lnr123bsr

Members
  • Content count

    60
  • Joined

  • Last visited

About lnr123bsr

  • Rank
    Regular Member
  1. FRST.txt is attached FRST.txt
  2. I don't have anything running on my computer yet I can hear it doing something. When I check Task Manager the CPU usage is up to 75-100% which is not normal for my computer. I have run Malwarebytes but nothing is found. Help please. Thanks.
  3. I tried to open a website and immediately got a pop-up box saying I needed to Update Adobe. I immediately closed it (without updating) but it kept popping up. I ran Malwarebytes and it removed 3 items. I restarted but there was still a problem as there were two instances of MS Visual Studio 2010 running (only visible in task manager) and they were using tons of memory. I would End Process, but they would immediately restart. Under Startup (in msconfig) I could disable these two items, but it would not save the changes. I was finally able to delete the file and when I tried to reboot, I experienced problems so I rebooted as Last Known Configuration. Everything seems okay right now...the items are no longer in Startup,..and Malwarebytes doesn't find anything (I had to reinstall Malwarebytes), but how can I be sure? Thanks.
  4. Scan results: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 28 days old and could be outdated) Ran by Leslie (administrator) on LESLIE-PC on 10-04-2014 15:03:21 Running from C:\temp Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) C:\Windows\eHome\EhTray.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Microsoft Corporation) C:\Windows\ehome\ehRec.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\PCANotify: C:\Windows\system32\PCANotify.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E9388ADC4E0CE01 SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\gk0ks86b.default-1384008138800 FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Leslie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-24] FF HKCU\...\Firefox\Extensions: [{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}] - C:\Users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C} FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-24] ========================== Services (Whitelisted) ================= S3 awhost32; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [106496 2003-05-29] (Symantec Corporation) S3 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2005-11-09] () S4 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [26496 2012-11-21] (Memeo) S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195400 2012-09-25] (NETGEAR) S3 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [110592 2005-11-09] ( ) R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-03-11] (Intuit Inc.) S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S4 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo) ==================== Drivers (Whitelisted) ==================== R1 awlegacy; C:\Windows\System32\Drivers\awlegacy.sys [10901 2003-04-21] (Symantec Corporation) S4 AW_HOST; C:\Windows\System32\drivers\aw_host5.sys [24365 2003-05-05] (Symantec Corporation) R0 Gernuwa; C:\Windows\system32\Drivers\Gernuwa.sys [13898 2003-04-21] (Symantec Corporation) S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.) S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.) S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [73496 2010-03-09] (Symantec Corporation) S3 XIRLINK; C:\Windows\System32\DRIVERS\C-itnt.sys [486176 2000-09-26] (Xirlink, Inc) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\Users\Leslie\AppData\Local\Temp\catchme.sys [X] S3 lmimirr; system32\DRIVERS\lmimirr.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 15:11 - 2014-04-10 15:03 - 00000000 ____D () C:\FRST 2014-04-09 15:09 - 2014-04-09 15:09 - 01145856 _____ (Farbar) C:\Users\Leslie\Downloads\FRST.exe 2014-04-09 12:06 - 2014-04-09 12:06 - 00015437 _____ () C:\ComboFix.txt 2014-04-09 08:20 - 2014-04-09 08:20 - 00448512 _____ (OldTimer Tools) C:\Users\Leslie\Desktop\TFC.exe 2014-04-08 17:23 - 2014-04-08 17:27 - 00000000 ____D () C:\AdwCleaner 2014-04-08 17:22 - 2014-04-08 17:22 - 01426178 _____ () C:\Users\Leslie\Desktop\AdwCleaner.exe 2014-04-07 23:05 - 2014-04-09 12:06 - 00000000 ____D () C:\Qoobox 2014-04-07 23:05 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-07 23:05 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-07 23:05 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-07 23:05 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-07 23:05 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-07 23:05 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-07 23:05 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-07 23:05 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-07 23:03 - 2014-04-09 10:38 - 05196025 ____R (Swearware) C:\Users\Leslie\Desktop\ComboFix.exe 2014-04-07 22:51 - 2014-04-07 22:51 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Leslie\Desktop\tdsskiller.exe 2014-04-07 20:57 - 2014-04-07 20:57 - 00028540 _____ () C:\Users\Leslie\Desktop\RKreport[0]_S_04072014_205737.txt 2014-04-07 20:53 - 2014-04-07 21:00 - 00000000 ____D () C:\Users\Leslie\Desktop\RK_Quarantine 2014-04-07 20:52 - 2014-04-07 20:52 - 03972608 _____ () C:\Users\Leslie\Downloads\RogueKiller.exe 2014-04-07 19:18 - 2014-04-07 19:18 - 00012173 _____ () C:\Users\Leslie\Desktop\dds.txt 2014-04-07 19:18 - 2014-04-07 19:18 - 00008143 _____ () C:\Users\Leslie\Desktop\attach.txt 2014-04-07 19:17 - 2014-04-07 19:18 - 00688992 ____R (Swearware) C:\Users\Leslie\Downloads\dds.com 2014-04-07 00:18 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-07 00:17 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-07 00:17 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-07 00:17 - 2014-03-01 00:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-07 00:17 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-07 00:17 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-07 00:17 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-07 00:17 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-07 00:17 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-07 00:17 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-07 00:17 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-07 00:17 - 2014-02-28 23:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-07 00:17 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-07 00:17 - 2014-02-28 23:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-07 00:17 - 2014-02-28 23:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-07 00:17 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-07 00:17 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-07 00:17 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-07 00:17 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-07 00:17 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-07 00:17 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-07 00:17 