15:15 - 2011-04-11 21:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-01 08:17 - 2011-07-30 11:43 - 384205671 _____ () C:\Windows\MEMORY.DMP
2014-10-01 08:17 - 2011-07-30 11:43 - 00000000 ____D () C:\Windows\Minidump
2014-09-30 23:03 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-09-27 18:04 - 2011-05-04 15:06 - 00000000 ____D () C:\Users\CARL
2014-09-27 11:16 - 2011-04-11 21:52 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-27 09:54 - 2013-09-30 20:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-27 06:47 - 2009-01-09 22:21 - 00000000 ____D () C:\TEMP
2014-09-27 06:44 - 2012-06-27 12:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 05:39 - 2011-02-02 01:33 - 00000000 ____D () C:\ProgramData\Temp
2014-09-26 21:20 - 2012-06-27 12:00 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-25 19:50 - 2010-09-10 16:01 - 00000000 ____D () C:\Users\Liza\Documents\Katie
2014-09-24 20:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-24 20:53 - 2009-06-06 06:26 - 00000907 _____ () C:\Users\CARL\Desktop\Launch Internet Explorer Browser.lnk
2014-09-24 13:07 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 12:29 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-09-24 10:02 - 2012-03-30 16:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 10:02 - 2011-05-19 14:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 06:47 - 2014-07-31 11:57 - 00203574 _____ () C:\Users\CARL\Desktop\1checking.xlsx
2014-09-18 15:03 - 2008-08-21 00:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-18 15:00 - 2013-08-15 11:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-18 14:37 - 2014-05-07 06:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-18 14:37 - 2011-05-17 10:41 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-17 14:36 - 2014-02-04 01:45 - 00000000 ____D () C:\Users\Liza\Documents\Retirement
2014-09-06 03:49 - 2009-07-13 21:33 - 00371536 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-27 17:54

==================== End Of Log ============================

#88 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 October 2014 - 03:40 PM

:clap:

 

Been a long hard ride but we got there in the end, how is your system behaving now ??



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#89 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 03 October 2014 - 03:51 PM

seems to be running okay.  Definitely no popups.  appreciated all your hard work and patience. 



#90 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 October 2014 - 04:14 PM

Wonderfull, hope this has been a learning experience for you, watch out what you download and the sites you go in. You installed Malwarebytes Free Version, if you upgrade to the Pro Version it has a protection module that blocks known bad sites from loading, the cost is minimal but this of course is up to you.

 

 

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
  •  
     
    ==========================================================
     
     
    Please download DelFix and save the file to your Desktop.
     
  • Windows XP Double Click DelFix.exe to run the program. 
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
  • Place a checkmark next to the following items
  • Activate UAC
  • Remove Disinfection Tools
  • Create registry backup
  • Reset System Settings
  •  
    Click the Run button
     
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
    ==========================================================
     
     
     
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
  • Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
  •  
     
    Safe Surfn
    Ken


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users