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-07 00:17 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-17 15:40 - 2014-03-17 15:40 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\Roxio 2014-03-12 15:23 - 2014-03-12 15:28 - 00006548 _____ () C:\Windows\IE10_main.log 2014-03-12 14:08 - 2014-02-06 21:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 14:08 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-03-12 14:08 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-03-12 14:07 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 14:07 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 14:07 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 14:07 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 14:07 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-03-12 14:07 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-03-12 14:07 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-03-12 14:07 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-03-12 14:06 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-03-12 14:06 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-03-12 14:06 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-03-12 14:06 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-03-12 14:06 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-03-12 14:06 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-03-12 14:06 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-03-12 14:06 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-03-12 14:06 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe ==================== One Month Modified Files and Folders ======= 2014-04-10 15:03 - 2014-04-09 15:11 - 00000000 ____D () C:\FRST 2014-04-10 14:59 - 2013-12-01 10:39 - 00002320 _____ () C:\Windows\setupact.log 2014-04-10 14:59 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-10 14:58 - 2009-07-14 00:55 - 01393234 _____ () C:\Windows\WindowsUpdate.log 2014-04-10 13:42 - 2009-12-03 16:59 - 00785112 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-09 23:38 - 2010-02-16 17:47 - 00000000 ____D () C:\Users\Leslie\Documents\Excel 2014-04-09 18:05 - 2010-09-27 14:55 - 00002332 _____ () C:\Users\Leslie\Documents\Default.rdp 2014-04-09 15:09 - 2014-04-09 15:09 - 01145856 _____ (Farbar) C:\Users\Leslie\Downloads\FRST.exe 2014-04-09 14:53 - 2010-08-25 11:45 - 00000000 ____D () C:\Users\Leslie\Documents\My Scans 2014-04-09 14:51 - 2010-02-16 17:48 - 00000000 ____D () C:\Users\Leslie\Documents\Adobe 2014-04-09 13:29 - 2010-03-16 00:39 - 00000000 ____D () C:\ProgramData\HP 2014-04-09 13:24 - 2009-07-14 00:34 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 13:24 - 2009-07-14 00:34 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 13:19 - 2013-11-06 09:20 - 00237222 _____ () C:\Windows\PFRO.log 2014-04-09 12:06 - 2014-04-09 12:06 - 00015437 _____ () C:\ComboFix.txt 2014-04-09 12:06 - 2014-04-07 23:05 - 00000000 ____D () C:\Qoobox 2014-04-09 12:05 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini 2014-04-09 10:38 - 2014-04-07 23:03 - 05196025 ____R (Swearware) C:\Users\Leslie\Desktop\ComboFix.exe 2014-04-09 09:26 - 2012-04-01 09:19 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-04-09 08:20 - 2014-04-09 08:20 - 00448512 _____ (OldTimer Tools) C:\Users\Leslie\Desktop\TFC.exe 2014-04-08 17:27 - 2014-04-08 17:23 - 00000000 ____D () C:\AdwCleaner 2014-04-08 17:22 - 2014-04-08 17:22 - 01426178 _____ () C:\Users\Leslie\Desktop\AdwCleaner.exe 2014-04-07 22:51 - 2014-04-07 22:51 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Leslie\Desktop\tdsskiller.exe 2014-04-07 22:46 - 2010-02-16 17:47 - 00000000 ____D () C:\Users\Leslie\Documents\Word 2014-04-07 21:00 - 2014-04-07 20:53 - 00000000 ____D () C:\Users\Leslie\Desktop\RK_Quarantine 2014-04-07 20:57 - 2014-04-07 20:57 - 00028540 _____ () C:\Users\Leslie\Desktop\RKreport[0]_S_04072014_205737.txt 2014-04-07 20:52 - 2014-04-07 20:52 - 03972608 _____ () C:\Users\Leslie\Downloads\RogueKiller.exe 2014-04-07 20:22 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-07 19:18 - 2014-04-07 19:18 - 00012173 _____ () C:\Users\Leslie\Desktop\dds.txt 2014-04-07 19:18 - 2014-04-07 19:18 - 00008143 _____ () C:\Users\Leslie\Desktop\attach.txt 2014-04-07 19:18 - 2014-04-07 19:17 - 00688992 ____R (Swearware) C:\Users\Leslie\Downloads\dds.com 2014-04-07 19:02 - 2009-07-14 00:53 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-07 18:38 - 2010-03-13 23:07 - 00007618 _____ () C:\Users\Leslie\AppData\Local\Resmon.ResmonCfg 2014-04-05 10:02 - 2012-08-26 19:59 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\.minecraft 2014-03-27 16:05 - 2013-05-24 16:25 - 00000000 ____D () C:\Quickbooks backup files 2014-03-26 16:12 - 2013-10-07 10:38 - 00000000 ____D () C:\Users\Leslie\AppData\Local\Deployment 2014-03-26 16:12 - 2010-03-10 01:35 - 00000000 ____D () C:\Users\Leslie\AppData\Local\Apps\2.0 2014-03-17 15:40 - 2014-03-17 15:40 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\Roxio 2014-03-12 16:21 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache 2014-03-12 15:52 - 2014-01-27 16:46 - 00014701 _____ () C:\Windows\IE11_main.log 2014-03-12 15:28 - 2014-03-12 15:23 - 00006548 _____ () C:\Windows\IE10_main.log 2014-03-12 15:20 - 2013-11-16 04:18 - 00001415 _____ () C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-12 15:05 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-12 14:23 - 2014-01-27 16:57 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-12 14:23 - 2014-01-27 16:57 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-12 14:23 - 2009-07-14 00:33 - 00311808 _____ () C:\Windows\system32\FNTCACHE.DAT ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 12:24 ==================== End Of Log ============================
  5. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by Leslie at 2014-04-10 14:58:24 Run:1 Running from C:\temp Boot Mode: Normal ============================================== Content of fixlist: ***************** Replace: c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll c:\windows\System32\rpcss.dll 2014-04-09 13:30 - 2014-04-09 14:30 - 00000069 _____ () C:\Windows\system32\avdkxup.gas 2014-04-09 13:21 - 2014-04-09 13:21 - 00000028 _____ () C:\Windows\system32\u 2014-04-09 13:19 - 2014-04-09 13:19 - 00000064 _____ () C:\Windows\system32\wzziz.jvk 2014-04-09 13:19 - 2014-04-09 13:19 - 00000000 _____ () C:\Windows\system32\eqonjtc.btj 2014-04-09 13:03 - 2014-04-09 13:03 - 00236655 ____S () C:\Windows\system32\vsbe.pfx 2014-04-08 17:39 - 2014-04-08 17:39 - 00000000 ____S () C:\Windows\system32\uaqxwo.gxk 2014-04-08 15:10 - 2014-04-09 13:10 - 00000088 _____ () C:\Windows\system32\yoqw.rhc 2014-04-08 15:00 - 2014-04-08 15:00 - 00000064 _____ () C:\Windows\system32\isxjr.rcf 2014-04-08 15:00 - 2014-04-08 15:00 - 00000000 _____ () C:\Windows\system32\cpdkk.ija 2014-04-08 14:44 - 2014-04-08 14:44 - 00305834 ____S () C:\Windows\system32\irmss.lil 2014-04-07 17:21 - 2014-04-07 17:21 - 00000000 ____S () C:\Windows\system32\afcun.kyn 2014-04-06 11:36 - 2014-04-06 11:36 - 00000000 ____S () C:\Windows\system32\jxjckpf.yqd 2014-04-02 23:13 - 2014-04-02 23:14 - 29007783 _____ () C:\Users\Leslie\Downloads\Kimberly Janelle-1396494759364.zip 2014-04-02 23:00 - 2014-04-02 23:00 - 00000000 ____S () C:\Windows\system32\qxymlei.uhk 2014-04-01 23:45 - 2014-04-08 13:50 - 00000083 _____ () C:\Windows\system32\immoorc.ohs 2014-04-01 23:34 - 2014-04-01 23:34 - 00000064 _____ () C:\Windows\system32\ewiz.ypq 2014-04-01 23:34 - 2014-04-01 23:34 - 00000000 _____ () C:\Windows\system32\nvbo.pjh 2014-04-01 23:18 - 2014-04-01 23:18 - 00299344 ____S () C:\Windows\system32\icgl.nci 2014-04-09 13:21 - 2014-04-09 13:21 - 00000028 _____ () C:\Windows\system32\u 2014-04-06 21:30 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp ***************** c:\windows\System32\rpcss.dll => Moved successfully. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll copied successfully to c:\windows\System32\rpcss.dll C:\Windows\system32\avdkxup.gas => Moved successfully. C:\Windows\system32\u => Moved successfully. C:\Windows\system32\wzziz.jvk => Moved successfully. Could not move "C:\Windows\system32\eqonjtc.btj" => Scheduled to move on reboot. Could not move "C:\Windows\system32\vsbe.pfx" => Scheduled to move on reboot. C:\Windows\system32\uaqxwo.gxk => Moved successfully. C:\Windows\system32\yoqw.rhc => Moved successfully. C:\Windows\system32\isxjr.rcf => Moved successfully. C:\Windows\system32\cpdkk.ija => Moved successfully. C:\Windows\system32\irmss.lil => Moved successfully. C:\Windows\system32\afcun.kyn => Moved successfully. C:\Windows\system32\jxjckpf.yqd => Moved successfully. C:\Users\Leslie\Downloads\Kimberly Janelle-1396494759364.zip => Moved successfully. C:\Windows\system32\qxymlei.uhk => Moved successfully. C:\Windows\system32\immoorc.ohs => Moved successfully. C:\Windows\system32\ewiz.ypq => Moved successfully. C:\Windows\system32\nvbo.pjh => Moved successfully. C:\Windows\system32\icgl.nci => Moved successfully. "C:\Windows\system32\u" => File/Directory not found. C:\Windows\System32\FxsTmp => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-10 15:01:29)<= C:\Windows\system32\eqonjtc.btj => Is moved successfully. C:\Windows\system32\vsbe.pfx => Is moved successfully. ==== End of Fixlog ==== I will run the scan now.
  6. After the unexpected shutdown, I am not experiencing any background noise. I ran FRST. Here are the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 27 days old and could be outdated) Ran by Leslie (administrator) on LESLIE-PC on 09-04-2014 15:11:25 Running from C:\temp Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\PCANotify: C:\Windows\system32\PCANotify.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E9388ADC4E0CE01 SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\gk0ks86b.default-1384008138800 FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Leslie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-24] FF HKCU\...\Firefox\Extensions: [{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}] - C:\Users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C} FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-24] ========================== Services (Whitelisted) ================= S3 awhost32; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [106496 2003-05-29] (Symantec Corporation) S3 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2005-11-09] () S4 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [26496 2012-11-21] (Memeo) S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195400 2012-09-25] (NETGEAR) S3 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [110592 2005-11-09] ( ) R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-03-11] (Intuit Inc.) S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S4 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo) ==================== Drivers (Whitelisted) ==================== R1 awlegacy; C:\Windows\System32\Drivers\awlegacy.sys [10901 2003-04-21] (Symantec Corporation) S4 AW_HOST; C:\Windows\System32\drivers\aw_host5.sys [24365 2003-05-05] (Symantec Corporation) R0 Gernuwa; C:\Windows\system32\Drivers\Gernuwa.sys [13898 2003-04-21] (Symantec Corporation) S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.) S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.) S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [73496 2010-03-09] (Symantec Corporation) S3 XIRLINK; C:\Windows\System32\DRIVERS\C-itnt.sys [486176 2000-09-26] (Xirlink, Inc) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\Users\Leslie\AppData\Local\Temp\catchme.sys [X] S3 lmimirr; system32\DRIVERS\lmimirr.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 15:11 - 2014-04-09 15:11 - 00000000 ____D () C:\FRST 2014-04-09 15:09 - 2014-04-09 15:09 - 01145856 _____ (Farbar) C:\Users\Leslie\Downloads\FRST.exe 2014-04-09 13:30 - 2014-04-09 14:30 - 00000069 _____ () C:\Windows\system32\avdkxup.gas 2014-04-09 13:21 - 2014-04-09 13:21 - 00000028 _____ () C:\Windows\system32\u 2014-04-09 13:19 - 2014-04-09 13:19 - 00000064 _____ () C:\Windows\system32\wzziz.jvk 2014-04-09 13:19 - 2014-04-09 13:19 - 00000000 _____ () C:\Windows\system32\eqonjtc.btj 2014-04-09 13:03 - 2014-04-09 13:03 - 00236655 ____S () C:\Windows\system32\vsbe.pfx 2014-04-09 12:06 - 2014-04-09 12:06 - 00015437 _____ () C:\ComboFix.txt 2014-04-09 08:20 - 2014-04-09 08:20 - 00448512 _____ (OldTimer Tools) C:\Users\Leslie\Desktop\TFC.exe 2014-04-08 17:39 - 2014-04-08 17:39 - 00000000 ____S () C:\Windows\system32\uaqxwo.gxk 2014-04-08 17:23 - 2014-04-08 17:27 - 00000000 ____D () C:\AdwCleaner 2014-04-08 17:22 - 2014-04-08 17:22 - 01426178 _____ () C:\Users\Leslie\Desktop\AdwCleaner.exe 2014-04-08 15:10 - 2014-04-09 13:10 - 00000088 _____ () C:\Windows\system32\yoqw.rhc 2014-04-08 15:00 - 2014-04-08 15:00 - 00000064 _____ () C:\Windows\system32\isxjr.rcf 2014-04-08 15:00 - 2014-04-08 15:00 - 00000000 _____ () C:\Windows\system32\cpdkk.ija 2014-04-08 14:44 - 2014-04-08 14:44 - 00305834 ____S () C:\Windows\system32\irmss.lil 2014-04-07 23:05 - 2014-04-09 12:06 - 00000000 ____D () C:\Qoobox 2014-04-07 23:05 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-07 23:05 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-07 23:05 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-07 23:05 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-07 23:05 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-07 23:05 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-07 23:05 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-07 23:05 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-07 23:03 - 2014-04-09 10:38 - 05196025 ____R (Swearware) C:\Users\Leslie\Desktop\ComboFix.exe 2014-04-07 22:51 - 2014-04-07 22:51 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Leslie\Desktop\tdsskiller.exe 2014-04-07 20:57 - 2014-04-07 20:57 - 00028540 _____ () C:\Users\Leslie\Desktop\RKreport[0]_S_04072014_205737.txt 2014-04-07 20:53 - 2014-04-07 21:00 - 00000000 ____D () C:\Users\Leslie\Desktop\RK_Quarantine 2014-04-07 20:52 - 2014-04-07 20:52 - 03972608 _____ () C:\Users\Leslie\Downloads\RogueKiller.exe 2014-04-07 19:18 - 2014-04-07 19:18 - 00012173 _____ () C:\Users\Leslie\Desktop\dds.txt 2014-04-07 19:18 - 2014-04-07 19:18 - 00008143 _____ () C:\Users\Leslie\Desktop\attach.txt 2014-04-07 19:17 - 2014-04-07 19:18 - 00688992 ____R (Swearware) C:\Users\Leslie\Downloads\dds.com 2014-04-07 17:21 - 2014-04-07 17:21 - 00000000 ____S () C:\Windows\system32\afcun.kyn 2014-04-07 00:18 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-07 00:17 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-07 00:17 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-07 00:17 - 2014-03-01 00:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-07 00:17 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-07 00:17 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-07 00:17 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-07 00:17 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-07 00:17 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-07 00:17 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-07 00:17 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-07 00:17 - 2014-02-28 23:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-07 00:17 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-07 00:17 - 2014-02-28 23:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-07 00:17 - 2014-02-28 23:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-07 00:17 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-07 00:17 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-07 00:17 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-07 00:17 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-07 00:17 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-07 00:17 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-07 00:17 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-07 00:17 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-06 11:36 - 2014-04-06 11:36 - 00000000 ____S () C:\Windows\system32\jxjckpf.yqd 2014-04-02 23:13 - 2014-04-02 23:14 - 29007783 _____ () C:\Users\Leslie\Downloads\Kimberly Janelle-1396494759364.zip 2014-04-02 23:00 - 2014-04-02 23:00 - 00000000 ____S () C:\Windows\system32\qxymlei.uhk 2014-04-01 23:45 - 2014-04-08 13:50 - 00000083 _____ () C:\Windows\system32\immoorc.ohs 2014-04-01 23:34 - 2014-04-01 23:34 - 00000064 _____ () C:\Windows\system32\ewiz.ypq 2014-04-01 23:34 - 2014-04-01 23:34 - 00000000 _____ () C:\Windows\system32\nvbo.pjh 2014-04-01 23:18 - 2014-04-01 23:18 - 00299344 ____S () C:\Windows\system32\icgl.nci 2014-03-17 15:40 - 2014-03-17 15:40 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\Roxio 2014-03-12 15:23 - 2014-03-12 15:28 - 00006548 _____ () C:\Windows\IE10_main.log 2014-03-12 14:08 - 2014-02-06 21:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 14:08 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-03-12 14:08 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-03-12 14:07 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 14:07 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 14:07 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 14:07 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-12 14:07 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-03-12 14:07 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-03-12 14:07 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-03-12 14:07 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-03-12 14:06 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-03-12 14:06 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-03-12 14:06 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-03-12 14:06 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-03-12 14:06 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-03-12 14:06 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-03-12 14:06 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-03-12 14:06 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-03-12 14:06 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe ==================== One Month Modified Files and Folders ======= 2014-04-09 15:11 - 2014-04-09 15:11 - 00000000 ____D () C:\FRST 2014-04-09 15:09 - 2014-04-09 15:09 - 01145856 _____ (Farbar) C:\Users\Leslie\Downloads\FRST.exe 2014-04-09 14:53 - 2010-08-25 11:45 - 00000000 ____D () C:\Users\Leslie\Documents\My Scans 2014-04-09 14:51 - 2010-02-16 17:48 - 00000000 ____D () C:\Users\Leslie\Documents\Adobe 2014-04-09 14:30 - 2014-04-09 13:30 - 00000069 _____ () C:\Windows\system32\avdkxup.gas 2014-04-09 13:29 - 2010-03-16 00:39 - 00000000 ____D () C:\ProgramData\HP 2014-04-09 13:24 - 2009-12-03 16:59 - 00785112 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-09 13:24 - 2009-07-14 00:34 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 13:24 - 2009-07-14 00:34 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 13:22 - 2009-07-14 00:55 - 01389223 _____ () C:\Windows\WindowsUpdate.log 2014-04-09 13:21 - 2014-04-09 13:21 - 00000028 _____ () C:\Windows\system32\u 2014-04-09 13:19 - 2014-04-09 13:19 - 00000064 _____ () C:\Windows\system32\wzziz.jvk 2014-04-09 13:19 - 2014-04-09 13:19 - 00000000 _____ () C:\Windows\system32\eqonjtc.btj 2014-04-09 13:19 - 2013-12-01 10:39 - 00002264 _____ () C:\Windows\setupact.log 2014-04-09 13:19 - 2013-11-06 09:20 - 00237222 _____ () C:\Windows\PFRO.log 2014-04-09 13:19 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-09 13:10 - 2014-04-08 15:10 - 00000088 _____ () C:\Windows\system32\yoqw.rhc 2014-04-09 13:03 - 2014-04-09 13:03 - 00236655 ____S () C:\Windows\system32\vsbe.pfx 2014-04-09 12:06 - 2014-04-09 12:06 - 00015437 _____ () C:\ComboFix.txt 2014-04-09 12:06 - 2014-04-07 23:05 - 00000000 ____D () C:\Qoobox 2014-04-09 12:05 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini 2014-04-09 10:38 - 2014-04-07 23:03 - 05196025 ____R (Swearware) C:\Users\Leslie\Desktop\ComboFix.exe 2014-04-09 09:26 - 2012-04-01 09:19 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-04-09 08:20 - 2014-04-09 08:20 - 00448512 _____ (OldTimer Tools) C:\Users\Leslie\Desktop\TFC.exe 2014-04-08 17:39 - 2014-04-08 17:39 - 00000000 ____S () C:\Windows\system32\uaqxwo.gxk 2014-04-08 17:27 - 2014-04-08 17:23 - 00000000 ____D () C:\AdwCleaner 2014-04-08 17:22 - 2014-04-08 17:22 - 01426178 _____ () C:\Users\Leslie\Desktop\AdwCleaner.exe 2014-04-08 15:00 - 2014-04-08 15:00 - 00000064 _____ () C:\Windows\system32\isxjr.rcf 2014-04-08 15:00 - 2014-04-08 15:00 - 00000000 _____ () C:\Windows\system32\cpdkk.ija 2014-04-08 14:44 - 2014-04-08 14:44 - 00305834 ____S () C:\Windows\system32\irmss.lil 2014-04-08 13:50 - 2014-04-01 23:45 - 00000083 _____ () C:\Windows\system32\immoorc.ohs 2014-04-07 22:51 - 2014-04-07 22:51 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Leslie\Desktop\tdsskiller.exe 2014-04-07 22:46 - 2010-02-16 17:47 - 00000000 ____D () C:\Users\Leslie\Documents\Word 2014-04-07 21:00 - 2014-04-07 20:53 - 00000000 ____D () C:\Users\Leslie\Desktop\RK_Quarantine 2014-04-07 20:57 - 2014-04-07 20:57 - 00028540 _____ () C:\Users\Leslie\Desktop\RKreport[0]_S_04072014_205737.txt 2014-04-07 20:52 - 2014-04-07 20:52 - 03972608 _____ () C:\Users\Leslie\Downloads\RogueKiller.exe 2014-04-07 20:22 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-07 19:18 - 2014-04-07 19:18 - 00012173 _____ () C:\Users\Leslie\Desktop\dds.txt 2014-04-07 19:18 - 2014-04-07 19:18 - 00008143 _____ () C:\Users\Leslie\Desktop\attach.txt 2014-04-07 19:18 - 2014-04-07 19:17 - 00688992 ____R (Swearware) C:\Users\Leslie\Downloads\dds.com 2014-04-07 19:02 - 2009-07-14 00:53 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-07 18:38 - 2010-03-13 23:07 - 00007618 _____ () C:\Users\Leslie\AppData\Local\Resmon.ResmonCfg 2014-04-07 17:21 - 2014-04-07 17:21 - 00000000 ____S () C:\Windows\system32\afcun.kyn 2014-04-06 22:55 - 2010-09-27 14:55 - 00002332 _____ () C:\Users\Leslie\Documents\Default.rdp 2014-04-06 21:30 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-04-06 11:36 - 2014-04-06 11:36 - 00000000 ____S () C:\Windows\system32\jxjckpf.yqd 2014-04-05 10:02 - 2012-08-26 19:59 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\.minecraft 2014-04-02 23:14 - 2014-04-02 23:13 - 29007783 _____ () C:\Users\Leslie\Downloads\Kimberly Janelle-1396494759364.zip 2014-04-02 23:00 - 2014-04-02 23:00 - 00000000 ____S () C:\Windows\system32\qxymlei.uhk 2014-04-01 23:34 - 2014-04-01 23:34 - 00000064 _____ () C:\Windows\system32\ewiz.ypq 2014-04-01 23:34 - 2014-04-01 23:34 - 00000000 _____ () C:\Windows\system32\nvbo.pjh 2014-04-01 23:18 - 2014-04-01 23:18 - 00299344 ____S () C:\Windows\system32\icgl.nci 2014-03-31 12:39 - 2010-02-16 17:47 - 00000000 ____D () C:\Users\Leslie\Documents\Excel 2014-03-27 16:05 - 2013-05-24 16:25 - 00000000 ____D () C:\Quickbooks backup files 2014-03-26 16:12 - 2013-10-07 10:38 - 00000000 ____D () C:\Users\Leslie\AppData\Local\Deployment 2014-03-26 16:12 - 2010-03-10 01:35 - 00000000 ____D () C:\Users\Leslie\AppData\Local\Apps\2.0 2014-03-17 15:40 - 2014-03-17 15:40 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\Roxio 2014-03-12 16:21 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache 2014-03-12 15:52 - 2014-01-27 16:46 - 00014701 _____ () C:\Windows\IE11_main.log 2014-03-12 15:28 - 2014-03-12 15:23 - 00006548 _____ () C:\Windows\IE10_main.log 2014-03-12 15:20 - 2013-11-16 04:18 - 00001415 _____ () C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-12 15:05 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-12 14:23 - 2014-01-27 16:57 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-12 14:23 - 2014-01-27 16:57 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-12 14:23 - 2009-07-14 00:33 - 00311808 _____ () C:\Windows\system32\FNTCACHE.DAT ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll [2011-03-13 18:55] - [2010-11-20 08:21] - 0380416 ____A (Microsoft Corporation) D75091A9279BB4632CA45AC1162DF2FB ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 12:24 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Leslie at 2014-04-09 15:11:44 Running from C:\temp Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden Adobe Acrobat 9 Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems) Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version: - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden Aleks 3.15 (HKLM\...\Aleks 3.15) (Version: - ) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden C7200 (Version: 130.0.365.000 - Hewlett-Packard) Hidden C7200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.0.1.2 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.) Canon Personal Printing Guide (HKLM\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.) Canon PowerShot SX120 IS Camera User Guide (HKLM\...\CameraUserGuide-PSSX120IS) (Version: 1.0.1.2 - Canon Inc.) Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.3.0.4 - Canon Inc.) Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.4.1.10 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.0.0.19 - Canon Inc.) Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.4.0.7 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.) Citrix Online Launcher (HKLM\...\{3318B54A-B5A8-49B1-8016-753DC6CAC63B}) (Version: 1.0.110 - Citrix) Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.) Citrix online plug-in (DV) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden Citrix online plug-in (HDX) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden Citrix online plug-in (USB) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden Citrix online plug-in (Web) (Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden Dell Backup and Recovery Manager (HKLM\...\{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}) (Version: 1.1.0 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc) Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden GoToMeeting 5.7.0.1172 (HKCU\...\GoToMeeting) (Version: 5.7.0.1172 - CitrixOnline) GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation) Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.) iVideo Converter (HKLM\...\iVideo Converter) (Version: - ) Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden LEGO MINDSTORMS EV3 (HKLM\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group) LEGO MINDSTORMS EV3 Home Content (Version: 1.0.259 - The LEGO Group) Hidden LEGO MINDSTORMS EV3 Home Edition (Version: 1.0.346 - The LEGO Group) Hidden LEGO MINDSTORMS EV3 Home English Support (Version: 1.0.229 - The LEGO Group) Hidden LEGO MINDSTORMS EV3 Uninstaller (Version: 1.0.11 - The LEGO Group) Hidden LEGO MINDSTORMS NXT Driver (HKLM\...\{FA2B75F7-6037-4C34-9F3B-3E4320C4CC61}) (Version: 1.20.111.0 - LEGO) LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 2.3.0.1833 - Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 1.80.19.0 - Symantec Corporation) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Maxtor Backup (HKLM\...\InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}) (Version: 1.00.0011 - Maxtor) Maxtor Backup (Version: 1.00.0011 - Maxtor) Hidden Maxtor OneTouch III (HKLM\...\InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}) (Version: 3.00.0015 - Maxtor) Maxtor OneTouch III (Version: 3.00.0015 - Maxtor) Hidden Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.70.0.7970 - Memeo Inc.) MFCLOC (Version: 1.00.0000 - Dell Inc.) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Basic 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Silverlight 5.1 (Version: 5.1.4001 - National Instruments) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31007 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31010 - Microsoft Corporation) Hidden Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.) Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden NI .NET Framework 4 (Version: 4.00.49152 - National Instruments) Hidden NI EulaDepot (Version: 3.11.190 - National Instruments) Hidden NI MDF Support (Version: 3.11.190 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (Version: 1.0.29.0 - National Instruments) Hidden NI Uninstaller (Version: 3.11.190 - National Instruments) Hidden NI VC2008MSMs x86 (Version: 9.0.401 - National Instruments) Hidden OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) PS_AIO_02_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden PS_AIO_02_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden PS_AIO_02_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden QuickBooks (Version: 23.0.4012.2305 - Intuit Inc.) Hidden QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4006.2305 - Intuit Inc.) QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - ) Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio) Roxio Creator DE 10.3 (Version: 3.7.0 - Roxio) Hidden Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.) Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.) Skype™ 4.2 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.187 - Skype Technologies S.A.) SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden Symantec pcAnywhere (HKLM\...\{E05E8183-866A-11D3-97DF-0000F8D8F2E9}) (Version: 11.0.0 - Symantec) System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC) Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden ViewChoice (HKLM\...\ViewChoice) (Version: - ) Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Where in the World Is Carmen Sandiego? Treasures of Knowledge (HKLM\...\Where in the World Is Carmen Sandiego? Treasures of Knowledge) (Version: - ) Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 11-03-2014 04:52:17 Scheduled Checkpoint 12-03-2014 18:08:11 Windows Update 12-03-2014 19:17:09 Windows Modules Installer 12-03-2014 19:25:29 Windows Modules Installer 12-03-2014 19:41:05 Windows Modules Installer 12-03-2014 19:50:10 Windows Update 20-03-2014 17:41:09 Scheduled Checkpoint 28-03-2014 15:28:12 Scheduled Checkpoint 05-04-2014 15:02:11 Scheduled Checkpoint 07-04-2014 04:17:53 Windows Update 08-04-2014 00:49:59 Point before Rogue Killer run ==================== Hosts content: ========================== 2009-07-13 22:04 - 2014-04-07 23:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {426E61AA-9073-43B7-8B00-D03EDB7C302F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {CBCA4AFD-8E00-49CB-93FE-A76D3220BDBB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.) Task: {DD56B8C5-95A0-4302-8820-CE4B104771CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-11-16 11:33 - 2009-02-27 18:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU 2013-11-16 11:33 - 2009-02-27 18:32 - 00020480 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707 => C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript MSCONFIG\startupreg: MaxtorOneTouch => C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui MSCONFIG\startupreg: mxomssmenu => "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= Name: Photosmart C7200 series Description: Photosmart C7200 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/09/2014 09:29:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9079 Error: (04/09/2014 09:29:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9079 Error: (04/09/2014 09:29:39 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/09/2014 09:29:34 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4306 Error: (04/09/2014 09:29:34 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4306 Error: (04/09/2014 09:29:34 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/09/2014 09:02:00 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10311 Error: (04/09/2014 09:02:00 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10311 Error: (04/09/2014 09:02:00 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/09/2014 09:01:55 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5304 System errors: ============= Error: (04/09/2014 01:57:52 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Error: (04/09/2014 01:57:52 PM) (Source: Schannel) (User: NT AUTHORITY) Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error: (04/09/2014 01:57:51 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Error: (04/09/2014 01:57:51 PM) (Source: Schannel) (User: NT AUTHORITY) Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error: (04/09/2014 01:57:49 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Error: (04/09/2014 01:57:49 PM) (Source: Schannel) (User: NT AUTHORITY) Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error: (04/09/2014 01:57:49 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Error: (04/09/2014 01:57:49 PM) (Source: Schannel) (User: NT AUTHORITY) Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error: (04/09/2014 01:57:26 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Error: (04/09/2014 01:57:26 PM) (Source: Schannel) (User: NT AUTHORITY) Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Microsoft Office Sessions: ========================= Error: (01/06/2013 00:02:52 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4986 seconds with 2040 seconds of active time. This session ended with a crash. Error: (10/12/2011 03:18:36 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 254 seconds with 180 seconds of active time. This session ended with a crash. Error: (04/12/2011 00:52:38 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3544 seconds with 1860 seconds of active time. This session ended with a crash. Error: (12/23/2010 01:36:34 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11035 seconds with 4440 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2012-04-01 01:15:54.508 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-04-01 01:15:54.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-04-01 00:50:46.302 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-04-01 00:50:46.271 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-31 12:43:00.957 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-31 12:43:00.941 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:31:57.043 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:31:57.011 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:24:18.308 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system. Date: 2012-03-30 11:24:18.293 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 3036.99 MB Available physical RAM: 1349.8 MB Total Pagefile: 6072.27 MB Available Pagefile: 4321.73 MB Total Virtual: 2047.88 MB Available Virtual: 1889.99 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:344.58 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 7740BF64) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  7. On Monday, April 7, 2014, I created a forum about random background noise. Since then, I have been working on the issue with MrCharlie. A couple of hours ago, the forum disappeared. Can I be reconnected with MrCharlie? Thanks.
  8. Not good. I still hear the background noise, and I just had an unexpected shutdown.
  9. ComboFix 14-04-09.02 - Leslie 04/09/2014 12:01:50.6.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1934 [GMT -4:00] Running from: c:\users\Leslie\Desktop\ComboFix.exe Command switches used :: c:\users\Leslie\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll --> c:\windows\System32\rpcss.dll . ((((((((((((((((((((((((( Files Created from 2014-03-09 to 2014-04-09 ))))))))))))))))))))))))))))))) . . 2014-04-09 16:05 . 2014-04-09 16:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-04-09 16:05 . 2014-04-09 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-08 21:23 . 2014-04-08 21:27 -------- d-----w- C:\AdwCleaner 2014-04-08 03:15 . 2014-04-09 16:05 -------- d-----w- c:\users\Leslie\AppData\Local\temp 2014-04-07 04:18 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll 2014-03-17 19:40 . 2014-03-17 19:40 -------- d-----w- c:\users\Leslie\AppData\Roaming\Roxio 2014-03-12 18:08 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys 2014-03-12 18:08 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll 2014-03-12 18:07 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-12 18:07 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll 2014-03-12 18:07 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll 2014-03-12 18:07 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll 2014-03-12 18:07 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll 2014-03-12 18:07 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll 2014-03-12 18:07 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll 2014-03-12 18:07 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll 2014-03-12 18:06 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2014-03-12 18:06 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll 2014-03-12 18:06 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll 2014-03-12 18:06 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll 2014-03-12 18:06 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll 2014-03-12 18:06 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2014-03-12 18:06 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe 2014-03-12 18:06 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe 2014-03-12 18:06 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-27 20:46 . 2014-01-27 20:46 86016 ----a-w- c:\windows\system32\iesysprep.dll 2014-01-27 20:46 . 2014-01-27 20:46 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-01-27 20:46 . 2014-01-27 20:46 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-01-27 20:46 . 2014-01-27 20:46 645120 ----a-w- c:\windows\system32\jsIntl.dll 2014-01-27 20:46 . 2014-01-27 20:46 62464 ----a-w- c:\windows\system32\tdc.ocx 2014-01-27 20:46 . 2014-01-27 20:46 61952 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-01-27 20:46 . 2014-01-27 20:46 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-01-27 20:46 . 2014-01-27 20:46 36352 ----a-w- c:\windows\system32\imgutil.dll 2014-01-27 20:46 . 2014-01-27 20:46 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-01-27 20:46 . 2014-01-27 20:46 337408 ----a-w- c:\windows\system32\html.iec 2014-01-27 20:46 . 2014-01-27 20:46 24576 ----a-w- c:\windows\system32\licmgr10.dll 2014-01-27 20:46 . 2014-01-27 20:46 194048 ----a-w- c:\windows\system32\elshyph.dll 2014-01-27 20:46 . 2014-01-27 20:46 182272 ----a-w- c:\windows\system32\msls31.dll 2014-01-27 20:46 . 2014-01-27 20:46 151552 ----a-w- c:\windows\system32\iexpress.exe 2014-01-27 20:46 . 2014-01-27 20:46 139264 ----a-w- c:\windows\system32\wextract.exe 2014-01-27 20:46 . 2014-01-27 20:46 13312 ----a-w- c:\windows\system32\mshta.exe 2014-01-27 20:46 . 2014-01-27 20:46 111616 ----a-w- c:\windows\system32\IEAdvpack.dll 2014-01-27 20:46 . 2014-01-27 20:46 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2003-05-29 16:00 8704 ----a-w- c:\windows\System32\PCANotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-09-13 23:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter] 2010-10-12 21:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2012-11-13 20:43 172064 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2009-06-05 01:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2012-11-13 20:43 138784 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] 2013-06-19 16:11 265096 ----a-w- c:\program files\National Instruments\Shared\NIUninstaller\InstallValidator.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2014-01-16 14:59 3774776 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-10-01 06:23 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch] 2005-11-09 20:19 634880 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup] 2012-11-21 19:01 137088 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] 2005-10-17 20:24 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETGEARGenie] 2012-10-16 13:54 1041736 ----a-w- c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-06-25 02:19 140520 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2012-11-13 20:43 173600 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2009-05-23 08:22 7514656 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard] 2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2014-01-27 20:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [2012-09-25 195400] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1343400] R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2000-09-26 486176] R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2012-11-21 26496] R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920] S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-03-11 1248256] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 20464624 *Deregistered* - 20464624 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 20:57] . 2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 20:57] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 192.168.1.1 Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\gk0ks86b.default-1384008138800\ FF - ExtSQL: !HIDDEN! 2012-03-30 00:43; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2756) c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . Completion time: 2014-04-09 12:06:35 ComboFix-quarantined-files.txt 2014-04-09 16:06 ComboFix2.txt 2014-04-09 14:45 ComboFix3.txt 2014-04-08 18:39 ComboFix4.txt 2014-04-08 03:15 . Pre-Run: 371,640,033,280 bytes free Post-Run: 371,586,674,688 bytes free . - - End Of File - - D817C0BDE0C2FD374141AAC4998AC45C CDB4DE4BBD714F152979DA2DCBEF57EB
  10. Here it is: ComboFix 14-04-09.02 - Leslie 04/09/2014 10:39:25.5.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1933 [GMT -4:00] Running from: c:\users\Leslie\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-03-09 to 2014-04-09 ))))))))))))))))))))))))))))))) . . 2014-04-09 14:44 . 2014-04-09 14:44 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-04-09 14:44 . 2014-04-09 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-08 21:23 . 2014-04-08 21:27 -------- d-----w- C:\AdwCleaner 2014-04-08 03:15 . 2014-04-09 14:44 -------- d-----w- c:\users\Leslie\AppData\Local\temp 2014-04-07 04:18 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll 2014-03-17 19:40 . 2014-03-17 19:40 -------- d-----w- c:\users\Leslie\AppData\Roaming\Roxio 2014-03-12 18:08 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys 2014-03-12 18:08 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll 2014-03-12 18:07 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-12 18:07 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll 2014-03-12 18:07 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll 2014-03-12 18:07 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll 2014-03-12 18:07 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll 2014-03-12 18:07 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll 2014-03-12 18:07 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll 2014-03-12 18:07 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll 2014-03-12 18:06 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2014-03-12 18:06 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll 2014-03-12 18:06 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll 2014-03-12 18:06 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll 2014-03-12 18:06 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll 2014-03-12 18:06 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2014-03-12 18:06 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe 2014-03-12 18:06 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe 2014-03-12 18:06 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-27 20:46 . 2014-01-27 20:46 86016 ----a-w- c:\windows\system32\iesysprep.dll 2014-01-27 20:46 . 2014-01-27 20:46 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-01-27 20:46 . 2014-01-27 20:46 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-01-27 20:46 . 2014-01-27 20:46 645120 ----a-w- c:\windows\system32\jsIntl.dll 2014-01-27 20:46 . 2014-01-27 20:46 62464 ----a-w- c:\windows\system32\tdc.ocx 2014-01-27 20:46 . 2014-01-27 20:46 61952 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-01-27 20:46 . 2014-01-27 20:46 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-01-27 20:46 . 2014-01-27 20:46 36352 ----a-w- c:\windows\system32\imgutil.dll 2014-01-27 20:46 . 2014-01-27 20:46 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-01-27 20:46 . 2014-01-27 20:46 337408 ----a-w- c:\windows\system32\html.iec 2014-01-27 20:46 . 2014-01-27 20:46 24576 ----a-w- c:\windows\system32\licmgr10.dll 2014-01-27 20:46 . 2014-01-27 20:46 194048 ----a-w- c:\windows\system32\elshyph.dll 2014-01-27 20:46 . 2014-01-27 20:46 182272 ----a-w- c:\windows\system32\msls31.dll 2014-01-27 20:46 . 2014-01-27 20:46 151552 ----a-w- c:\windows\system32\iexpress.exe 2014-01-27 20:46 . 2014-01-27 20:46 139264 ----a-w- c:\windows\system32\wextract.exe 2014-01-27 20:46 . 2014-01-27 20:46 13312 ----a-w- c:\windows\system32\mshta.exe 2014-01-27 20:46 . 2014-01-27 20:46 111616 ----a-w- c:\windows\system32\IEAdvpack.dll 2014-01-27 20:46 . 2014-01-27 20:46 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\ERDNT\cache\rpcss.dll [-] 2010-11-20 . 6E91B8D65A3884E464C1CA26E37F1DF1 . 380928 . . [6.1.7601.17514] . . c:\windows\System32\rpcss.dll [7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2003-05-29 16:00 8704 ----a-w- c:\windows\System32\PCANotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2013-05-08 21:20 41056 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-09-13 23:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter] 2010-10-12 21:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2012-11-13 20:43 172064 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2009-06-05 01:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2012-11-13 20:43 138784 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] 2013-06-19 16:11 265096 ----a-w- c:\program files\National Instruments\Shared\NIUninstaller\InstallValidator.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2014-01-16 14:59 3774776 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-10-01 06:23 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch] 2005-11-09 20:19 634880 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup] 2012-11-21 19:01 137088 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] 2005-10-17 20:24 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETGEARGenie] 2012-10-16 13:54 1041736 ----a-w- c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-06-25 02:19 140520 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2012-11-13 20:43 173600 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2009-05-23 08:22 7514656 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard] 2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2014-01-27 20:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [2012-09-25 195400] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1343400] R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2000-09-26 486176] R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2012-11-21 26496] R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920] S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-03-11 1248256] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 20464624 *Deregistered* - 20464624 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 20:57] . 2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-27 20:57] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 192.168.1.1 Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\gk0ks86b.default-1384008138800\ FF - ExtSQL: !HIDDEN! 2012-03-30 00:43; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . SafeBoot-20464624.sys . . . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3228) c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . Completion time: 2014-04-09 10:45:09 ComboFix-quarantined-files.txt 2014-04-09 14:45 ComboFix2.txt 2014-04-08 18:39 ComboFix3.txt 2014-04-08 03:15 . Pre-Run: 371,894,173,696 bytes free Post-Run: 371,846,164,480 bytes free . - - End Of File - - FB3FE605D8ADE3931E4A31DAD2555AAC CDB4DE4BBD714F152979DA2DCBEF57EB
  11. For RpcSs, I can Skip or Copy to Quarantine. There isn't a Cure option. Should I Copy to Quarantine? I deleted DR0. The logs are attached. Thanks. TDSSKiller.3.0.0.30_09.04.2014_09.59.21_log.txt TDSSKiller.3.0.0.30_09.04.2014_10.03.10_log.txt
  12. Done (still hear background noise)
  13. The second TDSS log is attached. 4 objects were found. I skipped all of them. Background noise still playing... TDSSKiller.3.0.0.30_09.04.2014_08.54.44_log.txt
  14. TDSS logs: 08:52:31.0374 0x14ec TDSS rootkit removing tool 3.0.0.30 Apr 7 2014 15:39:12 08:52:35.0428 0x14ec ============================================================ 08:52:35.0428 0x14ec Current date / time: 2014/04/09 08:52:35.0428 08:52:35.0428 0x14ec SystemInfo: 08:52:35.0428 0x14ec 08:52:35.0428 0x14ec OS Version: 6.1.7601 ServicePack: 1.0 08:52:35.0428 0x14ec Product type: Workstation 08:52:35.0428 0x14ec ComputerName: LESLIE-PC 08:52:35.0428 0x14ec UserName: Leslie 08:52:35.0428 0x14ec Windows directory: C:\Windows 08:52:35.0428 0x14ec System windows directory: C:\Windows 08:52:35.0428 0x14ec Processor architecture: Intel x86 08:52:35.0428 0x14ec Number of processors: 2 08:52:35.0428 0x14ec Page size: 0x1000 08:52:35.0428 0x14ec Boot type: Normal boot 08:52:35.0428 0x14ec ============================================================ 08:52:37.0410 0x14ec KLMD registered as C:\Windows\system32\drivers\99978900.sys 08:52:37.0470 0x14ec System UUID: {CEF7E71D-43BB-2082-BA86-94E103AEF462} 08:52:37.0750 0x14ec Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 08:52:37.0760 0x14ec ============================================================ 08:52:37.0760 0x14ec \Device\Harddisk0\DR0: 08:52:37.0760 0x14ec MBR partitions: 08:52:37.0760 0x14ec \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000 08:52:37.0760 0x14ec \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830 08:52:37.0760 0x14ec ============================================================ 08:52:37.0770 0x14ec C: <-> \Device\Harddisk0\DR0\Partition2 08:52:37.0770 0x14ec ============================================================ 08:52:37.0770 0x14ec Initialize success 08:52:37.0770 0x14ec ============================================================ 08:52:44.0133 0x1114 KLMD registered as C:\Windows\system32\drivers\45226515.sys 08:52:45.0363 0x1114 Deinitialize success